Recommended
More Related Content
Viewers also liked
Viewers also liked (18)
Similar to Distributed Security Policies for Service-Oriented Architectures over Tactical Networks
Similar to Distributed Security Policies for Service-Oriented Architectures over Tactical Networks (20)
Recently uploaded
Recently uploaded (20)
Distributed Security Policies for Service-Oriented Architectures over Tactical Networks
- 1. 1 Distributed Security Policies for Service- Oriented Architectures over Tactical Networks Roberto Rigolin F. Lopes1 and Stephen D. Wolthusen1,2 1. Norwegian Information Security Laboratory, Gjøvik, Norway 2. School of Mathematics and Information Security, University of London, UK {roberto.lopes, stephen.wolthusen}@hig.no
- 2. 22 Introduction • Using rich semantics to state security policies – Combining cross-layer and multi-domain security • Layers: NATO Information Assurance (IA) Layer • Domains: Protection, Detection, Response, Attack, Diligence and Planning • Restrictions: nodes’ specialization and connectivity C3 Taxonomy Communication Services Core Enterprise Services COI Services User-Facing Capabilities IA TSI Detection Protection Response Diligence Security (x) Planning WLAN UHF VHF SatCom HQ Dismounted Mobile Relay Cross-layers Multi-domain Restrictions Policy ≡ (cross-layer U multi-domain) ∩ restrictions
- 3. 33 Introduction • Example of services – Tactical Ground Report System Node C Node A Soldier localization Adversary localization Vehicle localization Live camera Aerial photos Node B J. Evans, B. Ewy, M. Swink, S. Pennington, D. Siquieros, and S. Earp, “TIGR: the tactical ground reporting system,” IEEE Communications Magazine, vol. 51, no. 10, pp. 42–49, October 2013. Observe OrientDecide Act Observe, Orient, Decide and Act Observe and Act
- 4. 44 Example of Service-Oriented Architecture Packet Handler Message Handler Service Mediator Controller 1 2 3 4 Policy management Security handling
- 5. 55 Example of Service-Oriented Architecture SOA PlatformController Service Mediator Message Handler Packet Handler Operating System <Policy Management> <Security Handling> 1 2 Cryptography Tactical Platform Guard Tactical Support Guard Policy Manager Privilege Management Policy Manager Policy Enforcement Point Policy Decision Point Policy Administration Point Detection Diligence Protection Planning Response QoS <domains> TSI Node PEP PEP PEPa b c <a,b,c>
- 6. 66 Structured Security Policies • Security Domains • Planning, Detection, Protection, Diligence, Response and Attack • NATO Information Assurance • Communication, Core, Application and Inter-domain • Rule structure • Conditions implying in Actions • OODA-loop C3 Taxonomy Communication Services Core Enterprise Services COI Services User-Facing Capabilities IA TSIDetection Protection Response Diligence Security (x) Planning Observe OrientDecide Act
- 7. 77 The nodes: Node A <Dismounted> UHF WLAN Node C <Mobile> VHFUHFWLAN SatCom Node B <Relay> SatComVHF HQ Node D <Deployed> SatComVHF UHFWLAN
- 8. 88 Structured Security Policies – Nodes (N), Policies (P) and Security Domains (S) Node A <Dismounted> UHF WLAN Node C <Mobile> VHFUHFWLAN SatCom Node B <Relay> SatComVHF HQ Node D <Deployed> SatComVHF UHFWLAN N1:P1(N1:S1) N2:P2(N2:S2), N2:P’1(N1:R1) Ni:Pi(Ni:Si),…, Ni:P’i-1(Ni-1:Ri-1) Resources and # domains
- 9. 99 Structured Security Policies – Nodes (N), Policies (P) and Security Domains (S) SecurityCore Planning Detection Diligence Response is is is is Protection is Node A Node B Node C 1 2 3 4 5 2 3 43 4 2 3 41 5 OWL DL OWL DL OWL Micro RDFS OWL DL OWL Micro RDFS OWL DL OWL Micro OWL DL Using rich semantics…
- 10. 1010 Rich Semantics for Policies - Web Services MessageSecBinding TokenProtection has SecurityBinding is SecurityToken SymmetricBinding AsymmetricBinding is is SecurityHeaderLayout TransportBinding AlgorithmSuite Timestamp has hashas is hasSignatureToken hasEncryptionToken hasProtectionToken hasInitiatorToken hasRecipientSignatureToken hasRecipientToken hasInitiatorEncryptionToken hasInitiatorSignatureToken has SignatureProtectionhas isWeakerThan isStrongerThan isEquivalentTo isWeakerThan isStrongerThan isEquivalentTo isWeakerThan isStrongerThan isEquivalentTo isMoreGeneralThan isMoreSpecificThan hasTechDiffWith hasTechDiffWith isMoreGeneralThan isMoreSpecificThan hasTechDiffWith isWeakerThan isStrongerThan isEuivalentTo isWeakerThan isStrongerThan isEquivalentTo QoS requirements Information sensitivity Conditions: Network status
- 11. 1111 Security Policies • Attribute-based • Rich semantics Allow access to resource <Service> with attribute <Sensitivity> if <Service> match BlueForceTracking and action is read MessageSecBinding TokenProtection has SecurityBinding is SecurityToken SymmetricBinding AsymmetricBinding is is SecurityHeaderLayout TransportBinding AlgorithmSuitehashas is hasSignatureToken hasEncryptionToken hasProtectionToken hasInitiatorToken hasRecipientSignatureToken hasRecipientToken hasInitiatorEncryptionToken hasInitiatorSignatureTokenhas SignatureProtectionhas isWeakerThan isStrongerThan isEquivalentTo isWeakerThan isStrongerThan isEquivalentTo isWeakerThan isStrongerThan isEquivalentTo isMoreGeneralThan isMoreSpecificThan hasTechDiffWith isMoreGeneralThan isMoreSpecificThan hasTechDiffWith isWeakerThan isStrongerThan isEuivalentTo 2 2.1 2.2 1 Allow or Deny Stronger, Equal or Weaker
- 12. 1212 Distributed Security Policies – Security Core • (1) Multi-Domain, (2) Cross-layer and (3) Rules SecurityCore Action Condition has has TSI Common Rule Planning Diligence uses Protection <inverse property> <Foundational ontologies><Core reference ontologies> <Task ontologies> NewCondition 3 NewAction NewDomain Capability Inter-domainCommunication Core Domain NewCapability <NATO’s C3 Taxonomy> 1 2 Application Attack Detection Response
- 13. 1313 owl:thing owl:intersectionOF owl:unionOf owl:equivalentClass owl:thing owl:intersectionOF owl:unionOf owl:equivalentClass owl:equivalentProperty owl:inverseOf owl:functionalProperty owl:inverseFunctionalProperty owl:symmetricProperty owl:transitiveProperty owl:hasValue owl:disjointWith owl:sameAs owl:differentFrom owl:distinctMembers owl:someValuesFrom owl:allValuesFrom owl:cardinality owl:minCardinality owl:maxCardinality OWL-lite 20 axioms 2 OWL-DL 25 axioms 1 Structured Security Policies - Performance AllowDeny Validate Is valid? YesNo loop
- 14. 1414 Distributed Security Policies Preparation Mission SecurityCore <OWL DL> Node C Detection <OWL lite> Diligence <OWL lite> Protection <OWL lite> Diligence <RDFS> Protection <RDFS> Node B Node A 1 2 Version Alpha Version Bravo Version Charlie • Pre-distribution of policy statements – The system can keep versions of the policies
- 15. 1515 Distributed Security Policies Planning Detection Protection Diligence Response Attack Communication Core Application Inter-domain ActionCondition NewCondition Cross-layer Multi-domain • Examples of policies:
- 16. 1616 Distributed Security Policies • Multi-domain • Cross-layer Packet Handler Message Handler Service Mediator 1 2 3 ActionCondition
- 17. 1717 Distributed Security Policies • Scenario: three types of nodes moving Ni-1 Ni Ni+1 Multi-hop network T0 T1 ... Pi-1 Pi(P’i-1) Pi+1(P’i-1, (P’i)) Nodes’ type Service request Union of security domains HQ Node D <Deployed> SatComVHF UHFWLAN
- 18. 1818 Distributed Security Policies • Connectivity Graph and Security Domains UHF, VHF, SatCom Observe, Act Orient, Act Decide 1 Detection 2 Protection 3 Attack 4 Diligence 5 Response 6 Planning Ni-1 Ni Ni+1 Security domains {1,2,3} {1,2,3,4,5} {1,2,3,4,5,6} UHF, WLAN UHF, VHF, WLAN SatCom UHF, WLAN Observe, Act Orient, Decide, Act - Observe, Orient, Act Orient, Decide, Act - L1,n L2,n L3,n <Dismounted> <Mobile> <Deployed>
- 19. 1919 Distributed Security Policies • Security domains and the OODA-loop – This mapping is done during the preparation Observe OrientDecide Act Detection Protection Attack Diligence Response Planning Attack Diligence Planning Response Response Preparation <standard SOA> Mission <distributed SOA> 1 2 Dynamic Pre-load keys and policies
- 20. 2020 Distributed Security Policies – OODA-loop Handheld <Dismounted> Laptop <Mobile> HQ Laptop <Deployed>
- 21. 2121 In short decreases Specialization Deductioncapabilities General Specialized Low High Node B Node C Node A Detection Diligence Planning Protection Response Detection Diligence Protection Response Detection Diligence Protection # policy domains increase Server(s) Battalion Sensor network(s) increases # classes, instances and axioms <OWL-DL> <OWL-Lite> <RDFS>
- 23. 2323 Conclusion • OWL-DL might be suitable for security policies in tactical networks; – Nodes’ type demands careful design and deployment – But the language is flexible and distributed by design • Critical points on policy design and deployment: – Policy structure and distribution over tactical networks • The policy distribution uses the security domains and the mission context in an attempt to connect Cyber and Kinetic domains. – Security policies can adapt to the mission’s profile • The nodes rely on the network connectivity to complement its security capabilities
- 24. 24 Distributed Security Policies for Service- Oriented Architectures over Tactical Networks Roberto Rigolin F. Lopes1 and Stephen D. Wolthusen1,2 1. Norwegian Information Security Laboratory, Gjøvik, Norway 2. School of Mathematics and Information Security, University of London, UK {roberto.lopes, stephen.wolthusen}@hig.no