Levels Involved in the Connection Creation Process The Request Control Block (RCB) Format Step-Wise Cross-Checking of Two Processors 88888 68 Simplified Conceptual Model of an Intelligent Cryptographic A Simplified Cryptographic Device and Its Equipment. Comparison of Character and Bit-Oriented Line Disciplines. Difficulty Due to Crossing of Levels for ICD Usage with a TIP. TABLES DESIGN ALTERNATIVES FOR COMPUTER NETWORK SECURITY Gerald D. Cole System Development Corporation Santa Monica, CA 90406 ABSTRACT The security problems associated with a network of computers are an extension of those of stand-alone computer systems, but require additional security controls due to the distributed and autonomous nature of the network components. The purpose of this investigation was to generate a pre-development specification for such security mechanisms by determining the issues and tradeoffs related to network security over a broad range of network applications, topologies and communications technologies. The approach which was taken was that of utilizing a dedicated network Security Controller (minicomputer) for checking the authentication of requestors, and, to some extent, for authorization checking as well. The enforcement of the Security Controller functions would be by means of Intelligent cryptographic Devices, which could be remotely keyed by the Security Controller when a requested communication was authorized. The Intelligent Cryptographic Device would incorporate the National Bureau of Standards Data Encryption Standard algorithm. The investigation showed that this approach is a viable solution to the network security problems of a large class of computer networks, and that such security mechanisms should be developed for operational usage. Key words: Access control; authentication; communication; COMPUTER NETWORK SECURITY STUDY 1. INTRODUCTION In recent years, computer usage has grown to the point that it influences almost every aspect of our commercial and military environments. Concurrent with this growth has been the need to share resources, to better utilize expensive equipment, to utilize and build upon the work of others, and to share work efforts. This need for controlled sharing has grown not only in terms of the number of people involved, but also in the geographic dispersion of these people and their need for rapid access to and interchange of information. Such growth has presented new technological and operational problems in many areas, particularly in system security. The first generation usage of computers created security problems which could be solved by using conventional physical, procedural, and personnel control methods. Sharing was basically a matter of dividing the computer usage into dedicated time-slots, with carefully controlled set up/tear down between jobs (or batches of jobs of the same security level). The development of multi-programming methods provided a more efficient mode of hardware use by rapid context switching between jobs and by overlapping operations. This development required the machine to execute several jobs concurrently, thus adding a new dimension to the security problem due to the multi-user environment. As software and data base resources began to grow in size and value, the need to share these resources also became evident, and added another dimension to the security control problem; namely that of controlling access to the multiresources. The next logical step in this evolution was to share such resources across two or more machines (systems), which introduced yet another dimension to the security problem. These multi-system networks present a solution to the problems of sharing which involve a large number of persons who are geographically scattered, but who require rapid access and interchange of information. Such networks present formidable security problems due to the multi-user, multi-resource, multi-system environment. |