| Overview
It is generally accepted that traditional computer security mechanisms do not work well in the complex system-of-systems and ad hoc coalition teams which are representative of modern military engagements. The research in Technical Area 2 is intended to address these issues and to provide the fundamental security underpinnings for current and future operations, which will almost inevitably be based around coalitions. Key success criteria for security mechanisms to support such coalitions are that they:Enable rapid assembly of heterogeneous ad hoc teams;Adapt to dynamically changing missions, mobility patterns, teams, policies, and levels of trust;Operate with mobile, resource-constrained wireless networking without reliance on fixed infrastructures;Provide provable security properties and enforceable behaviour;Trade availability and capabiltiy with security in the operational context; and,Require minimal human intervention during coalition operations.The following amplifies on some of the research challenges in addressing these requirements.
Research Challenges:
Current and future military coalitions consist of partners who are heterogeneous in terms of technology, skills, interests, and trustworthiness. Typically these partners will come together in “communities of interest” (CoIs) perhaps only for a short period; they may normally have different goals, only sharing common goals whilst in the CoI. This imposes new requirements, e.g., the ability to negotiate interoperation between groups with different security policies to form a CoI, and the ability to make security policy decisions on-line in real-time, not as design-time activities. Coalition systems of systems must maintain secure operation while the underlying network self-organizes, during highly mobile and dynamic missions, with both unreliable and intermittent connectivity, without centralized security services, under severe resource constraints, and with significant risk of node capture or subversion.
In general, current security mechanisms will not scale, or be effective, in future systems of systems; the primary aim of this work strand is to “challenge the orthodoxy” and to propose radical new approaches to security that are appropriate for this new era. One specific aspect of this unorthodox approach is to support the inevitable move from design-time to operational-time decision making.
Research Approach
The research is conducted in three projects with distinct but mutually supportive aims. The three areas are:
Policy Based Security Management for Coalition Environments (Project 4) - developing policy frameworks and implementation mechanisms which are effective in support of dynamic CoIs;
Efficient Security Techniques for Information Flows in Coalition Environments (Project 5) - developing security architectures and mechanisms to provide adaptive security in a complex system of systems;
Dynamic Trust and Risk in Coalition Environments (Project 6) - developing risk-based security management techniques so risk can be assessed in operation, to enable dynamically changing CoIs.
We now discuss each project in more detail.
Project 4 – Policy Based Security Management for Coalition Environments: The overall goal of this project is to develop technologies to provide adaptive security in a complex system of systems, focusing on supporting the rapid assembly of CoIs. Project 4 addresses policy-based security management and is intended to provide mechanisms for adapting system behaviors to meet high-level user-specified security goals, by adaptive control of lower level mechanisms. This requires support for end-to-end policy mechanisms that can take into account the current state of the system along with trust and risk factors pertinent to that state.
The policy-based security mechanisms must work in a resource-constrained environment without centralized security services and with uncertain connectivity. The aim is to enable high levels of agility so that CoIs can be assembled or restructured rapidly. The current inability to quickly negotiate and dynamically adjust security policies among coalition elements is a key inhibitor to effective collaboration.
The research issues include:
The automatic (with minimal human input) refinement of policies and the interleaving of analysis and refinement
The determination of whether policies are implementable within a given system context;
The specification and analysis of policies for security management of mobile CoIs;
Making access control more flexible and adaptive to dynamic situations, by incorporating risk;
Updating policies in a dynamic, decentralized, and (possibly) disconnected environment.
Military coalitions need the ability to negotiate and adjust security policies among coalition elements in tactical time scales. Addressing the above problems will greatly increase the agility of coalition operations, and contribute substantially to the radical change in security management which is necessitated in current and future coalition operations.
Project 5 – Efficient Security Techniques for Information Flows in Coalition Environments: The overall goal of this project is to develop security architectures and key mechanisms to provide adaptive security in a complex system of systems, and to support the rapid assembly of CoIs. To provide appropriate security infrastructures to enable formation and information sharing within a CoI, it is necessary to consider networks which are self-organizing, self-discovering, rapidly changing in topology and without centralized control. Network elements are likely to be severely constrained, in terms of memory, processing power, bandwidth and connectivity. The ability to secure communications between devices from different security domains, at military tempo, poses great challenges to traditional approaches to achieving security.
This project sets out to develop three key technologies:
Lightweight security infrastructures to facilitate secure CoI formation and operation;
Secure data aggregation and outsourced computation; and
Techniques to enable secure information flows balancing risk against trust and operational benefit.
Each of these issues is addressed by a single task within the project.
Project 6 – Dynamic Trust and Risk in Coalition Environments: The overall goal of this project is to develop risk-based security management techniques for CoIs to support dynamic changes to the membership of CoIs. This work seeks to enable a shift from design-time to operational security risk decision making.
Many of the familiar assumptions that have dominated traditional security thinking and modeling do not hold for current and future operations. In modern coalition, we will be forced to collaborate with organisations in whom we may have varying degrees of confidence. Worse, information about those risks will be hard to come by and may decay as the CoI evolves rapidly to meet operational needs. The dynamic coalition world is far more challenging than that inhabited by current systems, meaning that risks must be continuously assessed in operation.
Project 6 seeks to develop approaches where risk is continuously managed and assessed using security attributes and other risk-relevant information. The approach recognizes that information on which risk-related decisions are based may be imperfect, or stale; nonetheless decision making must still be carried out on a principled, rigorous and auditable basis. Furthermore, the research must acknowledge that the emergent behavior arising from choices of security mechanism and policy cannot be fully pre-determined, and that techniques will be needed for discovering and evolving appropriate security policies.
The three Project 6 tasks challenge established orthodoxy in different ways; between them the tasks should provide part of the fundamental underpinning necessary to put the risk-based secure operation of CoIs on a sound footing.
|
