CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

The Jericho Forum: De-perimeterisation of network resources

Tomas Olovsson (Institutionen för data- och informationsteknik, Datorteknik (Chalmers)) ; Jamie Bodley-Scott
Black Hat Conference 2005 / Jericho Challenge Winner (2005)
[Konferensbidrag, refereegranskat]

The Jericho forum is a consortium of large corporations that have proposed a new architecture for network protection, a “de-perimeterised” architecture where organisations no longer have to hide behind a firewall. In this paper, we describe the design of a distributed network architecture where the need for conventional firewalls diminishes and where services can be offered to users regardless of their physical location. In this architecture, all systems should be able to protect themselves against network threats while security functions such as authentication and authorisation are handled at a global level. The result is that each individual server does not have to implement these functions and from a user point of view, functionality such as single sign-on becomes a possibility. The use of open protocols and standards is important and therefore technologies like Kerberos, IPSec, SSL and SSH will be used. Furthermore, the architecture must support older applications and application servers as well, e.g. legacy servers that cannot be modified to implement the new functionality. These should still work either with of some kind of decreased functionality or with full functionality provided by additional modules or front-end hardware that implements the new security functions.

Nyckelord: Computer security, networks, authorization, de-perimeterization, firewalls, authentication

The paper was selected as the winner of the Jericho Forum Challenge 2005: http://www.opengroup.org/tech/jericho

Denna post skapades 2006-08-25. Senast ändrad 2015-12-17.
CPL Pubid: 9989


Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Datorteknik (Chalmers)



Chalmers infrastruktur