2002 | OriginalPaper | Buchkapitel
“Mixed-Use” Network
verfasst von : Sumit Ghosh
Erschienen in: Principles of Secure Network Systems Design
Verlag: Springer New York
Enthalten in: Professional Book Archive
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
The current network security paradigm coupled with the desire to transport classified traffic securely has caused the US Department of Defense to maintain its own isolated networks, distinct from the public ATM network infrastructure. Internally, the DoD maintains four types of completely separate and isolated networks to carry Top Secret, Secret, Confidential, and unclassified traffic. A public ATM network may be viewed as carrying unclassified or nonsecure, traffic. While the cost of maintaining four separate network types is becoming increasingly prohibitive to the DoD, the inability of the public and DoD to utilize each other’s network resources runs counter to the current atmosphere of dual use and economies of scale. This chapter introduces the concept of a mixed-use network, wherein the four DoD network types and the public ATM network are coalesced into a single unified network that transports all four types of traffic, efficiently and without compromising security. In a mixed-use network the ATM nodes and links that are common to the DoD and public networks are labeled joint-use, and they must necessarily be placed under the jurisdiction of the military for obvious protection of the security assets. This constitutes the first of two key strategies toward the practical acceptance of the notion of mixed-use networks. The control of all other nodes and links remains unchanged. Under the second strategy, although all joint-use links and nodes are subject to military control, the NSI value for a peer node Y recorded at a node X is the result of a new NSI value received from Y through flooding plus other information on the state of Y that X acquires independently through different mechanisms. The concept of mixed-use is the direct result of the user-level security on demand principle that has recently been introduced in the literature and one that is enabled by the fundamental security framework and the basic characteristic of ATM networks .