next up previous contents
Next: Compusec Up: No Title Previous: Clinical records or

Security Architecture Options

The security policy set out in the section above applies to systems in general. Our goal was not to encumber it with the details of specific equipment, but to produce a policy that is just as capable of implementation on a mainframe with a number of terminals as it is on a heterogeneous distributed system consisting of a number of systems linked together by communications protocols --- or even for that matter using rooms full of clerks with quill pens.

However the case of heterogeneous distributed systems is the main one of interest in the UK, and in this section, we consider some technical options for implementing it. This section is indicative rather than normative; it is up to individual equipment suppliers to design their own systems and have them evaluated for compliance with the security policy. Everything required by the policy can be achieved with well understood technology. However the following notes may be helpful, especially to vendors who are not familiar with modern computer security techniques.

Ross Anderson
Fri Jan 12 10:49:45 GMT 1996