NCJ Number
57849
Date Published
1977
Length
132 pages
Annotation
DECENTRALIZATION CHANGES THE BASIC CHARACTER OF COMPUTER SYSTEMS FROM SETS OF PROCESSES REFERENCING A DATA BASE TO SETS OF PROCESSES SENDING AND RECEIVING MESSAGES; THIS GREATLY CHANGES SECURITY CONSIDERATIONS.
Abstract
BECAUSE MESSAGES MUST BE ACKNOWLEDGED IN A DECENTRALIZED SYSTEM, OPERATIONS THAT WERE READ-ONLY IN A CENTRALIZED SYSTEM BECOME READ-WRITE OPERATIONS. AS A RESULT, THE LATTICE MODEL OF NONDISCRETIONARY ACCESS CONTROL, WHICH MEDIATES OPERATIONS BASED ON READ VERSUS READ-WRITE CONSIDERATIONS, DOES NOT ALLOW DIRECT TRANSFER OF ALGORITHM FROM CENTRALIZED SYSTEMS. THIS THESIS DEVELOPS NEW MECHANISMS THAT COMPLY WITH THE LATTICE MODEL AND PROVIDE THE NECESSARY FUNCTIONS FOR EFFECTIVE DECENTRALIZED COMPUTATION. AT THE LOWEST LEVEL SECURITY CAN BE ACHIEVED THROUGH A HOST-TO-HOST PROTOCOL THAT ALLOWS COMMUNICATION BETWEEN HOSTS LACKING EFFECTIVE INTERNAL SECURITY CONTROLS AS WELL AS HOSTS WITH EFFECTIVE INTERNAL SECURITY CONTROLS. AT THE NEXT HIGHEST LEVEL, A HOST INDEPENDENT NAMING SCHEME ALLOWS GENERIC NAMING OF SERVICES IN A MANNER CONSISTENT WITH THE LATTICE MODEL. THE USE OF DECENTRALIZED PROCESSING TO AID IN THE DOWNGRADING OF INFORMATION IS SHOWN IN THE DESIGN OF A SECURE INTELLIGENT TERMINAL. SCHEMES ARE PRESENTED TO DEAL WITH THE DECENTRALIZED ADMINISTRATION OF THE LATTICE MODEL, AND WITH THE PROLIFERATION OF ACCESS CLASSES AS THE USER COMMUNITY BECOMES MORE DIVERSE. LIMITATIONS IN THE USE OF END-TO-END ENCRYPTION WITH THE LATTICE MODEL ARE IDENTIFIED AND A SCHEME IS PRESENTED TO RELAX THESE LIMITATIONS FOR BROADCAST NETWORKS. A SYSTEM IS THEN PRESENTED FOR FORWARDING AUTHENTICATION INFORMATION BETWEEN HOSTS ON A NETWORK WITHOUT TRANSMITTING PASSWORDS OR THEIR EQUIVALENT. THE DISCUSSION CONTAINS DIAGRAMS, NOTES, AND REFERENCES. (AUTHOR MODIFIED -- GLR)