Military Communications and Information Technology: A Trusted ...

22.01.2015 Views
384 Military Communications and Information Technology... Figure 5. HAAG as a separation service The HAAG service is responsible for enforcing access control based on advanced security policies, taking into account the properties of users (e.g. clearance level and his role in the organization), properties of devices (e.g. hardware cryptographic modules, trusted computing platform), and properties of the information (e.g. its validity time, sensitivity and area of application). In this phase, the traditional characterization of information through simple metadata (or so-called security label e.g. NATO Secret releasable to Australia), is replaced by a more detailed (and complex) metadata describing the information (e.g. logistic data relevant to transport of goods to Australian troops based in Afghanistan). Similarly, instead of being characterized only by a clearance level, the end-user would be characterized by metadata describing his role, affiliation, and trustworthiness. The terminal would also have to be characterized by additional metadata describing its trustworthiness, such as none, basic, normal, enhanced and high, instead of being just characterized by the network domain in which it is located. The required separation of information flows in Phase 2 can only be achieved by using advanced cryptography, including encryption of both data at rest and data in transfer. Recently, several relevant new cryptographic techniques have been developed, including homomorphic encryption enabling processing of encrypted data [12] and wild-carded identity-based encryption [13], potentially enabling encryption of data for groups of user, e.g., users playing the same role within organization, and effective key management. V. High level design One of the current activities coordinated by the NCIA is development of high level design (HLD) for the HAAG. The target of the HLD is Phase 1 and Phase 2 of the HAAG as described in the previous section.

Chapter 4: Information Assurance & Cyber Defence 385 The purpose of the HLD is twofold. First of all, the HLD shall enable evaluation of completeness and appropriateness of the functional and security capabilities of the HAAG by all stakeholders, i.e. NATO bodies, NATO nations, and prospect non-NATO partners in the information sharing scenarios to be supported by the HAAG. Secondly, the HLD is to be used as guidance for the industry during the implementation of the HAAG solution for NATO. During the design study several dependencies with information assurance services offered by the external components have been identified. The basic design of the HAAG substantially extends architecture and functionality implemented within the NCIA Medium Assurance XML-Labelling Guard (MAXLG) [1]. In order to ensure proper integration with the NATO infrastructure, the HLD is described in terms of the NATO Architecture Framework (NAF) version 3 [14]. The HLD describes a subset of various possible views defined in the NAF v.3, including Capability, Operational, Service Oriented, System, Technical, and Programme Views. A. System overview The design of the HAAG introduces five main concepts, as depicted in Figure 6: Figure 6. Design principles for the HAAG

Page 1 and 2: Military Communications and Informa

Page 3 and 4: Contents Foreword .................

Page 5: Contents 5 Methodology for Gatherin

Page 8 and 9: 8 Military Communications and Infor

Page 11 and 12: Building a Layered Enterprise Archi

Page 13 and 14: Chapter 1: Concepts and Solutions f




Page 21 and 22: Applying NAF for Performance Analys








Page 37 and 38: Openness in Military Systems Jessic






Page 49 and 50: The Concept of Integration Tool for






Page 61 and 62: CFBLNet: A Coalition Capability Ena





Page 71 and 72: Selected Aspects of Effective RCIED





Page 81: Chapter 1: Concepts and Solutions f

Page 84 and 85: 84 Military Communications and Info








Page 100 and 101: 100 Military Communications and Inf

Page 103: Chapter 2 Communications and Inform






















Page 149 and 150: Use of Cross Domain Guards for CoNS

Page 151 and 152: Chapter 2: Communications and Infor




Page 159: Chapter 2: Communications and Infor



















Page 199: Chapter 3 Information Technology fo



















Page 239 and 240: Run-Time Ontology on the Basis of E

Page 241 and 242: Chapter 3: Information Technology f






Page 253 and 254: A Robust and Scalable Peer-to-Peer






Page 265 and 266: Automatic Exploitation of Multiling








Page 281 and 282: Information Fusion Under Network Co






Page 293: Chapter 3: Information Technology f





Page 305 and 306: Commanding Multi-Robot Systems with






Page 317 and 318: Application of CID Server in Decisi







Page 331 and 332: Managing Lessons Learnt from Daily






Page 343: Chapter 3: Information Technology f

Page 347 and 348: Federated Cyber Defence System - Ap

Page 349 and 350: Chapter 4: Information Assurance &




Page 357: Chapter 4: Information Assurance &









Page 377 and 378: Development of High Assurance Guard








Page 395 and 396: Network Traffic Characteristics for










Page 415 and 416: Methodology for Gathering Data Conc











Page 439 and 440: On Multi-Level Secure Structured Co








Page 455 and 456: Generation of Nonlinear Feedback Sh














Page 485 and 486: Modern Usage of “Old” One-Time












Page 511 and 512: A Abut Fatih 161 Akcaoglu Ismail 11

communications

nato

communication

architecture

interoperability

cyber

networks

defence

processing

analysis

wil.waw.pl

Military Communications and Information Technology: A Trusted ...

Military Communications and Information Technology: A Trusted ... ... View more Military Communications and Information Technology: A Trusted ...

Delete template?

Save as template ?

Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...