When two or more distinct organizations interconnect their internal computer networks they form an Inter-Organization Network(ION). IONs support the exchange of cad/cam data between manufacturers and subcontractors, software distribution from vendors to users, customer input to suppliers' order-entry systems, and the shared use of expensive computational resources by research laboratories, as examples. This paper analyzes the technical implications of interconnecting networks across organization boundaries.
After analyzing the organization context in which IONs are used, we demonstrate that such interconnections are not satisfied by traditional network design criteria of connectivity and transparency. To the contrary, a primary high-level requirement is access control, and participating organizations must be able to limit connectivity and make network boundaries visible. We describe a scheme based on non-discretionary control which allows interconnecting organizations to combine gateway, network, and system-level mechanisms to enforce cross-boundary control over invocation and information flow, while minimizing interference with internal operations.
Access control requirements such as these impose new requirements on the underlying interconnection protocols. We demonstrate such alternative interconnection protocols that support loose coupling across administrative boundaries and that accommodate the necessary control mechanisms. Message-based gateways that support non-real-time invocation of services (e.g., file and print servers, financial transactions, VLSI design tools, etc.) are a promising basis for such loose couplings.
[1]
Paul V. Mockapetris.
The domain name system
,
1984
.
[2]
Mark R. Horton.
Standard for interchange of USENET messages
,
1983,
RFC.
[3]
K J Biba,et al.
Integrity Considerations for Secure Computer Systems
,
1977
.
[4]
Robert A. Weingarten,et al.
Interconnecting SNA Networks
,
1983,
IBM Syst. J..
[5]
Deborah Estrin.
Non-Discretionary Controls for Inter-Organization Networks
,
1985,
1985 IEEE Symposium on Security and Privacy.
[6]
Deborah Estrin.
Access to inter-organization computer networks
,
1986
.
[7]
A Newell,et al.
Computer Networks: Prospects for Scientists
,
1982,
Science.
[8]
P. A. Karger.
NON-DISCRETIONARY ACCESS CONTROL FOR DECENTRALIZED COMPUTING SYSTEMS
,
1977
.
[9]
Deborah Estrin,et al.
Access to inter-organization computer networks
,
1986,
COCS '86.
[10]
M. F.,et al.
Bibliography
,
1985,
Experimental Gerontology.
[11]
Jeffrey C. Mogul.
Internet subnets
,
1984,
RFC.
[12]
Carl E. Landwehr,et al.
A security model for military message systems
,
1984,
TOCS.
[13]
Carl A. Sunshine,et al.
Interconnection of Computer Networks
,
1977,
Comput. Networks.
[14]
A L DeSchon.
MCI Mail/ARPA Mail Forwarding.
,
1984
.