Towards a Security Reference Model for Connection Oriented Networking Technologies

Aug 23, 1996

Abstract

Data communications networks have become an infrastructure resource for businesses, corporations, government agencies, and academic institutions. However, new technologies introduce new threats. Networking not only puts corporate resources, plans and data at risk, but ultimately the company's reputation and potential survival. Protection from network-enabled threats cannot be achieved by a single technology or work practice.

This talk concentrates on one particular aspect of providing communication security - firewalls between domains of trust. We argue that signaling support for providing scalable security services is a design requirement. On this basis we outline a reference model for firewall technology. It provides support for the following security services: authentication, data integrity, access control, audit, and accountability.

Firewall technology in TCP/IP internetworks provides a mechanism to help enforce access policies on communication traffic entering or leaving networks. Usually an "inside" network domain is protected against an "outside" untrusted network, or parts of a network are protected against other parts. A firewall is a security architecture placed on the data transmission path between networks or a bastion host placed on a demilitarized zone network between the inside and the outside. There are well understood advantages and disadvantages to firewall technology. The integration of classical TCP/IP networks and new connection-oriented subnetwork technologies, such as ATM, offers new opportunities to address some of the current shortcomings of firewall technology.

In this talk we describe the design of a scalable security architecture, suitable for connection-oriented high-performance networks and discuss signaling implications. The architecture is based on three principles: connection authentication, domain based access control, and service distribution and replication. The security architecture describes a system where policy is centralized but enforcement is distributed, thus enabling both high-performance and security enforcement for encapsulated protocols (e.g. IP over ATM). We describe how to provide a facility for comprehensive network audit trails to provide a mechanism for non repudiable information for billing and incident detection and investigation. The architecture is an improvement in network management and provides a controlled exposure of the internal network structure to the outside, and transparency to the user.