Firewalls: B2 Web Server used at UCSD

Firewalls
(August 1997)

Indexed By Thread: [Previous] [Next]

Subject:	B2 Web Server used at UCSD
From:	spencerj @ dg-rtp . dg . com (Jon Spencer)
Date:	Thu, 31 Jul 1997 14:33:26 -0400 (EDT)
To:	firewalls @ greatcircle . com

For those interested in the use of high assurance firewalls and web servers
(B2+), I offer the following information.  For further info, see

	http://medicine.ucsd.edu/pcasso/index.htm

and look at the faq, the overview slides (in Powerpoint) and the paper on
the system (called PCASSO) presented at the 1997 Annual Computer Security
Applications Conference (requires Adobe Acrobat). [I guess if someone wants
these items but can't access them, send me email and I'll foreward
postscript versions of them.]

The UCSD Patient-Centered Access to Secure Systems Online (PCASSO) project
was sponsored by the National Library of Medicine (part of NIH).  The focus
of the project was to "test technical and organizational approaches to
safeguarding the confidentiality and acuracy of personally identifiable
electronic health data."  The requirements for this are pretty much the
same as for most internet applications:  integrity, confidentialy,
non-repudiation and verified authenticaiton.

They felt that electronic commerce solutions did not address the following
concerns:
	o  Role-based access control
	o  Sensitivity levels
	o  Patient empowerment
	o  "Do no harm" extended to the client environment
	o  High assurance

The deployment enviroment consists of:
	o  267 primary care physicians plus 1300 specials
	o  Country-wide system of 5 hospitals and 45 affiliated community
	   sites
	o  19,000 annual inpatient admissions
	o  590,000 annual outpatient visits
	o  multiple legacy systems

This is a reasonable configuration for a commercial firewall/web server.
You can read more in the paper and overview slides referenced above.

Note that the firewall, web server and database server all exist on the
same single platform - B2 DG/UX.  (The firewall infrastructure is a part of
the B2 OS - the filters and such are plugged in as appropriate).

-- 
Jon F. Spencer				spencerj @
 rtp .
 dg .
 com 
Data General Corp.			Phone : (919)248-6246
62 Alexander Drive, MS #119		FAX   : (919)248-6108
Research Triangle Park, NC  27709	Office RTP 121/9

	There is no such thing as a small interference with property.
			Andrew J. Galambos

	No success can compensate for failure in the home.
			President David O. McKay

***** UCC 1-207 ********

Indexed By Date	Previous:	From: (nil)
Indexed By Date	Next:	"Destination Static Address Translattion" under Linux using ipfwadm?... From: James Terry <james @ imxexchange . com>
Indexed By Thread	Previous:	From: (nil)
Indexed By Thread	Next:	"Destination Static Address Translattion" under Linux using ipfwadm?... From: James Terry <james @ imxexchange . com>