A Security Policy Infrastructure for Tactical Service Oriented Architectures

Advances in Intelligent Systems and Computing

Wolthusen

2017

Self Cite

Abstract. The requirement for enabling network centric warfare through the accommodation of network-enabled capabilities, promoted the use of service oriented architectures (SOA) within military networks. The initial response of the academic and industrial communities was to utilize standard enterprise SOA. The developed solutions were well adjusted to the strategic domain, where node and network constraints were minimal. Yet, experience gained from the battlefields of the last decade, has proven that the tactical domain imposes a set of unique constraints, that render such solutions inefficient for the tactical edge. The project TACTICS, supported by the European Defense Agency, focuses on the study and development of a SOA dedicated to tactical networks. In this paper we present the designed security service architecture, as developed in accordance to the requirements identified in our earlier studies. Each service is presented as an architectural element within the TACTICS TSI (Tactical Service Infrastructure), aiming to highlight the distinct functionalities of the security infrastructure towards the efficient enforcement of security controls at the tactical edge.

Section: Test Case Based Validationmentioning

confidence: 86%

Section: Tactics Security Architecturementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security Infrastructure for Service Oriented Architectures at the Tactical Edge

Advances in Intelligent Systems and Computing

Wolthusen

2017

Self Cite

“…Hence, the Current Value Matrices corresponding to the two subjects are respectively CV A = [5,5,4,1] and CV B = [6,8,4,7]. The same normalization technique and the same weights are applied also to these matrices as denoted in Equation ( 4).…”

Section: An Example Use Casementioning

confidence: 99%

“…Moreover, the fact that the edge nodes generally present substantial constraints, in terms related to the size of memory and buffers, computational power, battery life and available interfaces [2], can also be an obstruction in the policy enforcement. Thus, protecting and regulating access over the data, as mentioned above, becomes a challenging task [5][6][7][8]. Managing security policies in such an environment requires an effective and efficient access control mechanism to be in place in order to provide suitable monitoring, control and audit solutions for managing data flows across communication and control links but also access to services.…”

Section: Introductionmentioning

confidence: 99%

RESPOnSE—A Framework for Enforcing Risk-Aware Security Policies in Constrained Dynamic Environments

Michailidou

Shalaginov

et al. 2020

Sensors

The enforcement of fine-grained access control policies in constrained dynamic networks can become a challenging task. The inherit constraints present in those networks, which result from the limitations of the edge devices in terms of power, computational capacity and storage, require an effective and efficient access control mechanism to be in place to provide suitable monitoring and control of actions and regulate the access over the resources. In this article, we present RESPOnSE, a framework for the specification and enforcement of security policies within such environments, where the computational burden is transferred to high-tier nodes, while low-tier nodes apply risk-aware policy enforcement. RESPOnSE builds on a combination of two widely used access control models, Attribute-Based Access Control and Role-Based Access Control, exploiting the benefits each one provides. Moreover, the proposed mechanism is founded on a compensatory multicriteria decision-making algorithm, based on the calculation of the Euclidean distance between the run-time values of the attributes present in the security policy and their ideal values, as those are specified within the established policy rules.

Security Requirements for the Deployment of Services Across Tactical SOA

Lecture Notes in Computer Science

Wolthusen

2017

Self Cite

Abstract. Service Oriented Architectures (SOA) have been identified as a suitable mediator towards the attainment of the requirements imposed by modern warfare. Earlier studies focused primarily on the strategic domain, or the adaptation of such systems to the requirements of the tactical domain. Yet, the underlying constraints are significantly different between the two, with direct impact both on security and quality of service. In this article we approach the security aspect of tactical SOA, focusing on the specifics of the services while operating under the constrains and requirements of modern battlefields. Selected elements of our analysis within the project TACTICS are presented, as they have been utilized for the extraction of operational and technical requirements towards the development of a suitable tactical service infrastructure.