Military Communications and Information Technology: A Trusted ...
Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...
384 Military Communications and Information Technology... Figure 5. HAAG as a separation service The HAAG service is responsible for enforcing access control based on advanced security policies, taking into account the properties of users (e.g. clearance level and his role in the organization), properties of devices (e.g. hardware cryptographic modules, trusted computing platform), and properties of the information (e.g. its validity time, sensitivity and area of application). In this phase, the traditional characterization of information through simple metadata (or so-called security label e.g. NATO Secret releasable to Australia), is replaced by a more detailed (and complex) metadata describing the information (e.g. logistic data relevant to transport of goods to Australian troops based in Afghanistan). Similarly, instead of being characterized only by a clearance level, the end-user would be characterized by metadata describing his role, affiliation, and trustworthiness. The terminal would also have to be characterized by additional metadata describing its trustworthiness, such as none, basic, normal, enhanced and high, instead of being just characterized by the network domain in which it is located. The required separation of information flows in Phase 2 can only be achieved by using advanced cryptography, including encryption of both data at rest and data in transfer. Recently, several relevant new cryptographic techniques have been developed, including homomorphic encryption enabling processing of encrypted data [12] and wild-carded identity-based encryption [13], potentially enabling encryption of data for groups of user, e.g., users playing the same role within organization, and effective key management. V. High level design One of the current activities coordinated by the NCIA is development of high level design (HLD) for the HAAG. The target of the HLD is Phase 1 and Phase 2 of the HAAG as described in the previous section.
Chapter 4: Information Assurance & Cyber Defence 385 The purpose of the HLD is twofold. First of all, the HLD shall enable evaluation of completeness and appropriateness of the functional and security capabilities of the HAAG by all stakeholders, i.e. NATO bodies, NATO nations, and prospect non-NATO partners in the information sharing scenarios to be supported by the HAAG. Secondly, the HLD is to be used as guidance for the industry during the implementation of the HAAG solution for NATO. During the design study several dependencies with information assurance services offered by the external components have been identified. The basic design of the HAAG substantially extends architecture and functionality implemented within the NCIA Medium Assurance XML-Labelling Guard (MAXLG) [1]. In order to ensure proper integration with the NATO infrastructure, the HLD is described in terms of the NATO Architecture Framework (NAF) version 3 [14]. The HLD describes a subset of various possible views defined in the NAF v.3, including Capability, Operational, Service Oriented, System, Technical, and Programme Views. A. System overview The design of the HAAG introduces five main concepts, as depicted in Figure 6: Figure 6. Design principles for the HAAG
- Page 333 and 334: Chapter 3: Information Technology f
- Page 335 and 336: Chapter 3: Information Technology f
- Page 337 and 338: Chapter 3: Information Technology f
- Page 339 and 340: Chapter 3: Information Technology f
- Page 341 and 342: Chapter 3: Information Technology f
- Page 343: Chapter 3: Information Technology f
- Page 347 and 348: Federated Cyber Defence System - Ap
- Page 349 and 350: Chapter 4: Information Assurance &
- Page 351 and 352: Chapter 4: Information Assurance &
- Page 353 and 354: Chapter 4: Information Assurance &
- Page 355 and 356: Chapter 4: Information Assurance &
- Page 357: Chapter 4: Information Assurance &
- Page 360 and 361: 360 Military Communications and Inf
- Page 362 and 363: 362 Military Communications and Inf
- Page 364 and 365: 364 Military Communications and Inf
- Page 366 and 367: 366 Military Communications and Inf
- Page 368 and 369: 368 Military Communications and Inf
- Page 370 and 371: 370 Military Communications and Inf
- Page 372 and 373: 372 Military Communications and Inf
- Page 374 and 375: 374 Military Communications and Inf
- Page 377 and 378: Development of High Assurance Guard
- Page 379 and 380: Chapter 4: Information Assurance &
- Page 381 and 382: Chapter 4: Information Assurance &
- Page 383: Chapter 4: Information Assurance &
- Page 387 and 388: Chapter 4: Information Assurance &
- Page 389 and 390: Chapter 4: Information Assurance &
- Page 391 and 392: Chapter 4: Information Assurance &
- Page 393 and 394: Chapter 4: Information Assurance &
- Page 395 and 396: Network Traffic Characteristics for
- Page 397 and 398: Chapter 4: Information Assurance &
- Page 399 and 400: Chapter 4: Information Assurance &
- Page 401 and 402: Chapter 4: Information Assurance &
- Page 403 and 404: Chapter 4: Information Assurance &
- Page 405 and 406: Chapter 4: Information Assurance &
- Page 407 and 408: Chapter 4: Information Assurance &
- Page 409 and 410: Chapter 4: Information Assurance &
- Page 411 and 412: Chapter 4: Information Assurance &
- Page 413 and 414: Chapter 4: Information Assurance &
- Page 415 and 416: Methodology for Gathering Data Conc
- Page 417 and 418: Chapter 4: Information Assurance &
- Page 419 and 420: Chapter 4: Information Assurance &
- Page 421 and 422: Chapter 4: Information Assurance &
- Page 423 and 424: Chapter 4: Information Assurance &
- Page 425 and 426: Chapter 4: Information Assurance &
- Page 427 and 428: Chapter 4: Information Assurance &
- Page 429: Chapter 4: Information Assurance &
- Page 432 and 433: 432 Military Communications and Inf
Chapter 4: <strong>Information</strong> Assurance & Cyber Defence<br />
385<br />
The purpose of the HLD is twofold. First of all, the HLD shall enable evaluation<br />
of completeness <strong>and</strong> appropriateness of the functional <strong>and</strong> security capabilities<br />
of the HAAG by all stakeholders, i.e. NATO bodies, NATO nations, <strong>and</strong> prospect<br />
non-NATO partners in the information sharing scenarios to be supported by<br />
the HAAG. Secondly, the HLD is to be used as guidance for the industry during<br />
the implementation of the HAAG solution for NATO.<br />
During the design study several dependencies with information assurance<br />
services offered by the external components have been identified. The basic design<br />
of the HAAG substantially extends architecture <strong>and</strong> functionality implemented<br />
within the NCIA Medium Assurance XML-Labelling Guard (MAXLG) [1].<br />
In order to ensure proper integration with the NATO infrastructure, the HLD<br />
is described in terms of the NATO Architecture Framework (NAF) version 3 [14].<br />
The HLD describes a subset of various possible views defined in the NAF v.3,<br />
including Capability, Operational, Service Oriented, System, Technical, <strong>and</strong> Programme<br />
Views.<br />
A. System overview<br />
The design of the HAAG introduces five main concepts, as depicted in Figure 6:<br />
Figure 6. Design principles for the HAAG