Military Communications and Information Technology: A Trusted ...

More documents

Recommendations

Info

Use of Cross Domain Guards for CoNSIS Network Management Philipp Steinmetz Cyber Defense, Fraunhofer FKIE, Wachtberg, Germany, philipp.steinmetz@fkie.fraunhofer.de Abstract: This paper discusses filtering of messages sent from a classified to an unclassified network using a cross domain guard. We discuss how we can use such a guard within the network architecture designed in the CoNSIS (Coalition Networks for Secure Information Sharing) project for use in future coalition operations. A guard design is presented which enforces that only XML messages conforming to a specific format may pass the guard. It also limits the message rate based on message size and the resulting possible covert channel. We can use this guard design for low data rate applications which have to communicate across networks of different classification. We also discuss a proxy device located in the unclassified network to reduce the required amount of communication between classified and unclassified network. Keywords: Information Security; Computer networks I. Introduction Protecting confidential information while at the same time reaping the benefits of networked systems is an important goal. Traditionally military computer networks containing sensitive data have been protected by physically separating them from other systems. This complicates or prevents many important applications for which data has to pass from a classified to an unclassified system. Cross Domain Guards have been developed to allow a controlled exchange of information between systems of different classifications while filtering confidential information. The focus of this paper is on looking into the intended behavior of guards. While the actual implementation of guards is not the focus of the paper, we keep in mind that composing them from small building blocks which interact in a simple fashion is helpful for secure implementation. II. The CoNSIS project The CoNSIS (Coalition Networks for Secure Information Sharing) project is a joint effort of France, Germany, Norway and USA. The focus is on designing network
Page 1 and 2:
Military Communications and Informa
Page 3 and 4:
Contents Foreword .................
Page 5:
Contents 5 Methodology for Gatherin
Page 8 and 9:
8 Military Communications and Infor
Page 11 and 12:
Building a Layered Enterprise Archi
Page 13 and 14:
Chapter 1: Concepts and Solutions f
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Applying NAF for Performance Analys
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Openness in Military Systems Jessic
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
The Concept of Integration Tool for
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
CFBLNet: A Coalition Capability Ena
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Selected Aspects of Effective RCIED
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81:
Page 84 and 85:
84 Military Communications and Info
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99: 98 Military Communications and Info
Page 100 and 101: 100 Military Communications and Inf
Page 103: Chapter 2 Communications and Inform
Page 161 and 162: The CoNSIS Approaches to Network Ma
Page 163 and 164: Chapter 2: Communications and Infor
Page 179 and 180: Multi-Topology Routing for QoS Supp
Page 197: Chapter 2: Communications and Infor
Page 201 and 202:
Mathematical Foundations of Interop
Page 203 and 204:
Chapter 3: Information Technology f
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Semantic Interoperability by Means
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Semantic Model for Context - Aware
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237:
Page 240 and 241:
240 Military Communications and Inf
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
modeled by a linear Gaussian centra
Page 290 and 291:
Page 292 and 293:
Page 295 and 296:
Examination of Combination Rules fo
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303:
Page 306 and 307:
Page 308 and 309:
Page 310 and 311:
Page 312 and 313:
Page 314 and 315:
Page 316 and 317:
Page 318 and 319:
Page 320 and 321:
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
Page 334 and 335:
Page 336 and 337:
Page 338 and 339:
Page 340 and 341:
Page 342 and 343:
Page 345:
Chapter 4 Information Assurance & C
Page 348 and 349:
Page 350 and 351:
Page 352 and 353:
Page 354 and 355:
Page 356 and 357:
Page 359 and 360:
Identity and Access Services in NAT
Page 361 and 362:
Chapter 4: Information Assurance &
Page 363 and 364:
Page 365 and 366:
Page 367 and 368:
Page 369 and 370:
Page 371 and 372:
Page 373 and 374:
Page 375:
Page 378 and 379:
Page 380 and 381:
Page 382 and 383:
Page 384 and 385:
Page 386 and 387:
Page 388 and 389:
Page 390 and 391:
Page 392 and 393:
Page 394 and 395:
Page 396 and 397:
Page 398 and 399:
Page 400 and 401:
Page 402 and 403:
Page 404 and 405:
Page 406 and 407:
Page 408 and 409:
Page 410 and 411:
Page 412 and 413:
Page 414 and 415:
Page 416 and 417:
Page 418 and 419:
Page 420 and 421:
Page 422 and 423:
Page 424 and 425:
Page 426 and 427:
Page 428 and 429:
Page 431 and 432:
Problems of Detecting Unauthorized
Page 433 and 434:
Page 435 and 436:
Page 437:
Page 440 and 441:
Page 442 and 443:
Page 444 and 445:
Page 446 and 447:
Page 448 and 449:
Page 450 and 451:
Page 452 and 453:
Page 454 and 455:
Page 456 and 457:
Page 458 and 459:
Page 460 and 461:
Page 462 and 463:
Page 465 and 466:
Effective Generation of Cryptograph
Page 467 and 468:
Page 469 and 470:
Page 471 and 472:
Page 473 and 474:
Page 475 and 476:
Improving the Efficiency of Cryptog
Page 477 and 478:
Page 479 and 480:
Page 481 and 482:
Page 483:
Page 486 and 487:
Page 488 and 489:
Page 490 and 491:
Page 492 and 493:
Page 494 and 495:
Page 497 and 498:
Acoustic Steganographic Transmissio
Page 499 and 500:
Page 501 and 502:
Page 503 and 504:
Page 505 and 506:
Page 507 and 508:
Page 509:
Index
Page 512:
show all

Military Communications and Information Technology: A Trusted ...

Create successful ePaper yourself

Delete template?

Save as template?