The Analysis And Research On Access Control Mechanism Based On Netconf Network Management System

With the continuous expansion of network scale and growing of network heterogeneity, traditional network management protocol SNMP (Simple Network Management Protocol) gradually exposes its shortcomings in network configuration management and network security. To solve these problems, IETF proposed a XML-based network management standard in December 2006, the network configuration protocol (NETCONF). NETCONF protocol uses XML to describe messages and managed data. Despite all the advantages NETCONF protocol has, it lacks an access control mechanism which makes the data unsafe, because such a mechanism must be closely linked with the data model.This paper mainly analyses access control mechanism based on NETCONF network management system—BUPT-NEP. We introduce the existing access control mechanisms first, and then choose Mandatory Access Control (MAC) mechanism, Role-based Access Control (RBAC) mechanism and eXtensible Access Control Markup Language (XACML) mechanism to implement on BUPT-NEP. In MAC mechanism, we make the policy as one of the modules of BUPT-NEP; in RBAC mechanism, we validate the request through XPath string comparison; in XACML mechanism, we extend the attributes and functions of XACML to make it suitable for NETCONF subtree filtering RPC. This paper also compares the three access control mechanisms in theory and uses experiments to evaluate the performance of the three mechanisms on BUPT-NEP.