This paper discusses the important issue of distributed system security. One might suppose that this form of security can be obtained by connecting systems meeting the DoD standard at a given level, for example, C2. However, Nessett points out that factors that were previously not considered as affecting the security of a single system must now be considered. He concentrates his attention on heterogeneous system environments: heterogeneous physical security environments, multiple jurisdictive authorities, and discrepancies in policy about mandatory and discretionary security mechanisms on the different machines. These differences can aid potential attacks, as he illustrates in detail. He provides a comprehensive bibliography that includes several of his own works that suggest possible solutions to the problem areas listed above.

Anyone who has responsibility for the security of a distributed system or for the planning of such a system should read this paper and review the pertinent references.