The role of dynamic security policy in military scenarios.

The military organization is dependent on timely access to up-to-date, relevant and trustworthy information in order to conduct its business. Access to information is controlled by the user’s security clearance and the classification or protective marking of the data. Whilst it is necessary to preserve data confidentiality and integrity, controls have resulted in strict separation between different levels of security. This regime not only constrains the type and level of information sharing that can be achieved, more critically the speed at which access may be realized is impeded. The military is moving towards Network Enabled Capability (NEC) where the emphasis is on resource sharing within national contingents and on a coalition basis, facilitated by the Network. Future capability is predicated on the core attribute of agility. NEC is expected to enable the dynamic formation of communities of interest and the rapid reorganisation of resources as required by military commanders. This paper tests the assertion that the ability to express, verify and implement flexible security policy is essential to achieve the agility required. The assertion is tested through the practical application of a suitable security policy framework to a small but representative case study, the results of which will be of interest to system architects and decision makers alike.

[1]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[2]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[3]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[4]  H. Levenstein Paradox of plenty , 1993 .

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[6]  Sir William Rees-Mogg,et al.  The Sovereign Individual , 1998 .

[7]  Nicodemos Constantinou Damianou,et al.  A policy framework for management of distributed systems , 2002 .

[8]  Martín Abadi,et al.  Logic in access control , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[9]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[10]  Robert A. Gehring,et al.  Trusted Platforms, DRM, and Beyond , 2003, Digital Rights Management.

[11]  Montgomery McFate,et al.  The Military Utility of Understanding Adversary Culture , 2005 .

[12]  François Siewe,et al.  A compositional framework for the development of secure access control systems , 2005 .

[13]  Hussein Zedan,et al.  Analysis and Run-Time Verification of Dynamic Security Policies , 2005, DAMAS.

[14]  Inside the Global Jihad, How I Infiltrated Al Qaeda and Was Abandoned By Western Intelligence. , 2006 .

[15]  Hussein Zedan,et al.  A Compositional Event & Time-Based Policy Model , 2006, POLICY.

[16]  Helge Janicke The development of secure multi-agent systems , 2007 .