Posts Tagged ‘security architecture zones trust’

Cross-Domain Gateway Functions

Cross-Domain Gateways are a concept from multi-level government and military networks that are increasingly being deployed into traditionally flat commercial networks. I’ve spoken before about ‘trust zones‘ and the concept of choke-points between trust zones concept combined with a view of the threat exposure for each trust zone underlies the need for cross-domain gateways. (Domain is the historical term commonly used in government and military settings for zones of trust.)

There are a wide variety of applications to which cross domain gateways can be applied and a wide variety of gateway patterns and designs. However there is a common set of possible gateway functions that such patterns and designs can commonly call upon.

Zones of Trust

The key security design decision is the balance to be taken at every step of a system design between trust and inconvenience.

For every system to system, subsystem to subsystem and component to component connection a decision must be made as to whether either side of the connection will trust the other, and to what degree. Trust is in some ways analogous to coupling. The higher the level of trust, the more likely that a compromise of one side of the connection will lead to the compromise of the other.

Twitter RSS