A method and mechanism of enforcing, in a computer network, a community separation
policy wherein the data of a particular user community should be accessible only
by members of that community. A Multi-Community Node (MCN) processes information
for users in multiple communities and must enforce the community separation policy.
In a closed MCN, which runs only applications trusted to enforce the community
separation policy, the method and mechanism performs a set of checks on packets
received from and to be transmitted on a network, to ensure that all communications
comply with the community separation policy. The checks (1) prevent communications
from a network used by one community or communities to a network used by different
communities; (2) ensure that packets sent by the MCN are output on an interface
attached to a network for the intended community; and (3) detect when remote nodes
communicating with the MCN spoof their source network address to masquerade as
a node in another community. The enforcement method and mechanism use a database
of associations of sets of communities corresponding to each network addresses
of the MCN and each node with which it communicates, and of the set of communities
associated with each network attached to the MCN.
