Accession Number : ADA335442

Title :   DTE Firewalls Phase Two Measurement and Evaluation Report

Corporate Author : TRUSTED INFORMATION SYSTEMS INC GLENWOOD MD

Personal Author(s) : Fraser, Timothy J. ; Petkac, Michael J. ; Morrison, Wayne G. ; Badger, M. L. ; Uecker, Ben

PDF Url : ADA335442

Report Date : 22 JUL 1997

Pagination or Media Count : 65

Abstract : This document is the second of three progress reports concerning the DARPA contract DABT63-95-C-0018 'Internet Safety and Security Task: Internet Safety Through Type-Enforcing Firewalls.' The goals of this project are to assess the security and practicality of DTE firewalls - an advanced firewall technology based on Domain and Type Enforcement (DTE), and to construct a DTE firewall prototype. The first phase of the project demonstrated how DTE firewalls enabled secure enclaves to extend limited trust relationships to entities outside their perimeters, allowing organizations to safely import and export a greater variety of services than would be practical with traditional firewalls. The second phase takes this concept a step further by providing the infrastructure needed to create a secure virtualization of enclaves which we refer to as enterprise zones. The enterprise zone concept is a tool which allows carefully-controlled collaboration between organizations. Enterprise zones are distributed computing environments which may span two or more DTE firewall-protected enclaves. An enterprise zone provides user processes with carefully-controlled access to a well-defined subset of the resources belonging to each organization that sponsors the enterprise zone. It also allows user processes which are distributed among several firewall-protected enclaves to communicate as securely as if they were physically located in the same enclave.

Descriptors :   *DATA PROCESSING SECURITY, *INTERNET, DATA MANAGEMENT, CRYPTOGRAPHY, HOST COMPUTERS, DISTRIBUTED DATA PROCESSING, COMPUTER COMMUNICATIONS, INFRASTRUCTURE, CLIENT SERVER SYSTEMS.

Subject Categories : Computer Systems
      Computer Systems Management and Standards

Distribution Statement : APPROVED FOR PUBLIC RELEASE