On Wed, 11 Aug 1999, Adam H. Pendleton wrote:
> Can anyone point me in the right direction for information on the theories
> of firewall design. I don't mean network configuration of systems using
> firewalls, I mean the actual design of the firewall itself, from a
> programming perspective, i.e., what a good firewall can do, the future of
> firewall design, etc.
>
there's a paper ( http://jya.com/paperF1.htm ) on John Young's
excellent site ( http://jya.com/crypto.htm )
titled:
" The Inevitability of Failure:
The Flawed Assumption of
Security in Modern
Computing Environments "
here's the abstract:
"Abstract
Although public awareness of the need for security in computing systems is
growing rapidly, current efforts to provide security are unlikely to
succeed. Current security efforts suffer from the flawed assumption that
adequate security can be provided in applications with the existing
security mechanisms of mainstream operating systems. In reality, the need
for secure operating systems is growing in today's computing environment
due to substantial increases in connectivity and data sharing. The goal of
this paper is to motivate a renewed interest in secure operating systems
so that future security efforts may build on a solid foundation. This
paper identifies several secure operating system features which are
lacking in mainstream operating systems, argues that these features are
necessary to adequately protect general application-space security
mechanisms, and provides concrete examples of how current security
solutions are critically dependent on these features. "
the references section it used to have this link;
( http://www.cs.utah.edu/projects/flux/index.html )
which is a link to a very cool project which includes a secure
microkernel, but for some reason the link was changed.
But there it is now ;)
I found the paper and its references a great start to firewall theory and
practice... now back to practice.
spiff
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
