Tech Note #110: Concept for a Secure Network Computer
2000 Bionic Buffalo Corporation; All Rights Reserved.
Tuesday, 11 January 2000
Page 2 of 18
citizens’ tax returns
Domains may be contained within other domains. (Each department’s salaries may be a separate
domain, with all company salaries in a superdomain of these subdomains.) The primary goal of
this organization is to protect the information in a domain from unauthorized access. To this
end, each user must be authorized to have (possibly limited) rights to access specific domains,
and must be prevented from inappropriate access to other domains. Furthermore, information
leakage from one domain to another must be prevented.
The physical realization of a domain is a set of enclaves. An enclave is an arena for information,
protected by boundary controls, so that information cannot improperly enter or leave the
enclave. In computer terms, an enclave might be a physically secure local network (LAN)
protected by firewalls. An enclave may also consist only of a single node, which must have
internal boundary controls if part of a larger domain.
The enclaves in a domain are connected to one another through their boundary controllers.
The connection mechanism for a computer-based domain might be through private or public
networks, with appropriate levels of physical and informational (cryptographic) security.
tn011001 ©2000 Bionic Buffalo Corp