Issues in Computer Network Security.
Abstract
A secure network, like a secure single-computer system, must incorporate mechanisms for monitoring access to classified objects. In particular, a secure network must protect interprocess communication between hosts. Implementation of a network-wide reference monitor is difficult because information must be transferred from the protected environment of one secure host through the communications network (which will usually incorporate communications processors) to the environment of another secure host. The difficulties are increased because the hosts may be operating at different security levels and some may not incorporate multilevel secure capabilities. Network reference monitor requirements can be met, however, if: (a) the reference monitor of each host can obtain the necessary security data to perform access checks for enforcing nondiscretionary and discretionary properties; and (b) the transmission between computers (e.g., hosts and communications processors) and between computers and terminals are secured by a combination of physical and logical protection. Implementation of the network reference monitor may be viewed at different levels-host-to-host, host-to-communications subnet, and communications processor-to-communications processor. In practice, the mechanism may be distributed among these levels and between the different computers originating, transferring and receiving each message.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 1978
- Accession Number
- ADA060007
Entities
People
- A. C. Hinckley
- John E. Mitchell
Organizations
- MITRE Corporation