Secure Computer System Design
Secure computer system design trends are described in the article. Insufficient computer network security led to Internet segmentation to intranets, witch are separated by firewalls. Such processes oppose global network idea. To stop segmentation into secure, but closed segments, the global network security growth is needed. Network security consists of: coding, secure protocols and the trusted computer system. There are three kinds of threats: disclosure of secret information, consistency breach and denial of service. Security mechanisms and architectures are described showing the security mechanism position in the networking model. The analysis has shown that widest opportunities are to implement security mechanisms at application level, but then they depend on running services. Data link, network and transport levels enable security mechanism using without provided services influence. Transport layer security mechanisms are best for information transition through insecure media, while data link layer is most effective securing access. Network architectures are inconsistent: ISO 9478-2 relies on the OSI model and concentrates on interconnection security; SDNS proposes architecture and secure protocols supplementing the TCP/IP stack; ECMA analyse security in distributed systems. Terminology and structure of architectures are inconsistent. Ill.3, bibl.27 (in Lithuanian; summary in Lithuanian, English and Russian).
Copyright terms are indicated in the Republic of Lithuania Law on Copyright and Related Rights, Articles 4-37.