Protection of distributed internetworked computers

Abstract

Current methods of enforcing security policy depend on security patches, anti-virus protections, and configuration control, all updated in the end user's computer at ever decreasing intervals. This research is producing a method of hardening the corporate computer infrastructure by prototyping a mixed hardware and software architecture that enforces policies by pushing distributed security functions closer to the end user's computer, but without modifying, relying on or reconfiguring the end user's computer itself. Previous research has developed highly secure network components. Because it is impractical to replace our entire infrastructure with secure, trusted components, this paper investigates how to improve the security of a heterogeneous infrastructure composed of both trusted and untrusted components.