Distributed Security Policies for Service-Oriented Architectures over Tactical Networks

1
Distributed Security Policies for Service-
Oriented Architectures over Tactical Networks
Roberto Rigolin F. Lopes1 and Stephen D. Wolthusen1,2
1. Norwegian Information Security Laboratory, Gjøvik, Norway
2. School of Mathematics and Information Security, University of London, UK
{roberto.lopes, stephen.wolthusen}@hig.no

22
Introduction
• Using rich semantics to state security policies
– Combining cross-layer and multi-domain security
• Layers: NATO Information Assurance (IA) Layer
• Domains: Protection, Detection, Response, Attack, Diligence
and Planning
• Restrictions: nodes’ specialization and connectivity
C3 Taxonomy
Communication Services
Core Enterprise Services
COI Services
User-Facing Capabilities
IA
TSI
Detection
Protection
Response
Diligence
Security
(x) Planning
WLAN
UHF
VHF
SatCom
HQ
Dismounted
Mobile
Relay
Cross-layers Multi-domain Restrictions
Policy ≡ (cross-layer U multi-domain) ∩ restrictions

33
Introduction
• Example of services
– Tactical Ground Report System
Node C
Node A
Soldier localization
Adversary localization
Vehicle localization
Live camera
Aerial photos
Node B
J. Evans, B. Ewy, M. Swink, S. Pennington, D. Siquieros, and S. Earp, “TIGR: the tactical ground
reporting system,” IEEE Communications Magazine, vol. 51, no. 10, pp. 42–49, October 2013.
Observe
OrientDecide
Act
Observe, Orient,
Decide and Act
Observe and Act

44
Example of Service-Oriented Architecture
Packet Handler
Message Handler
Service Mediator
Controller
1
2
3
4
Policy
management
Security
handling

55
Example of Service-Oriented Architecture
SOA PlatformController
Service Mediator
Message Handler
Packet Handler
Operating System
<Policy
Management>
<Security
Handling>
1
2
Cryptography
Tactical Platform Guard
Tactical Support Guard
Policy Manager
Privilege Management Policy Manager
Policy Enforcement Point
Policy Decision Point
Policy Administration Point
Detection
Diligence
Protection
Planning
Response
QoS
<domains>
TSI Node
PEP
PEP
PEPa
b
c
<a,b,c>

66
Structured Security Policies
• Security Domains
• Planning, Detection, Protection, Diligence, Response and Attack
• NATO Information Assurance
• Communication, Core, Application and Inter-domain
• Rule structure
• Conditions implying in Actions
• OODA-loop
C3 Taxonomy
Communication Services
Core Enterprise Services
COI Services
User-Facing Capabilities
IA
TSIDetection
Protection
Response
Diligence
Security
(x) Planning
Observe
OrientDecide
Act

77
The nodes:
Node A
<Dismounted>
UHF WLAN
Node C
<Mobile>
VHFUHFWLAN SatCom
Node B
<Relay>
SatComVHF
HQ Node D
<Deployed>
SatComVHF UHFWLAN

88
– Nodes (N), Policies (P) and Security Domains (S)
Node A
<Dismounted>
UHF WLAN
Node C
<Mobile>
VHFUHFWLAN SatCom
Node B
<Relay>
SatComVHF
HQ Node D
<Deployed>
SatComVHF UHFWLAN
N1:P1(N1:S1)
N2:P2(N2:S2), N2:P’1(N1:R1)
Ni:Pi(Ni:Si),…, Ni:P’i-1(Ni-1:Ri-1)
Resources and # domains

99
– Nodes (N), Policies (P) and Security Domains (S)
SecurityCore
Planning Detection Diligence Response
is is is is
Protection
is
Node A Node B Node C
1 2 3 4 5
2 3 43 4 2 3 41 5
OWL DL OWL DL
OWL Micro
RDFS
OWL DL
OWL Micro
RDFS
OWL DL
OWL Micro
OWL DL
Using rich semantics…

1010
Rich Semantics for Policies - Web Services
MessageSecBinding
TokenProtection
has
SecurityBinding
is
SecurityToken
SymmetricBinding AsymmetricBinding
is is
SecurityHeaderLayout
TransportBinding
AlgorithmSuite
Timestamp
has
hashas
is
hasSignatureToken
hasEncryptionToken
hasProtectionToken
hasInitiatorToken
hasRecipientSignatureToken
hasRecipientToken
hasInitiatorEncryptionToken
hasInitiatorSignatureToken
has
SignatureProtectionhas
isWeakerThan
isStrongerThan
isEquivalentTo
isWeakerThan
isStrongerThan
isEquivalentTo
isWeakerThan
isStrongerThan
isEquivalentTo
isMoreGeneralThan
isMoreSpecificThan
hasTechDiffWith
hasTechDiffWith
isMoreGeneralThan
isMoreSpecificThan
hasTechDiffWith
isWeakerThan
isStrongerThan
isEuivalentTo
isWeakerThan
isStrongerThan
isEquivalentTo
QoS requirements
Information sensitivity
Conditions:
Network status

1111
Security Policies
• Attribute-based
• Rich semantics
Allow access to resource <Service> with attribute <Sensitivity>
if <Service> match BlueForceTracking
and action is read
MessageSecBinding
TokenProtection
has
SecurityBinding
is
SecurityToken
SymmetricBinding AsymmetricBinding
is is
SecurityHeaderLayout
TransportBinding
AlgorithmSuitehashas
is
hasSignatureToken
hasEncryptionToken
hasProtectionToken
hasInitiatorToken
hasRecipientSignatureToken
hasRecipientToken
hasInitiatorEncryptionToken
hasInitiatorSignatureTokenhas
SignatureProtectionhas
isWeakerThan
isStrongerThan
isEquivalentTo
isWeakerThan
isStrongerThan
isEquivalentTo
isWeakerThan
isStrongerThan
isEquivalentTo
isMoreGeneralThan
isMoreSpecificThan
hasTechDiffWith
isMoreGeneralThan
isMoreSpecificThan
hasTechDiffWith
isWeakerThan
isStrongerThan
isEuivalentTo
2
2.1 2.2
1
Allow or Deny
Stronger, Equal or
Weaker

1212
Distributed Security Policies – Security Core
• (1) Multi-Domain, (2) Cross-layer and (3) Rules
SecurityCore
Action
Condition
has
has
TSI Common
Rule
Planning
Diligence
uses
Protection
<inverse property>
<Foundational ontologies><Core reference ontologies>
<Task ontologies>
NewCondition
3 NewAction
NewDomain
Capability
Inter-domainCommunication Core
Domain
NewCapability <NATO’s C3 Taxonomy>
1
2
Application
Attack
Detection
Response

1313
owl:thing
owl:intersectionOF
owl:unionOf
owl:equivalentClass
owl:thing
owl:intersectionOF
owl:unionOf
owl:equivalentClass
owl:equivalentProperty
owl:inverseOf
owl:functionalProperty
owl:inverseFunctionalProperty
owl:symmetricProperty
owl:transitiveProperty
owl:hasValue
owl:disjointWith
owl:sameAs
owl:differentFrom
owl:distinctMembers
owl:someValuesFrom
owl:allValuesFrom
owl:cardinality
owl:minCardinality
owl:maxCardinality
OWL-lite
20 axioms
2
OWL-DL
25 axioms
1
Structured Security Policies - Performance
AllowDeny
Validate
Is valid? YesNo
loop

1414
Distributed Security Policies
Preparation Mission
SecurityCore
<OWL DL>
Node C
Detection
<OWL lite>
Diligence
<OWL lite>
Protection
<OWL lite>
Diligence
<RDFS>
Protection
<RDFS>
Node B
Node A
1 2
Version Alpha
Version Bravo
Version Charlie
• Pre-distribution of policy statements
– The system can keep versions of the policies

1515
Planning
Detection
Protection
Diligence
Response
Attack
Communication
Core
Application
Inter-domain
ActionCondition
NewCondition
Cross-layer
Multi-domain
• Examples of policies:

1616
• Multi-domain
• Cross-layer
Packet Handler
Message Handler
Service Mediator
1
2
3
ActionCondition

1717
• Scenario: three types of nodes moving
Ni-1
Ni
Ni+1
Multi-hop network
T0
T1
...
Pi-1
Pi(P’i-1)
Pi+1(P’i-1, (P’i))
Nodes’ type
Service request
Union of security
domains
HQ Node D
<Deployed>
SatComVHF UHFWLAN

1818
• Connectivity Graph and Security Domains
UHF, VHF,
SatCom
Observe, Act Orient, Act Decide
1 Detection
2 Protection
3 Attack
4 Diligence
5 Response
6 Planning
Ni-1 Ni Ni+1
Security domains
{1,2,3} {1,2,3,4,5} {1,2,3,4,5,6}
UHF,
WLAN UHF, VHF,
WLAN
SatCom
UHF, WLAN
Observe, Act Orient, Decide, Act -
Observe, Orient, Act Orient, Decide, Act -
L1,n
L2,n
L3,n
<Dismounted> <Mobile> <Deployed>

1919
• Security domains and the OODA-loop
– This mapping is done during the preparation
Observe
OrientDecide
Act
Detection
Protection
Attack
Diligence
Response
Planning
Attack
Diligence
Planning
Response Response
Preparation
<standard SOA>
Mission
<distributed SOA>
1 2
Dynamic
Pre-load keys and policies

2020
Distributed Security Policies – OODA-loop
Handheld
<Dismounted>
Laptop
<Mobile>
HQ Laptop
<Deployed>

2121
In short
decreases
Specialization
Deductioncapabilities
General Specialized
Low
High
Node B
Node C
Node A
Detection
Diligence
Planning
Protection
Response
Detection
Diligence
Protection
Response
Detection
Diligence
Protection
# policy domains
increase
Server(s)
Battalion
Sensor network(s)
increases
# classes, instances
and axioms
<OWL-DL>
<OWL-Lite>
<RDFS>

2222

2323
Conclusion
• OWL-DL might be suitable for security policies in
tactical networks;
– Nodes’ type demands careful design and deployment
– But the language is flexible and distributed by design
• Critical points on policy design and deployment:
– Policy structure and distribution over tactical networks
• The policy distribution uses the security domains and
the mission context in an attempt to connect Cyber
and Kinetic domains.
– Security policies can adapt to the mission’s profile
• The nodes rely on the network connectivity to
complement its security capabilities

24
Distributed Security Policies for Service-
Oriented Architectures over Tactical Networks
Roberto Rigolin F. Lopes1 and Stephen D. Wolthusen1,2
1. Norwegian Information Security Laboratory, Gjøvik, Norway
2. School of Mathematics and Information Security, University of London, UK
{roberto.lopes, stephen.wolthusen}@hig.no

Distributed Security Policies for Service-Oriented Architectures over Tactical Networks

More Related Content

Viewers also liked (18)

Similar to Distributed Security Policies for Service-Oriented Architectures over Tactical Networks (20)

Recently uploaded (20)

Distributed Security Policies for Service-Oriented Architectures over Tactical Networks