HP Labs Technical Reports
Click here for full text:
Secure Partitioned Access to Local Network Resources over the Internet
Dalton, Chris I.; Clarke, D.A.
Keyword(s): multilevel security; gateway; internet; network
Abstract: A common problem faced by many organizations connected to the Internet is controlling precisely which hosts and services on their local network a user can access from outside the local network over the Internet. One solution would group the local hosts and services into logical partitions (or segments), and allow users or classes of users access to particular partitions based on who they are or what functional group they belong to. We have implemented such an approach using gateways running Multilevel Secure Operating Systems, such as HP-UX VVOS 10.24 or Trusted Solaris 2.5. The gateways run trusted versions of SSH and SOCKS that have been derived from publicly available sources. This paper reviews the features of a Multilevel Secure Operating System relevant to its use in the role of an Internet gateway, describes our trusted implementations of SSH and SOCKS and shows how they may be used in combination to provide precise but transparent local network partitioning and access control. We end with a concrete example that shows secure access over the Internet to file systems provided by WindowsNT servers on a local network. The trusted SSH server software is currently being used by a number of banks in Scandinavia.
Back to Index