Military Communications and Information Technology: A Trusted ...

22.01.2015 Views
382 Military Communications and Information Technology... IV. Evolutionary approach The phased approach has been proposed to implementation and deployment of the HAAG in order to address both urgent operational requirements and provide a robust and flexible solution to cross-domain information sharing for the NNEC and FMN infrastructure. The approach consists of 3 phases that incrementally improve information sharing capability. Phase 0 is a cascading design that provides an immediate response to the urgent requirements for information sharing between NATO and international organizations / non-NATO nations. Phase 1 uses the HAAG as a gateway that enforces authentication, authorization, and accountability of all end-users. Phase 2 uses the HAAG to provide a service where information is released based on security and protection requirements derived from a dynamic policy. A. Phase 0: Cascading design using XLG Phase 0 represents an incremental development path for the existing NCIA medium assurance XML-Labelling Guard (XLG). The proposed solution, applicability of which shall be confirmed case by case through an extensive security risk assessment, attempts to partially compensate lower security assurance level of the XLG by introducing an intermediate, NATO Restricted (NR), security domain between IO/NNN and the NATO Secret (NS) system. The XLG is located between the NR and the NS domain. Several reactive security services, such as intrusion detection and malware protection are redundantly deployed in the NR and NS domains in order to provide increased security assurance via a cascading architecture. Figure 3. Example of a cascading design for IEG-D Phase 0 implementation

Chapter 4: Information Assurance & Cyber Defence 383 B. Phase 1: High assurance automated guard as a gateway A logical evolution of the Phase 0 design is to replace the cascade with a single high assurance guard used as a gateway, an architecture shown in Figure 4. Figure 4. High assurance automated guard (HAAG) as a gateway This architecture uses the HAAG as a dedicated information flow control device between the domain with a lower and a higher trustworthiness. In addition, the HAAG must be accompanied by, and usually collocated with, additional security tools, such as firewalls and malware detection software. Compared to the Phase 0 architecture, there are two important differences. First, the HAAG authenticates users from both low and high domains, whereas only network interfaces were authenticated in Phase 0. The authentication is mainly for auditing and accountability purposes, but can also constitute an input for an authorization of access to the data (e.g. basic enforcement of need-to-know principle). Second, the required assurance level for the HAAG design and implementation is significantly higher. Phase 1 improves the assurance and information flow capabilities in a short to medium time-frame. It relies on support for cross-domain authentication, e.g. by implementing a claims-based identity and access control [11]. This architecture allows also a gradual introduction of elements of the CPR security policies. The CPR security model is envisaged to replace in the long term an inflexible Bell-LaPadula security model, which is not suitable for a modern dynamic and federated coalition environment. C. Phase 2: High assurance automated guard as a separation service In Phase 2 of the HAAG development a more radical approach is taken toward solving the information sharing challenges. This approach is based on a complete rethinking of the security model used within NATO and utilizing implementation of advanced cryptographic mechanisms. In this architecture, depicted in Figure 5, the concept of security domains is abandoned, and the information flow is controlled through a HAAG service implemented in a distributed fashion.

Page 1 and 2: Military Communications and Informa

Page 3 and 4: Contents Foreword .................

Page 5: Contents 5 Methodology for Gatherin

Page 8 and 9: 8 Military Communications and Infor

Page 11 and 12: Building a Layered Enterprise Archi

Page 13 and 14: Chapter 1: Concepts and Solutions f




Page 21 and 22: Applying NAF for Performance Analys








Page 37 and 38: Openness in Military Systems Jessic






Page 49 and 50: The Concept of Integration Tool for






Page 61 and 62: CFBLNet: A Coalition Capability Ena





Page 71 and 72: Selected Aspects of Effective RCIED





Page 81: Chapter 1: Concepts and Solutions f

Page 84 and 85: 84 Military Communications and Info








Page 100 and 101: 100 Military Communications and Inf

Page 103: Chapter 2 Communications and Inform






















Page 149 and 150: Use of Cross Domain Guards for CoNS

Page 151 and 152: Chapter 2: Communications and Infor




Page 159: Chapter 2: Communications and Infor



















Page 199: Chapter 3 Information Technology fo



















Page 239 and 240: Run-Time Ontology on the Basis of E

Page 241 and 242: Chapter 3: Information Technology f






Page 253 and 254: A Robust and Scalable Peer-to-Peer






Page 265 and 266: Automatic Exploitation of Multiling








Page 281 and 282: Information Fusion Under Network Co






Page 293: Chapter 3: Information Technology f





Page 305 and 306: Commanding Multi-Robot Systems with






Page 317 and 318: Application of CID Server in Decisi







Page 331 and 332: Managing Lessons Learnt from Daily






Page 343: Chapter 3: Information Technology f

Page 347 and 348: Federated Cyber Defence System - Ap

Page 349 and 350: Chapter 4: Information Assurance &




Page 357: Chapter 4: Information Assurance &









Page 377 and 378: Development of High Assurance Guard








Page 395 and 396: Network Traffic Characteristics for










Page 415 and 416: Methodology for Gathering Data Conc











Page 439 and 440: On Multi-Level Secure Structured Co








Page 455 and 456: Generation of Nonlinear Feedback Sh














Page 485 and 486: Modern Usage of “Old” One-Time












Page 511 and 512: A Abut Fatih 161 Akcaoglu Ismail 11

communications

nato

communication

architecture

interoperability

cyber

networks

defence

processing

analysis

wil.waw.pl

Military Communications and Information Technology: A Trusted ...

Military Communications and Information Technology: A Trusted ... ... View more Military Communications and Information Technology: A Trusted ...

Delete template?

Save as template ?

Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...