{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T12:03:52Z","timestamp":1769515432942,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,5,24]],"date-time":"2023-05-24T00:00:00Z","timestamp":1684886400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-20-1-2696"],"award-info":[{"award-number":["N00014-20-1-2696"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,5,24]]},"DOI":"10.1145\/3589608.3593836","type":"proceedings-article","created":{"date-parts":[[2023,5,24]],"date-time":"2023-05-24T22:15:11Z","timestamp":1684966511000},"page":"121-132","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["MSNetViews: Geographically Distributed Management of Enterprise Network Security Policy"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5412-0217","authenticated-orcid":false,"given":"Iffat","family":"Anjum","sequence":"first","affiliation":[{"name":"NC State University, Raleigh, NC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-1352-2738","authenticated-orcid":false,"given":"Jessica","family":"Sokal","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-2148-7815","authenticated-orcid":false,"given":"Hafiza Ramzah","family":"Rehman","sequence":"additional","affiliation":[{"name":"NC State University, Raleigh, NC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9527-5888","authenticated-orcid":false,"given":"Ben","family":"Weintraub","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-3831-7600","authenticated-orcid":false,"given":"Ethan","family":"Leba","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3043-8092","authenticated-orcid":false,"given":"William","family":"Enck","sequence":"additional","affiliation":[{"name":"NC State University, Raleigh, NC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9649-6789","authenticated-orcid":false,"given":"Cristina","family":"Nita-Rotaru","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7902-1821","authenticated-orcid":false,"given":"Bradley","family":"Reaves","sequence":"additional","affiliation":[{"name":"NC State University, Raleigh, NC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,5,24]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Hybrid SDN Networks: A Survey of Existing Approaches","author":"Amin Rashid","year":"2018","unstructured":"Rashid Amin, Martin Reisslein, and Nadir Shah. 2018. Hybrid SDN Networks: A Survey of Existing Approaches. IEEE Communications Surveys & Tutorials, Vol. 20, 4 (2018)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","unstructured":"Iffat Anjum. 2023. MSNetviews Online Appendix. https:\/\/doi.org\/10.5281\/zenodo.7871808","DOI":"10.5281\/zenodo.7871808"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3532105.3535029"},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the ACM Conference on Data and Application Security and Privacy.","author":"Anjum Iffat","unstructured":"Iffat Anjum, Mu Zhu, Isaac Polinsky, William Enck, Michael K. Reiter, and Munindar P. Singh. 2021. Role-Based Deception in Enterprise Networks. In Proceedings of the ACM Conference on Data and Application Security and Privacy."},{"key":"e_1_3_2_1_6_1","unstructured":"MITRE ATT&CK. 2019. NotPetya. https:\/\/attack.mitre.org\/software\/S0368\/."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.011.2000508"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2602204.2602211"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2656877.2656890"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCNC.2019.8685506"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.23040"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1282380.1282382"},{"key":"e_1_3_2_1_13_1","volume-title":"Rubin","author":"Cheswick William R.","year":"2003","unstructured":"William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin. 2003. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley Professional."},{"issue":"3","key":"e_1_3_2_1_14_1","first-page":"2","article-title":"-03-09","volume":"2","year":"2022","unstructured":"Cisco. 2022-03-09. Cisco DNA Center - Cisco DNA Center 2.3.2.0 Data Sheet. https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/cloud-systems-management\/dna-center\/nb-06-dna-center-data-sheet-cte-en.html.","journal-title":"Cisco DNA Center - Cisco DNA Center"},{"key":"e_1_3_2_1_15_1","volume-title":"Policy Machine: Features, Architecture, and Specification. NISTIR 7987 Rev. 1. https:\/\/csrc.nist.gov\/publications\/detail\/nistir\/7987\/rev-1\/final.","author":"David Ferraiolo Wayne Jansen","year":"2015","unstructured":"Wayne Jansen David Ferraiolo, Serban Gavrila. 2015. Policy Machine: Features, Architecture, and Specification. NISTIR 7987 Rev. 1. https:\/\/csrc.nist.gov\/publications\/detail\/nistir\/7987\/rev-1\/final."},{"key":"e_1_3_2_1_16_1","volume-title":"Zero Trust Networks","author":"Evan Gilman Doug Barth","unstructured":"Doug Barth Evan Gilman. July 2017. Zero Trust Networks. O'Reilly Media, Inc."},{"key":"e_1_3_2_1_17_1","unstructured":"David Ferraiolo. 2019. Unpacking Next Generation Access Control (NGAC) and Tetrate Q. TETRATE. https:\/\/www.tetrate.io\/blog\/unpacking-next-generation-access-control-ngac-and-tetrate-q\/."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2875491.2875496"},{"key":"e_1_3_2_1_19_1","unstructured":"FireEye. 2020. Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/12\/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html."},{"key":"e_1_3_2_1_20_1","unstructured":"Open Networking Foundation. 2018. ONOS (Open Network Operating System). https:\/\/onosproject.org\/."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/NFV-SDN.2018.8725805"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2018.2860018"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2342441.2342458"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS).","author":"Hong Sungmin","unstructured":"Sungmin Hong, R. Baykov, Lei Xu, Srinath Nadimpalli, and G. Gu. 2016. Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security. In Proceedings of the Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_25_1","unstructured":"The White House. 2021. Executive Order on Improving the Nation's Cybersecurity. https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/05\/12\/executive-order-on-improving-the-nations-cybersecurity\/."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2015.33"},{"key":"e_1_3_2_1_27_1","unstructured":"Akash Shah Joshua Roberts. 2019. Policy Machine Core. GitHub. https:\/\/github.com\/PM-Master\/policy-machine-core."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2017.2657123"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3450569.3463558"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23037"},{"key":"e_1_3_2_1_31_1","volume-title":"Panopticon: Reaping the Benefits of Incremental SDN Deployment in Enterprise Networks. In USENIX Annual Technical Conference (USENIX ATC).","author":"Levin Dan","year":"2014","unstructured":"Dan Levin, Marco Canini, Stefan Schmid, Fabian Schaffert, and Anja Feldmann. 2014. Panopticon: Reaping the Benefits of Incremental SDN Deployment in Enterprise Networks. In USENIX Annual Technical Conference (USENIX ATC)."},{"key":"e_1_3_2_1_32_1","volume-title":"Formal Verification of Firewall Policies. In 2008 IEEE International Conference on Communications.","author":"Liu A. X.","year":"2008","unstructured":"A. X. Liu. 2008. Formal Verification of Firewall Policies. In 2008 IEEE International Conference on Communications."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2995959.2995961"},{"key":"e_1_3_2_1_34_1","volume-title":"IEEE Network","volume":"33","author":"Moubayed A.","year":"2019","unstructured":"A. Moubayed, A. Refaey, and A. Shami. 2019. Software-Defined Perimeter (SDP): State of the Art Secure Solution for Modern Networks. IEEE Network, Vol. 33, 5 (2019)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1592681.1592684"},{"key":"e_1_3_2_1_36_1","volume-title":"Proceedings of the SoutheastCon (SECON).","author":"Neupane K.","unstructured":"K. Neupane, R. Haddad, and L. Chen. 2018. Next Generation Firewall for Network Security: A Survey. In Proceedings of the SoutheastCon (SECON)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3185467.3185474"},{"key":"e_1_3_2_1_38_1","unstructured":"The University of Adelaide. 2010. The Internet Topology Zoo. http:\/\/www.topology-zoo.org\/contact.html"},{"key":"e_1_3_2_1_39_1","unstructured":"Executive Office of the President. 2022. Moving the U.S. Government Toward Zero Trust Cybersecurity Principles. Memorandum. https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2022\/01\/M-22-09.pdf."},{"key":"e_1_3_2_1_40_1","volume-title":"Zero trust architecture","author":"Rose Scott","unstructured":"Scott Rose, Oliver Borchert, Stu Mitchell, and Sean Connelly. 2019. Zero trust architecture. National Institute of Standards and Technology. https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-207\/final."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/270152.270163"},{"key":"e_1_3_2_1_42_1","volume-title":"Computer","volume":"29","author":"Sandhu R. S.","year":"1996","unstructured":"R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. 1996. Role-based access control models. Computer, Vol. 29, 2 (1996)."},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the IEEE International Symposium on Computers and Communications.","author":"Talpade R.","unstructured":"R. Talpade, G. Kim, and S. Khurana. 1999. NOMAD: traffic-based network monitoring framework for anomaly detection. In Proceedings of the IEEE International Symposium on Computers and Communications."},{"key":"e_1_3_2_1_44_1","unstructured":"Mininet Team. 2018. Mininet An Instant Virtual Network on your Laptop (or other PC). http:\/\/mininet.org\/."},{"key":"e_1_3_2_1_45_1","volume-title":"Proceedings of the Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL).","author":"Walker David","year":"2014","unstructured":"David Walker. 2014. NetkAT: Semantic foundations for networks. In Proceedings of the Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL)."},{"key":"e_1_3_2_1_46_1","volume-title":"BeyondCorp: A New Approach to Enterprise Security. login","author":"Ward Rory","year":"2014","unstructured":"Rory Ward and Betsy Beyer. 2014. BeyondCorp: A New Approach to Enterprise Security. login: Vol. 39, 6 (2014)."},{"key":"e_1_3_2_1_47_1","unstructured":"WonderNetwork. 2022. Global Ping Statistics. https:\/\/wondernetwork.com\/pings."},{"key":"e_1_3_2_1_48_1","volume-title":"Computer","volume":"37","author":"Wool A.","year":"2004","unstructured":"A. Wool. 2004. A quantitative study of firewall configuration errors. Computer, Vol. 37, 6 (2004)."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23200"},{"key":"e_1_3_2_1_50_1","unstructured":"Bastion Zero. 2021. BastionZero's Multi Root Zero-Trust Access Protocol (MrZAP). https:\/\/github.com\/bastionzero\/whitepapers\/blob\/5ac531a3a3831a7995bb4319281d5da9e4bc7099\/mrzap\/README.md."},{"key":"e_1_3_2_1_51_1","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"Zhang Menghao","unstructured":"Menghao Zhang, Guanyu Li, Lei Xu, Jun Bi, Guofei Gu, and Jiasong Bai. 2018. Control Plane Reflection Attacks in SDNs: New Attacks and Countermeasures. In Research in Attacks, Intrusions, and Defenses. Springer International Publishing."}],"event":{"name":"SACMAT '23: The 28th ACM Symposium on Access Control Models and Technologies","location":"Trento Italy","acronym":"SACMAT '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 28th ACM Symposium on Access Control Models and Technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589608.3593836","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3589608.3593836","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3589608.3593836","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:03:45Z","timestamp":1750291425000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589608.3593836"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,24]]},"references-count":50,"alternative-id":["10.1145\/3589608.3593836","10.1145\/3589608"],"URL":"https:\/\/doi.org\/10.1145\/3589608.3593836","relation":{},"subject":[],"published":{"date-parts":[[2023,5,24]]},"assertion":[{"value":"2023-05-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}