1 / 32

Information Sharing and Security in Dynamic Coalitions

Information Sharing and Security in Dynamic Coalitions. Charles E. Phillips, Jr. Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The University of Connecticut Storrs, Connecticut 06269-3155 charlesp@engr.uconn.edu. Profs. T.C. Ting and Steven A. Demurjian

hilda
Download Presentation

Information Sharing and Security in Dynamic Coalitions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Information Sharing and Security in Dynamic Coalitions Charles E. Phillips, Jr. Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The University of Connecticut Storrs, Connecticut 06269-3155 charlesp@engr.uconn.edu Profs. T.C. Ting and Steven A. Demurjian Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The University of Connecticut Storrs, Connecticut 06269-3155 http://www.engr.uconn.edu/~steve steve@engr.uconn.edu

  2. Overview of Presentation • Introduction • The Dynamic Coalition Problem • Civilian Organizations • Military Involvement/GCCS • Information Sharing and Security • Federating Resources • Data Integrity • Access Control (DAC and MAC) • Other Critical Security Issues • Candidate Security Approach • Conclusions and Future Work

  3. IntroductionCrisis and Coalitions • A Crisis is Any Situation Requiring National or International Attention as Determined by the President of the United States or UN • A Coalition is an Alliance of Organizations: Military, Civilian, International or any Combination • A Dynamic Coalition is Formed in a Crisis and Changes as Crisis Develops, with the Key Concern Being the Most Effective way to Solve the Crisis • Dynamic Coalition Problem (DCP) is the Inherent Security, Resource, and/or Information Sharing Risks that Occur as a Result of the Coalition Being Formed Quickly

  4. IntroductionNear Simultaneous Crises Crisis Point BOSNIA (NATO) NATO Hq KOSOVO (US,UK) Olympic Games Earthquake (United Nations) Ship Wreck (UK,SP)

  5. Evaluation vs. DCP Emergent Need for Coalitions • “Coalitions must be flexible and no one coalition is or has the answer to all situations.” • Secretary of Defense, Donald Rumsfeld • “Whenever possible we must seek to operate alongside alliance or coalition forces, integrating their capabilities and capitalizing on their strengths.” • U.S. National Security Strategy • “Currently, there is no automated capability for passing command and control information and situational awareness information between nations except by liaison officer, fax, telephone, or loaning equipment.” • Undersecretary of Defense for Advanced Technology

  6. The Dynamic Coalition Problem • Dynamic Coalition Problem (DCP) is the Inherent Security, Resource, and/or Information Sharing Risks that Occur as a Result of the Coalition Being Formed Quickly • Private Organizations (PVO) • Doctors Without Boarders • Red Cross • Non-Government Organizations (NGO) • NYPD • Government Agencies • FBI • CIA • Military

  7. Supporting Advanced ApplicationsDCP Objectives for Crisis • Federate Users Quickly and Dynamically • Bring Together Resources (Legacy, COTs, GOTs, DBs, etc.) Without Modification • Dynamically Realize/Manage Simultaneous Crises • Identify Users by Roles to Finely Tune Access • Authorize, Authenticate, and Enforce a Scalable Security Policy that is Flexible in Response to Collation Needs • Provide a Security Solution that is Portable, Extensible, and Redundant for Survivability • Include Management/Introspection Capabilities to Track and Monitor System Behavior

  8. The Dynamic Coalition ProblemCoalition Architecture Clients Using Services Resources Provide Services NATO SYS Federal Agencies (FEMA, FBI, CIA, etc.) Client COTS U.S. Army LFCS (Canada) Client U.S. Navy SICF (France) Client French Air Force Client HEROS (Germany) U.S. Legacy System SIACCON (Italy) NATO Database Client NGO/PVO Resource German NGO/PVO (Red Cross, NYPD, etc.) Client GCCS (US) COTS Client

  9. The Dynamic Coalition ProblemJoint and Combined Information Flow GCCS GCCS-A CORPS ABCS MCS XX DIV FAADC2I MCS CSSCS AFATDS ASAS X BDE BSA TOC MCS X X | | | | BN BN | | MCS MCS CO FBCB2 Common Operating Environment Combined: Many Countries ARMY Joint Task Force Adjacent Marines Navy Coalition Partners Air Force GCCS-M GCCS-N GCCS-AF NATO Systems TCO JMCIS TBMCS Coalition Systems Joint - Marines, Navy, Air Force, Army

  10. The Dynamic Coalition ProblemCombined Information Flow Logistics GCCS - Joint/Coalition - Maneuver Air Defense/Air Operations Fire Support Combined Database Intelligence Network and Resource Management

  11. The Dynamic Coalition ProblemCoalition Artifacts and Information Flow U.S. Global C2 Systems Air Force Navy Joint Command System Battle Management System NGO/ PVO GCCS U.N. Army Battle Command System Combat Operations System NATO U.S.A Army Marine Corps Dynamic Coalition AFATDS FADD GOAL: Leverage information in a fluid, dynamic environment ASAS GCCS-A ABCS CSSCS MCS Other Army C2

  12. The Dynamic Coalition ProblemGlobal Command and Control System GCCS Provides: - Horizontal and Vertical Integration of Information to Produce a Common Picture of the Battlefield - 20 separate automated systems - 625 locations worldwide - private network Situational Awareness GLOBAL C2 SYSTEMS MOBILE SUBSCRIBER EQUIPMENT DATA RADIO SATELLITE MISSION PLANNING MET SUPPORT INTEL SATCOM MANEUVER CONTROL X X AIR DEFENCE ARTY TOPO Client/Server MET MISSION PLANNING AIR DEFENCE SUPPORT INTEL X MANEUVER CONTROL Client/Server SATCOM ARTY TOPO Company AIR DEFENCE FBCB2 /EBC SUPPORT INTEL Platoon Client/Server ARTY Tactical Internet MANEUVER CONTROL BATTLEFIELD C2 SYSTEM EMBEDDED BATTLE COMMAND SATCOM FBCB2 /EBC Squad MOBILE SUBSCRIBER EQUIPMENT

  13. The Dynamic Coalition ProblemGlobal Command and Control System Joint Services : a.k.a Weather METOC Video Teleconference TLCF Joint Operations Planning and Execution System JOPES Common Operational Picture COP Transportation Flow Analysis JFAST Logistics Planning Tool LOGSAFE Defense Message System DMS NATO Message System CRONOS Component Services : Army Battle Command System ABCS Air Force Battle Management System TBMCS Marine Combat Operations System TCO JMCIS Navy Command System

  14. The Dynamic Coalition ProblemGlobal Command and Control System Common Picture Common Operational Picture

  15. The Dynamic Coalition ProblemGCCS Shortfalls: User Roles • Currently, GCCS Users have Static Profile Based on Position/Supervisor/Clearance Level • Granularity Gives “Too Much Access” • Profile Changes are Difficult to Make - Changes Done by System Admin. Not Security Officer • What Can User Roles Offer to GCCS? • User Roles are Valuable Since They Allow Privileges to be Based on Responsibilities • Security Officer Controls Requirements • Support for Dynamic Changes in Privileges • Towards Least Privilege

  16. The Dynamic Coalition ProblemGCCS Shortfalls: Time Controlled Access • Currently, in GCCS, User Profiles are Indefinite with Respect to Time • Longer than a Single Crisis • Difficult to Distinguish in Multiple Crises • No Time Controllable Access on Users or GCCS Resources • What can Time Constrained Access offer GCCS? • Junior Planners - Air Movements of Equipment Weeks before Deployment • Senior Planners - Adjustment in Air Movements Near and During Deployment • Similar Actions are Constrained by Time Based on Role

  17. The Dynamic Coalition ProblemGCCS Shortfalls: Value Based Access • Currently, in GCCS, Controlled Access Based on Information Values Difficult to Achieve • Unlimited Viewing of Common Operational Picture (COP) • Unlimited Access to Movement Information • Attempts to Constrain would have to be Programmatic - which is Problematic! • What can Value-Based Access Offer to GCCS? • In COP • Constrain Display of Friendly and Enemy Positions • Limit Map Coordinates Displayed • Limit Tier of Display (Deployment, Weather, etc.)

  18. The Dynamic Coalition ProblemGCCS Shortfalls: Federation Needs • Currently, GCCS is Difficult to Use for DCP • Difficult to Federate Users and Resources • U.S. Only system • Incompatibility in Joint and Common Contexts • Private Network (Not Multi-Level Secure) • What are Security/Federation Needs for GCCS? • Quick Admin. While Still Constraining US and Non-US Access • Employ Middleware for Flexibility/Robustness • Security Definition/Enforcement Framework • Extend GCCS for Coalition Compatibility that Respects Coalition and US Security Policies

  19. Information Sharing and SecurityFederated Resources RESOURCES Command&Control Vehicles Army Airborne Command & Control System Army Battle Command System Embedded Command System JSTARS Unmanned Aerial Vehicle Satellites INTEL FUSION Embedded Battle Command FIELD ARTILLERY Embedded Battle Command AIR DEFENCE Embedded Battle Command MANEUVER CONTROL Embedded Battle Command ABCS Common Picture PERSONNEL AND LOGISTICS Embedded Battle Command Bradley / EBC Embedded Battle Command Fwd Support Element Ammo/Fuel Refit

  20. Information Sharing and SecuritySyntactic Considerations • Syntax is Structure and Format of the Information That is Needed to Support a Coalition • Incorrect Structure or Format Could Result in Simple Error Message to Catastrophic Event • For Sharing, Strict Formats Need to be Maintained • In US Military, Message Formats Include • Heading and Ending Section • United States Message Text Formats (USMTF) • 128 Different Message Formats • Text Body of Actual Message • Problem: Formats Non-Standard Across Different Branches of Military and Countries

  21. Information Sharing and SecuritySemantics Concerns • Semantics (Meaning and Interpretation) • USMTF - Different Format, Different Meaning • Each of 128 Messages has Semantic Interpretation • Communicate Logistical, Intelligence, and Operational Information • Semantic Problems • NATO and US - Different Message Formats • Different Interpretation of Values • Distances (Miles vs. Kilometers) • Grid Coordinates (Mils, Degrees) • Maps (Grid, True, and Magnetic North)

  22. Information Sharing and SecurityPragmatics Issues • Pragmatics - The Way that Information is Utilized and Understood in its Specific Context • For Example, in GCCS

  23. Information Sharing and Security Pragmatics Issues GBS DSCS DR DR DR Node Estimate Current FDD laydown has 53 autonomous Command Post/TOCs (i.e., nodes) For a full Corps >200 nodes 299ENG DR GBS GBS CMDRBCV TAC DR SEN GBS SEN DISCOM DR DR GBS DR DR VTel DIV REAR BVTC 1st BDE MVR BN SINCGARS (FS) EPLRS (AD) Info/Intel/Plans GBS BVTC BVTC GBS Sustainment DR DR SEN BVTC XX GBS DR DR GBS MVR BN Mobility GBS BVTC 204FSB Relay GBS DR SEN GBS TGT/Fires DR DR BVTC 704MSB GBS GBS DR DR MVR BN SINCGARS (FS) EPLRS (AD) GBS 4-42FA SEN LEN XXX X DR SEN DR DR GBS DIVARTY DR 588ENG GBS DR BVTC GBS CMDRBCV TAC SINCGARS (FS) EPLRS (AD) HCLOS Basic Distribution Requirement • Distribution Polices • Automation & Notification • User Controls • Transport Mechanisms • System and Process Monitors • Security, Logs, and Archives SEN DR DR GBS DR DR XX Division Slice 2nd BDE MVR BN GBS BVTC DR GBS DR DR DR GBS SEN 124th SIG BN GBS DR DR C2V MVR BN GBS 4 FSB Relay HCLOS DIV CDR DR DR Theater Injection Point (TIP) DR GBS DR DR MVR BN GBS GBS A2C2S 3-16FA XXX SEN SEN X GBS GBS VTel DIV CDR DMAIN DR DR DR BVTC SINCGARS (FS) EPLRS (AD) 4ENG DR DR GBS CMDRBCV GBS TAC SEN GBS DR DR 404 ASB SEN DR DR GBS MVR BN GBS 3rd BDE BVTC XX DR DR DR DR SEN SEN GBS GBS DR DR 4th BDE DTAC 1 Distribution Policy SEN MVR BN GBS DR DR GBS BVTC BVTC SINCGARS (FS) EPLRS (AD) SINCGARS (FS) EPLRS (AD) 64 FSB Relay DR DR • What • When • Where • How - Prioritized - Encrypted - Network MVR BN GBS GBS DR DR GBS DR DR DR DR GBS GBS 3-29FA SEN 1/4 AVN BN 2/4 AVN BN 9-1FA DR DR GBS 1/10CAV 1/10 CAV Sqdn CMDRBCV Note: 3rd BDE not part of 1DD in Sep 2000. • Pragmatics in GCCS

  24. Information Sharing and SecurityData Integrity • Concerns: Consistency, Accuracy, Reliability • Accidental Errors • Crashes, Concurrent Access, Logical Errors • Actions: • Integrity Constraints • GUIs • Redundancy • Malicious Errors • Not Totally Preventable • Actions: • Authorization, Authentication, Enforcement Policy • Concurrent Updates to Backup DBs • Dual Homing

  25. Information Sharing and Security Discretionary Access Control • What is Discretionary Access Control (DAC)? • Restricts Access to Objects Based on the Identity of Group and /or Subject • Discretion with Access Permissions Supports the Ability to “Pass-on” Permissions • DAC and DCP • Pass on from Subject to Subject is a Problem • Information Could be Passed from Subject (Owner) to Subject to Party Who Should be Restricted • For Example, • Local Commanders Can’t Release Information • Rely on Discretion by Foreign Disclosure Officer • Pass on of DAC Must be Carefully Controlled!

  26. Information Sharing and Security Role Based Access Control • What is Role Based Access Control (RBAC)? • Roles Provide Means for Permissions to Objects, Resources, Based on Responsibilities • Users May have Multiple Roles Each with Different Set of Permissions • Role-Based Security Policy Flexible in both Management and Usage • Issues for RBAC and DCP • Who Creates the Roles? • Who Determines Permissions (Access)? • Who Assigns Users to Roles? • Are there Constraints Placed on Users Within Those Roles?

  27. Information Sharing and Security Mandatory Access Control • What is Mandatory Access Control (MAC)? • Restrict Access to Information, Resources, Based on Sensitivity Level (Classification) Classified Information - MAC Required • If Clearance (of User) Dominates Classification, Access is Allowed • MAC and DCP • MAC will be Present in Coalition Assets • Need to Support MAC of US and Partners • Partners have Different Levels/Labels • Need to Reconcile Levels/Labels of Coalition Partners (which Include Past Adversaries!)

  28. Information Sharing and SecurityOther Issues • Intrusion Detection • Not Prevention • Intrusion Types: • Trojan Horse, Data Manipulation, Snooping • Defense: • Tracking and Accountability • Survivability • Reliability and Accessibility • Defense: • Redundancy • Cryptography • Fundamental to Security • Implementation Details (key distribution)

  29. Candidate Security ApproachSoftware Architecture Global Clock Resource (GCR) Security Policy Client (SPC) Wrapped Wrapped General Lookup Resource Resource COTS Resource for Database for COTS Service Client Application Security Authorization Client (SAC) Application Wrapped Resource for Legacy Application Lookup Service Unified Security Resource (USR) Security Policy Services Security Authorization Services Security Registration Services Security Analysis and Tracking (SAT) Database Client Java Client Software Agent Legacy Client

  30. Candidate Security ApproachEnforcement Framework 1 Register_Client(DoRight,100.150.200.250, ArmyLogCR1) 2 Verify_UR(DoRight,ArmyLogCR1) 3 Client OK? 4 Return Result,Create_Token(DoRight,ArmyLogCR1,Token) 6 CrisisPicture(Token,CR1, NA20, NC40) 5. Discover/Lookup(GCCS,Joint,CrisisPicture) Returns Proxy to Course Client 11 Return Result,CrisisPicture(…) 7 IsClient_Registered(Token) 8 Return Result of IsClient_Registered(…) GCCS Client Security Registration Services USR Security Authorization Services Lookup Service Global Clock Tracking Tool 9 Check_Privileges(Token, GCCS, Joint, CrisisPicture, [NA20,NC40]) GCCS Resource Security Policy Services 10 Return Result of Check_Privileges(…)

  31. Candidate Security ApproachSecurity Assurance Checks Start Constraint-Based Assurance Checks Required User-Authentication Check Yes Authentication Successful No Authentication Unsuccessful (to error handler) No Mandatory Access Control Check Time Constraint Check Value Constraint Check Yes Authorization Successful (continue process) Yes Yes No No No Authorization Unsuccessful (to error handler)

  32. Conclusions and Ongoing Work • Explored Information Sharing Issues • Defined the Dynamic Coalition Problem • Discussed Coalition Participants • Examined GCCS and Needed Improvements • Offered Candidate Security Approach • Related/Ongoing Research Includes • Support for Mandatory Access Controls • Role Deconfliction and Mutual Exclusion • User Constraints • User Role Delegation Authority • www.engr.uconn.edu/~steve/DSEC/dsec.html

More Related