global network (e.g. Internet). Let s 0 ,s 1 , ..., s m be gateway addresses for seg-

ments S 0 ,S 1 , ..., S m . Let workstations interconnect via a virtual private network

(VPN). If some data from a workstation with address a in segment S i needs to

be transferred to a workstation with address b in segment S j , the transmission

is performed in the following way (fig. 1):

Fig. 1. System model

- the data from workstation a is first transferred to a Local Gateway LG( i )in

S i ;

- then data is passed to a Security Gateway SG( i ). Security Gateway operates

as a PROXY server - it connects to workstation a , gathers data for work-

station b , and collects data packets from S i segment in a queue according to

their arrival time. Then data is encrypted with a key of SG( j ) - the Secu-

rity Gateway of data recipient segment. Then SG( i ) connects to SG( j )and

transfers encrypted data:

•

SG( i )passesdatatoaGlobalNetworkHostGNH( i ),whichinturn

passes data to a corresponding host GNH( j )viaaglobalnetwork;

data is then passed to SG( j ). SG( j ) collects packets for S j segment and

stores them in a queue.

- Packets in a queue are decrypted, SG( j ) connects to a workstation b and

transmits data via the internal gateway LG( j );

-LG( j ) sends data to workstation b in S j segment.

•

Every segment S 0 ,S 1 , ..., S m contains software and/or hardware adversary

agents. To work properly these agents need to receive some instructions from

an adversary agent in a global network (AGN). Let us consider that AGN is in

total control of GNH( j ), j =0 , 1 , ..., m , and adversary agents in S 0 ,S 1 , ..., S m