Proc. SPIE. 9096, Open Architecture/Open Business Model Net-Centric Systems and Defense Transformation 2014
KEYWORDS: Control systems, Information technology, Information security, Systems modeling, Computer security, Plasma display panels, Defense and security, Social networks, Probability theory, Unmanned aerial vehicles
Service Oriented Architecture (SOA) has enabled open-architecture integration of applications within an enterprise. For net-centric Command and Control (C2), this elucidates information sharing between applications and users, a critical requirement for mission success. The Information Technology (IT) access control schemes, which arbitrate who gets access to what information, do not yet have the contextual knowledge to dynamically allow this information sharing to happen dynamically. The access control might prevent legitimate users from accessing information relevant to the current mission context, since this context may be very different from the context for which the access privileges were configured. We evaluate a pair of data relevance measures – proximity and risk – and use these as the basis of dynamic access control. Proximity is a measure of the strength of connection between the user and the resource. However, proximity is not sufficient, since some data might have a negative impact, if leaked, which far outweighs importance to the subject’s mission. For this, we use a risk measure to quantify the downside of data compromise. Given these contextual measures of proximity and risk, we investigate extending Attribute-Based Access Control (ABAC), which is used by the Department of Defense, and Role-Based Access Control (RBAC), which is widely used in the civilian market, so that these standards-based access control models are given contextual knowledge to enable dynamic information sharing. Furthermore, we consider the use of such a contextual access control scheme in a SOA-based environment, in particular for net-centric C2.
The Air Force Research Laboratory (AFRL) has developed a reference set of Information Management (IM) Services
that will provide an essential piece of the envisioned final Net-Centric IM solution for the Department of Defense (DoD).
These IM Services will provide mission critical functionality to enable seamless interoperability between existing and
future DoD systems and services while maintaining a highly available IM capability across the wide spectrum of
differing scalability and performance requirements.
AFRL designed this set of IM Services for integration with other DoD and commercial SOA environments. The services
developed will provide capabilities for information submission, information brokering and discovery, repository, query,
type management, dissemination, session management, authorization, service brokering and event notification. In
addition, the IM services support common information models that facilitate the management and dissemination of
information consistent with client needs and established policy. The services support flexible and extensible definitions
of session, service, and channel contexts that enable the application of Quality of Service (QoS) and security policies at
many levels within the SOA.