In this paper, we present an approach to secure compartmented data access over an untrusted network using a secure network computing architecture. We describe the architecture and show how application-level firewalls and other commercial-off-the-shelf (COTS) products may be used to implement compartmentalized access to sensitive information and to provide access control over an untrusted network and in a variety of environments. Security-related issues and assumptions are discussed. We compare our architecture to other models of controlling access to sensitive data and draw conclusions about the requirements for high-security solutions for electronic business as well as DoD applications.
P. C. Clark, M. C. Meissner, K. O. Vance