Controlled information sharing in NATO operations

Wrona, Konrad; Hallingstad, Geir

doi:10.1109/milcom.2011.6127479

Cited by 14 publications

(2 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The North Atlantic Treaty Organization (NATO) and national forces have defined the concept of an IEG to facilitate secure communications between different security and management domains [11]. Related to IEG is the concept of Content-based Protection and Release (CPR) [36]. CPR aims to improve timely sharing of information in the NATO Network Enabled Capability (NNEC) and the Future Mission Network (FMN) [15] environments.…”

Section: Motivationmentioning

confidence: 99%

Telecommunications Networks Risk Assessment with Bayesian Networks

Szpyrka

Jasiul

Wrona³

et al. 2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. We propose a solution which provides a system operator with valuation of security risk introduced by various components of the communication and information system. This risk signature of the system enables the operator to make an informed decision about which network elements shall be used in order to provide a service requested by the user while minimising security risk related to service execution. In considered scenario transmitted data can be intercepted, modified or dropped by an attacker. Each network component and path can be potentially used to compromise information, since an adversary is able to utilise various vulnerabilities of network elements in order to perform an attack. The impact and probability of such successful attacks can be assessed by analysing the severity of the vulnerabilities and the difficulty of exploiting them, including the required equipment and knowledge. In consequence, each possible service work-flow can be assigned a security risk signature.

show abstract

Section: Motivationmentioning

confidence: 99%

Telecommunications Networks Risk Assessment with Bayesian Networks

Szpyrka

Jasiul

Wrona³

et al. 2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…In the case of a Work performed under NATO contract or grant, ACM recognizes that NATO has royalty-free permission to reproduce all or portions of the Work, and to authorize others to do so, for official NATO purposes, if the contract/grant so requires. ing between different information security domains while providing a strong separation between different communities of interest while supporting dynamic and flexible enforcement of need-to-know principles [8]. In this context, the Content-based Protection and Release (CPR) model has been introduced in [2] to support the specification and enforcement of access control policies used in NATO and, more generally, in complex organizations.…”

Section: Introductionmentioning

confidence: 99%

A SMT-based Tool for the Analysis and Enforcement of NATO Content-based Protection and Release Policies

Armando¹,

Ranise

Traverso

et al. 2015

Proceedings of the 20th ACM Symposium on Access Control Models and Technologies

Self Cite

View full text Add to dashboard Cite

NATO is developing a new IT infrastructure for automated information sharing between different information security domains and supporting dynamic and flexible enforcement of the need-to-know principle. In this context, the Contentbased Protection and Release (CPR) model has been introduced to support specification and enforcement of NATO access control policies. While the ability to define fine-grained security policies for a large variety of users, resources, and devices is desirable, their definition, maintenance, and enforcement can be difficult, time-consuming, and error prone. In this paper, we give an overview of a tool capable of assisting NATO security personnel in these tasks by automatically solving several policy analysis problems of practical interest. The tool levarages state-of-the-art SMT solvers.

show abstract