Abstract
Internet-connected organizations often employ an Internet firewall to mitigate risks of system penetration, data theft, data destruction, and other security breaches. Conventional Internet firewalls, however, impose an overly simple inside-vs-outside model of security that is incompatible with many business practices that require extending limited trust to external entities, for example, suppliers, bankers, accountants, advisors, consultants, partners, customers, and allies. Additionally, firewall security perimeters are somewhat weak: they provide no protection from inside attacks and do not protect sensitive data, which can be exported by tunneling through permitted protocols. As the Internet evolves towards applets, mobile agents, and object frameworks, these problems likely will worsen. This paper reports on our experience with an enhanced security firewall based on domain and type enforcement (DTE), a strong but flexible form of access control. A DTE firewall provides several benefits. We describe the design of a prototype DTE firewall system and informally evaluate its security, compatibility, functionality and performance.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
