Military Communications and Information Technology: A Trusted ...

22.01.2015 Views
440 Military Communications and Information Technology... the cryptographic access control paradigm to canonize this structure, and elaborate how the different aspects of permissions and eventual MLS sanitization affect the structure and can be realized in our setting. This paper is structured as follows: in chapter II we introduce the necessary background and review the related work; in the third chapter we view the setting more carefully in the format of environment assumptions; the fourth chapter lists the design principles and some of the operational details; chapter V is reserved for the schema itself and finally chapter VI concludes the paper. II. Background and related work A. Multi-Level Security (MLS) Multi-Level Security (MLS) refers to a concept, where information from different levels of security classification is allowed to coexist and be processed securely by personnel not necessarily cleared to the highest level. The term stems from a formalization of DoD security policy [3] and related risk analysis [16]. However, detailed definitions vary widely. In military vocabulary the most common definition binds MLS to a “security mode” and the access rights of end users. The defining part here is the user clearance, or right-to-know (RTK). RTK is more formally defined than need-to-know (NTK), as RTK is most often defined on the legislature level. Due to the mandatory nature of RTK and the high-risk scenarios with which the MLS concept is endowed, the assurance level for “true MLS” components is often very high. MLS employs a multitude of functions. Our main concern here is the information flow separation, or the isolation of information from different classification levels: generally it is desired to keep data (flows) from e.g. SECRET separate from data (flows) from RESTRICTED. Due to the high assurance levels required for this isolation, only two types have been used: physical (galvanic) and cryptographic separation. High-assurance virtualization techniques are also making their way to selected MLS sub-areas [9]. Enforcing the isolation with cryptography has been used and tried in multitude of systems and models, such as CBIS discussed in ch. II-B, but the main problem in these systems is key management: encrypted data itself is considered to be sufficiently well protected for the purpose of MLS isolation, but there are no formal models for key management, nor even satisfactory heuristic implementations suitable for large scale cryptographically enforced MLS systems. B. Content-Based Information Security (CBIS) The CBIS-concept (Content-Based Information Security) experimented by US DoD between 2000 and 2005 as an Advanced Concept and Technology Dem-

Chapter 4: Information Assurance & Cyber Defence 441 onstrator [15, 18] was aimed at the cryptographic solution of MLS. In CBIS, all the information is encrypted and signed, protecting the confidentiality and integrity of the document. The original CBIS effort was, however, abandoned as too expensive, possibly due to the constraints and difficulties in key management [1] and user authentication. The concept was revived in (at least) the Finnish military [12], where a different public-key management architecture (PKMA) was substituted for the PKI. The PKMA substituted in [12] was called identity-based cryptography (IBC, [6]). In IBC the identity itself acts as the public key, removing the need for certificates, enabling natural hierarchies and delayed creation for the private key. With IBC extensions, such as attribute-based encryption (ABE), it is possible to encode access structures directly to the ciphertexts. In the later CBIS concept, the actual content is endowed with different levels of metadata that can be used to embed security related information to the document itself, distributing the protection information from the reference monitor to the data itself. Adding metadata to the protected data blob implies the need to protect the metadata as well, and thus further levels of metadata. An obvious framework for dealing with intergrated data and metadata is eXtensible Markup Language (XML) framework. The work in [12] laid out several steps from moving traditional referencemonitor-based access control to cryptographically enforced, MLS-capable access control. These are depicted in Fig. 1. Figure 1. Moving from traditional access control to CBIS ([12]) In Fig. 1, the steps are not wholly sequential: e.g. attribute-based cryptography access control is trialled already as such ([17]), but it was deemed infeasible to leap to mostly academic technologies straight away. As can be seen, there will be a change of public-key cryptography paradigms, or key management architectures at some point. This alone places restrictions on how the actual hierarchical data should be structured, but it is also otherwise prudent to (functionally) separate content from security, and cryptographic key management from the rest of security functions as separate modules.

Page 1 and 2: Military Communications and Informa

Page 3 and 4: Contents Foreword .................

Page 5: Contents 5 Methodology for Gatherin

Page 8 and 9: 8 Military Communications and Infor

Page 11 and 12: Building a Layered Enterprise Archi

Page 13 and 14: Chapter 1: Concepts and Solutions f




Page 21 and 22: Applying NAF for Performance Analys








Page 37 and 38: Openness in Military Systems Jessic






Page 49 and 50: The Concept of Integration Tool for






Page 61 and 62: CFBLNet: A Coalition Capability Ena





Page 71 and 72: Selected Aspects of Effective RCIED





Page 81: Chapter 1: Concepts and Solutions f

Page 84 and 85: 84 Military Communications and Info








Page 100 and 101: 100 Military Communications and Inf

Page 103: Chapter 2 Communications and Inform






















Page 149 and 150: Use of Cross Domain Guards for CoNS

Page 151 and 152: Chapter 2: Communications and Infor




Page 159: Chapter 2: Communications and Infor



















Page 199: Chapter 3 Information Technology fo



















Page 239 and 240: Run-Time Ontology on the Basis of E

Page 241 and 242: Chapter 3: Information Technology f






Page 253 and 254: A Robust and Scalable Peer-to-Peer






Page 265 and 266: Automatic Exploitation of Multiling








Page 281 and 282: Information Fusion Under Network Co






Page 293: Chapter 3: Information Technology f





Page 305 and 306: Commanding Multi-Robot Systems with






Page 317 and 318: Application of CID Server in Decisi







Page 331 and 332: Managing Lessons Learnt from Daily






Page 343: Chapter 3: Information Technology f

Page 347 and 348: Federated Cyber Defence System - Ap

Page 349 and 350: Chapter 4: Information Assurance &




Page 357: Chapter 4: Information Assurance &









Page 377 and 378: Development of High Assurance Guard









Page 395 and 396: Network Traffic Characteristics for










Page 415 and 416: Methodology for Gathering Data Conc











Page 439: On Multi-Level Secure Structured Co







Page 455 and 456: Generation of Nonlinear Feedback Sh














Page 485 and 486: Modern Usage of “Old” One-Time












Page 511 and 512: A Abut Fatih 161 Akcaoglu Ismail 11

communications

nato

communication

architecture

interoperability

cyber

networks

defence

processing

analysis

wil.waw.pl

Military Communications and Information Technology: A Trusted ...

Military Communications and Information Technology: A Trusted ... ... View more Military Communications and Information Technology: A Trusted ...

Delete template?

Save as template ?

Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...