Military Communications and Information Technology: A Trusted ...

22.01.2015 Views
392 Military Communications and Information Technology... Within the CIPE Service each individual Content Filter is explicitly identifiable by its type. A Content Filter may be of an Identification, Verification or Transformation type, or any combination of the three: 1. Identification Content Filter is responsible for correct identification of the type(s) of a data object. 2. Verification Content Filter is responsible for enforcing that the data object conforms to the claimed type and that no malicious or confidential content is present in the data object. This Content Filter also performs as a content exploder and a content flattener for data objects which contain embedded data object(s). 3. Transformation Content Filter is responsible for mitigating the potential threat of malicious content by either removing the active content that was found by the Verification Filter, or by transforming the content to another format. This Content Filter can also transform content by obfuscating or removing data attributes or values that should not be released across the information system boundary. The types of data formats that are allowed for import or release across the HAAG are specific to a CIPE Profile. Each data format type has its own set of Content Filter Rules. A set of Content Filter Rules represents a subset of the CIPE Profile security and assurance requirements specified for a given data format type. The Content Filter Rules are asserted by the Content Filter(s). E. Trusted Base Platform Trusted Base Platform consists of the operating system (OS) kernel, the tools and applications, which are part of the OS, and the hardware, on which the OS runs. Security requirements related to user roles and user authentication are implemented in the OS. The base OS and hardware also provide the isolation of the security components from other components of the HAAG. VI. Conclusions and future work The development of the high level design and the protection profile for the HAAG is the first step on a path to achieve effective information sharing between NATO and its external partners. One of the important aspects of the future work is the development of a formal model for the CPR security policies. We are aiming at specifying a basic CPR policy in a natural language, translating it into a formal representation and validating it using some well-known tools, such as Isabelle [21]. The recently established the NATO Science and Technology Organization (STO) Information Systems Technology (IST) Task Group on Trusted Information Sharing for Partnerships (IST-114) aims at advancing the IEG Scenario D

Chapter 4: Information Assurance & Cyber Defence 393 and the Object Level Protection concepts. The focus of the group includes high assurance guards, as well as extensions to the existing security labelling specifications. The results of IST-114 can potentially influence the requirements and design of the HAAG. Acknowledgment This research has been sponsored by the NATO Allied Command Transformation Scientific Programme of Work 2011/2012. References [1] K. Wrona, S. Oudkerk, and G. Hallingstad, “Designing medium assurance XML-labelling guards for NATO,” in Proceedings of the Military Communications Conference (MILCOM), San Jose, CA, USA, 2010. [2] K. Wrona and G. Hallingstad, “Controlled Information Sharing in NATO Operations,” in Proceedings of the IEEE Military Communications Conference (MILCOM), Baltimore, 2011. [3] R. Danyliw, J. Meijer, and Y. Demchenko, “The Incident Object Description Exchange Format,” Request for Comments RFC 5070, 2007. [4] J. Baker, M. Hansbury, and D. Haynes, “The OVAL Language Specification Version 5.10.1,” The MITRE Corporation, 2012. [5] L. Ward, “Improving your custom Snort rules,” Sourcefire, 2010. [6] S. Oudkerk, “NATO Profile for the ‘Binding of Metadata to Data Objects’ – version 1.0,” The Hague, Technical Note TN-1455, 2011. [7] S. Oudkerk, “NATO Profile for the ‘XML Confidentiality Label Syntax’ – version 1.0,” The Hague, Technical Note TN-1456, 2011. [8] T. Wilson, “OGC KML Version 2.2.0,” Open Geospatial Consortium Inc., OGC Standard OGC 07-147r2, 2008. [9] Common Criteria, “Common Criteria for Information Technology Security Evaluation Version 3.1 Revision 3,” CCMB-2009-07-001, 2009. [10] IAD, “U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness, Version 1.03,” 2007. [11] D. Baier et al., A Guide to Claims-Based Identity and Access Control – Authentication and Authorization for Services and the Web.: Microsoft Corporation, 2010. [12] Nigel P. Smart and Frederik Vercauteren, “Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes,” in Public Key Cryptography, 2010, pp. 420-443. [13] M. Abdalla et al., “Wildcarded Identity-Based Encryption,” Journal of Cryptology, vol. 24, no. 1, pp. 42-82, 2011. [14] NC3B, “NATO Architecture Framework v3,” Brussels, Belgium, ANNEX 1 TO AC/322-D(2007)0048, 2007.

Page 1 and 2: Military Communications and Informa

Page 3 and 4: Contents Foreword .................

Page 5: Contents 5 Methodology for Gatherin

Page 8 and 9: 8 Military Communications and Infor

Page 11 and 12: Building a Layered Enterprise Archi

Page 13 and 14: Chapter 1: Concepts and Solutions f




Page 21 and 22: Applying NAF for Performance Analys








Page 37 and 38: Openness in Military Systems Jessic






Page 49 and 50: The Concept of Integration Tool for






Page 61 and 62: CFBLNet: A Coalition Capability Ena





Page 71 and 72: Selected Aspects of Effective RCIED





Page 81: Chapter 1: Concepts and Solutions f

Page 84 and 85: 84 Military Communications and Info








Page 100 and 101: 100 Military Communications and Inf

Page 103: Chapter 2 Communications and Inform






















Page 149 and 150: Use of Cross Domain Guards for CoNS

Page 151 and 152: Chapter 2: Communications and Infor




Page 159: Chapter 2: Communications and Infor



















Page 199: Chapter 3 Information Technology fo



















Page 239 and 240: Run-Time Ontology on the Basis of E

Page 241 and 242: Chapter 3: Information Technology f






Page 253 and 254: A Robust and Scalable Peer-to-Peer






Page 265 and 266: Automatic Exploitation of Multiling








Page 281 and 282: Information Fusion Under Network Co






Page 293: Chapter 3: Information Technology f





Page 305 and 306: Commanding Multi-Robot Systems with






Page 317 and 318: Application of CID Server in Decisi







Page 331 and 332: Managing Lessons Learnt from Daily






Page 343: Chapter 3: Information Technology f

Page 347 and 348: Federated Cyber Defence System - Ap

Page 349 and 350: Chapter 4: Information Assurance &




Page 357: Chapter 4: Information Assurance &









Page 377 and 378: Development of High Assurance Guard








Page 395 and 396: Network Traffic Characteristics for










Page 415 and 416: Methodology for Gathering Data Conc











Page 439 and 440: On Multi-Level Secure Structured Co








Page 455 and 456: Generation of Nonlinear Feedback Sh














Page 485 and 486: Modern Usage of “Old” One-Time












Page 511 and 512: A Abut Fatih 161 Akcaoglu Ismail 11

communications

nato

communication

architecture

interoperability

cyber

networks

defence

processing

analysis

wil.waw.pl

Military Communications and Information Technology: A Trusted ...

Military Communications and Information Technology: A Trusted ... ... View more Military Communications and Information Technology: A Trusted ...

Delete template?

Save as template ?

Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...