A security model for military message systems
ACM Transactions on Computer Systems (TOCS)
Proc. of the IFIP WG 6.5 working conference on Computer-based message services
NON-DISCRETIONARY ACCESS CONTROL FOR DECENTRALIZED COMPUTING SYSTEMS
NON-DISCRETIONARY ACCESS CONTROL FOR DECENTRALIZED COMPUTING SYSTEMS
Implications of fragmentation dynamic routing for internet datagram authentication
ACM SIGCOMM Computer Communication Review
The experimental literature of the internet: an annotated bibliography
ACM SIGCOMM Computer Communication Review
The next generation of internetworking
ACM SIGCOMM Computer Communication Review
Hi-index | 0.00 |
When two or more distinct organizations interconnect their internal computer networks they form an Inter-Organization Network(ION). IONs support the exchange of cad/cam data between manufacturers and subcontractors, software distribution from vendors to users, customer input to suppliers' order-entry systems, and the shared use of expensive computational resources by research laboratories, as examples. This paper analyzes the technical implications of interconnecting networks across organization boundaries.After analyzing the organization context in which IONs are used, we demonstrate that such interconnections are not satisfied by traditional network design criteria of connectivity and transparency. To the contrary, a primary high-level requirement is access control, and participating organizations must be able to limit connectivity and make network boundaries visible. We describe a scheme based on non-discretionary control which allows interconnecting organizations to combine gateway, network, and system-level mechanisms to enforce cross-boundary control over invocation and information flow, while minimizing interference with internal operations.Access control requirements such as these impose new requirements on the underlying interconnection protocols. We demonstrate such alternative interconnection protocols that support loose coupling across administrative boundaries and that accommodate the necessary control mechanisms. Message-based gateways that support non-real-time invocation of services (e.g., file and print servers, financial transactions, VLSI design tools, etc.) are a promising basis for such loose couplings.