The computer network security problem is not merely a communications problem, but rather a complex set of problems that are due to the multi-system nature of nets. In effect, the network environment adds this new dimension to the multiuser, multi-resource problems of a single system, and therefore requires additional security controls beyond those of single systems. The most viable mechanisms proposed to date are the Security Controller and Intelligent Cryptographic Device, which were originally described by Branstad (BRA-72) in a paper which formed the starting point for our investigation. Initially, this approach looked very promising, and as our investigation proceeded, it appeared even more appropriate as a basic solution to the problems of network security. The deeper we probed, the more convinced we became that this approach does represent the correct solution, that the necessary technology is available, and that such mechanisms are needed now, and will be needed even more in future years as networks become increasingly prevalent. The problems of network security are many faceted, and therefore presented us both with technical problems and with problems in how to organize this material for presentation. We chose to consider the network as consisting of several levels, and proceeded in a top-down analysis involving: (1) the policy and requirements issues, (2) the HOST/SC systems, (3) the ICD's, and (4) the communications network. Within each level, we considered the issues related to authentication, authorization, connection establishment, connection usage, security monitoring and security assurance. While this systematic scan of the network security considerations resulted in a large number of design issues and tradeoffs, the more salient portions of the analysis are felt to be those related to: Determining the security vulnerabilities of a computer network and defining requirements to ensure network security. The controlled establishment of connections via the SC. • The rigid adherence to maintaining the appropriate separation of protocol layers (at physical and abstract levels) in the design. The preliminary design of the SC including its control program and duplexed hardware considerations. Error control considerations at each level. • The network interface considerations for the user, HOST computers, and ICD's. Establishing the basic requirements for the ICD (e.g., control primitives, relay capability, buffering, multiplexing, and error control). An analysis of the various communication net architectures, and their security strengths and vulnerabilities. Defining auxiliary mechanisms for a secure net (Net Security In addition to technical considerations, we treated procedural, and economic aspects whenever possible. The cost of the SC and ICD's is difficult to estimate due to the large number of unknowns related to quantities, packaging considerations, testing, etc., but no unforeseen expenses were uncovered in the investigation. The performance impact due to security is also very dependent upon operational considerations, but is estimated to be very small. Some improvements may occur where the high level of system integrity reflects in improved reliability and availability, and some degradation may occur due to the security overhead. In conclusion, the SC/ICD approach will provide the necessary control mechanisms to handle the complications of the network environment, and to provide a viable and evolutionary approach to achieving this goal in both existing and future networks. BIBLIOGRAPHY AND-72 Anderson, J. P., "Computer Security Technology Planning Study," AUE-74 Auerbach, K., "An Analysis of WWMCCS ADP Security; Vol 2 Data AUP-73 Aupperle, E. M., "MERIT Network Re-examined," COMPCON 73, Feb. 1973 pp. 25-29. BAR-64 Baran, P., "On Distributed Communications: Vol IX, Security, Secrecy, and Tamper-Free Considerations," RAND Memorandum, RM-3765-PR, BBN-74A Bolt Beranek and Newman, "Interface Message Processors for the ARPA BBN-74B Bolt Beranek and Newman, "Interface Message Processors for the ARPA Computer Network," Rept. 2816, April 1974. BLA-73 Blanc, R. P., et al, "Annotated Bibliography of the Literature on Resource Sharing Computer Networks," Nat Bur of Stds, NBS Spec. Pub. 384, Sept. 1973. (See WOO-76) BLA-74 Blanc, R. P., "Review of Computer Networking Technology," NBS Tech Note #804, Jan. 1974. BOU-73 A New Bouknight, W. J., et al, "The ARPA Network Terminal System BRA-73 Branstad, D. K., "Security Aspects of Computer Networks," AIAA BUS-74 Bushkin, A. A., "A Framework for Computer Security," SDC Tech Memo TM-WD-5733, March 1974. CER-74 Cerf, V. G., "An Assessment of ARPANET Protocols," ARPA Net Working CRA-73 Craig, D., "Computer Networks; A Bibliography with Abstracts, CRO-72 Crocker, S. D., et al, "Function-Oriented Protocols for the ARPA CRO-73 Crowther, W. et al, "Reliability Issues in the ARPA Network," Third DAV-73 FAR-72 Davies, D. W., and Barber, D., "Communication Networks for Computers," Farber, D. J., "Networks: An Introduction," Datamation, April 1972, pp 36-39. FAR-72A Farr, M.A.L., et al, "Security for Computer Systems," Pub. by National Comp. Centre, Ltd., London. FAR-73 Farber, D. J., et al, "The Distributed Computer System," Seventh FAR-74 Farber, D. J. and Vittal, J., "Extendability Considerations in the Design of the Distr. Comp. Sys., UC Irvine Technical Paper, 1974. GAR-73 Garwick, J. "Security Controller Design" and "The Security Profiles of GAR-74 Garwick, J., "Programming the Security Controller," SDC Tech Memo TM-5346/000, June 1974. GRY-74 Grycner, H., "Fault Detection in the Sec ity Controller," SDC Tech HAR-73 Harrison, A., "Computer Information Security and Protection: Α HAS-73 HIC-70 HIC-71 Hassing, T. E., et al, "A Loop Network for General Purpose Data Hicken, G. M., "Information Network of Computers," in Fourth Gen. Hicken, G. M., "Experience with an Information Network," Fifth Annual JAC-69 Jackson, P. E. and Stubbs, C. D., "A Study of Multi-Access Computer Communications," 1969 SJCC, pp 491-504. JON-73 Jones, A. K., "Protection Structures," PhD Thesis, Carnegie-Mellon KAT-73 Katzan, H. Jr., "Computer Data Security,' "Van Nostrand Reinhold Co., 1973. KAU-74 Kaufman, D. J., "Access Control Information in a Computer Network, LAM-69 Lampson, B. W., "Dynamic Protection Structures," 1969 FJCC, pp 27-38. |