A common approach to extending computer security concepts to the universal distributed non-trusted environment

Posted on:1995-09-08

Degree:D.Eng

Type:Dissertation

University:Southern Methodist University

Candidate:Herschaft, Richard Dan

Full Text:PDF

GTID:1478390014490716

Subject:Engineering

Abstract/Summary:

Computer security involves internal controls and external controls. As a computer system grows distributively, the environment in which it exists can become less trustworthy. Less reliance can thus be placed on external controls, such as locked rooms. In the extreme, a highly distributed computer system operates on a worldwide scale. Information transfer exists between users, autonomous to varying degrees, where the only certain link is some form of communications channel from one user to another. The term distributed is appropriate since by each computer carrying out its own information processing needs, society as a whole is able to function.; Although parties involved with information have a self-centered aspect, their actions result in a communal effort of information generation, where a unit of information is generated by one party and passed to another for regeneration. This process can trace out simple to complex paths. Along the way each party has rights in the information stemming from its role as "author" and user. Concern for these rights arises from the private or proprietary nature of information. In order for information transfer to be made efficient, the rights to information should be made a part of the informational unit, both technically and legally. As information traces its path, each author can add to the restrictions placed on the use of the information, and each user is constrained by the system to abide by these restrictions.; This paper describes this universal computer system and devises a secure framework for it by expanding upon computer security concepts which were previously devised for a more limited environment. This architecture relies on the internalization and further systematization of external controls. The computer security concepts that are extended to work in this environment are the security watchdog, the access control list, and public key cryptography with its certification authority. Also developed are the concepts of a tamper proof device, a device validation authority, and the policy concerns regarding the mutual agreement over the formulation of an access control list. The result is a design which can effectively accomplish information security in the environment of the everyday world.

Keywords/Search Tags:

Security, Environment, Computer, Information, External controls, Distributed

Related items

1	Distributed Virtual Environment Technology, And Some Research
2	Prioritizing Security Controls Using Multiple Criteria Decision Making for Home User
3	Design And Implementation Of Computer Network Security System Of An Information Technology Enterprise
4	The Comparative Research On The External Management Environment Of The Newspapers Between The Eastern And The Western Of China
5	Research And Realization Of Monitor Technology On Illegal External Link Of Classified Computer
6	Analysis Of The External Strategic Environment Of China's Tv Media
7	Computer Information System Security System Modeling And Implementation
8	The Design And Implementation Of Law Enforcement Recording All The Controls System For Qingzhoushi Public Security Bureau
9	Design And Realization Of Automatic Monitoring System On Storage And Transportation Environment Of Airborne Pod
10	Research On Mechanisms Of Multi-Domains Secure Interoperability In Distributed Environment