Domain and type enforcement firewalls

Internet-connected organizations often employ an Internet firewall to mitigate risks of system penetration, data theft, data destruction, and other security breaches. Conventional Internet firewalls, however, impose an overly simple inside-vs-outside model of security that is incompatible with many business practices that require extending limited trust to external entities, for example, suppliers, bankers, accountants, advisors, consultants, partners, customers, and allies. Additionally, firewall security perimeters are somewhat weak: they provide no protection from inside attacks and do not protect sensitive data, which can be exported by tunneling through permitted protocols. As the Internet evolves towards applets, mobile agents, and object frameworks, these problems likely will worsen. This paper reports on our experience with an enhanced security firewall based on domain and type enforcement (DTE), a strong but flexible form of access control. A DTE firewall provides several benefits. We describe the design of a prototype DTE firewall system and informally evaluate its security, compatibility, functionality and performance