Security for infinite networks

R. Nelson; H. Hosmer

doi:10.1109/NSPW.1995.492339

N
NSPW
1995
1995 New Security Paradigms Workshop
Abstract - Security for infinite networks

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by R. Nelson Articles by H. Hosmer

1995 New Security Paradigms Workshop

Security for infinite networks

La Jolla, California

August 22-August 25

ISBN: 0-8186-7318-4

	ASCII Text	x
	R. Nelson, H. Hosmer, "Security for infinite networks," New Security Paradigms Workshop, pp. 11, 1995 New Security Paradigms Workshop, 1995.

	BibTex	x
	@article{ 10.1109/NSPW.1995.492339, author = {R. Nelson and H. Hosmer}, title = {Security for infinite networks}, journal ={New Security Paradigms Workshop}, volume = {0}, year = {1995}, isbn = {0-8186-7318-4}, pages = {11}, doi = {http://doi.ieeecomputersociety.org/10.1109/NSPW.1995.492339}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - New Security Paradigms Workshop TI - Security for infinite networks SN - 0-8186-7318-4 SP EP A1 - R. Nelson, A1 - H. Hosmer, PY - 1995 KW - security of data; risk management; wide area networks; infinite networks; network security theory; large networks; risky connections; sensitive systems; Internet; connectivity; firewalls; host protection mechanisms; product availability; functionality; FICS-IT; risk management; local resource control; multiple tailored security policies; layered functional access control; heterogeneity; architecture; ownership; policy VL - 0 JA - New Security Paradigms Workshop ER -

R. Nelson, Information Syst. Security, Watertown, MA, USA

H. Hosmer, Information Syst. Security, Watertown, MA, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/NSPW.1995.492339

Although network security theory forbids many connections to large networks as being too risky, the reality is that large numbers of sensitive systems are connected to the Internet and that connectivity is increasing at a rapid rate. Firewalls and host protection mechanisms are used in a somewhat arbitrary fashion, depending more on the availability of products than on a clear understanding of security principles. We need to expand security theory to protect large networks. This paper proposes a new paradigm for security in large networks, based on an understanding of the sometimes conflicting requirements for security, connectivity and functionality. The paradigm, called FICS-IT (Functional, Information, and Connection Security for Information Technology), consists of a philosophy, an approach, a framework and a collection of components. It is based on an understanding of security as risk management and includes: local resource control; multiple, tailored security policies; layered, functional access control; and recognition of heterogeneity in architecture, ownership and policy.

Index Terms:

security of data; risk management; wide area networks; infinite networks; network security theory; large networks; risky connections; sensitive systems; Internet; connectivity; firewalls; host protection mechanisms; product availability; functionality; FICS-IT; risk management; local resource control; multiple tailored security policies; layered functional access control; heterogeneity; architecture; ownership; policy

Citation:

R. Nelson, H. Hosmer, "Security for infinite networks," nspw, pp.11, 1995 New Security Paradigms Workshop, 1995

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.