In this project we are defining tools for building high integrity internetwork architectures based on authentication techniques. The key to strengthening the Internet against attacks on critical services is assured implementation of access control policies and ability to configure the appropriate security services at the appropriate places in the network software architecture. There is no single answer to the problem of strongly enforced administrative policy; organizations will coalesce around a variety of solutions: secure links, authentication tokens, end-to-end encryption, etc. Our approach can supply a single architectural and implementation methodology that addresses the classic problems of integrity, authentication, privacy, and the prevention of denial-of-service attacks in a generic fashion. These methods support the easy implementation and integration into existing systems that is necessary for the wide deployment of practical, high integrity systems.
The work plan covers representation of authentication domains as objects in much the same way that other work has led to the representation of protocols as composable objects. It also develops uniform security protocol designs and the closely coupled incorporation of rule-based systems to represent the authentication logic behind several of the protocols.