High Assurance information exchange based on Publish-Subscribe and ABAC methods

The presented effort employs a combination of publish-subscribe distribution and ABAC (Attribute Based Access Control) methods to control the information exchange between security domains. It follows strictly the "separation of duty" principle so a message router only has infrastructure duties while the identity management entity deals with management of authorizations and security policies. The presented work also implements a novel model for message protection and subject authorization. One characteristic of the resulting transfer protocol is that an external bump-on-the-wire device can verify the integrity of the messages and that the security policies are observed. This device can be carefully constructed for the purpose of high assurance and offer fail-safe mechanism in case the message router is malfunctioning or compromised.

[1]  Anders Fongen,et al.  Federated Identity Management in a Tactical Multi-Domain Network , 2011 .

[2]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[3]  K. Wrona,et al.  Development of high assurance guards for NATO , 2012, 2012 Military Communications and Information Systems Conference (MCC).

[4]  Alessandro Armando,et al.  Content-based information protection and release in NATO operations , 2013, SACMAT '13.

[5]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[6]  Anders Fongen,et al.  Identity Management and Integrity Protection in Publish-Subscribe Systems , 2013, IDMAN.

[7]  Anders Fongen,et al.  Trusted Service Discovery through Identity Management , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[8]  Anders Fongen,et al.  Communities of Trust in Tactical Coalition Networks , 2014, 2014 IEEE Military Communications Conference.