Security in Open and Distributed Systems

Distributed computing systems impose new requirements on the security of the operating systems and hardware structures of the computers participating in a distributed data network environment. It is proposed that multiple level (greater than two) security hardware, with associated full support for that hardware at the operating system level, is required to meet the needs of this emerging environment. The normal two layer (supervisor/user) structure may probably be insufficient to enforce and protect security functions consistently and reliably in a distributed environment. Such two‐layer designs are seen as part of earlier single computer/processor system structures while a minimum three/four‐layer security architecture appears necessary to meet the needs of the distributed computing environment. Such multi‐level hardware security architecture requirements are derived from earlier work in the area, particularly the Multics project of the mid‐1960s, as well as the design criteria for the DEC VAX 11/780 and Intel iAPX‐286 processor and its successors, as two later examples of machine structures. The security functions of individual nodes participating in a distributed computing environment, and their associated evaluation level, appear critical to the development of overall security architectures for the protection of distributed computing systems.