Techniques for Policy Enforcement on Encrypted Network Traffic

Most large-scale data communication net-works are built from multiple autonomous sub-networks, which are managed by different administrative entities. In many practical environments, information about traffic policies is considered proprietary and is not disclosed by network operators. However, some operational scenarios require routers within a network to check if traffic matches a particular policy that is provided by another entity. In the authors' work, they present several algorithms of how to represent policy databases and how to perform policy checks without explicitly disclosing the total set of policies.