Business & Economics

A security framework for systems of systems

A security framework for systems of systems
of 2
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
  A Security Framework for Systems of Systems Daniel Trivellato, Nicola Zannone Eindhoven University Of TechnologyEmail:  { d.trivellato, n.zannone } Sandro Etalle Eindhoven University Of TechnologyUniversity of TwenteEmail:  Abstract —Systems of systems consist of a wide variety of dynamic, distributed coalitions of autonomous and heterogeneoussystems that collaborate to achieve a common goal. While offeringseveral advantages in terms of scalability and flexibility, this newparadigm has a strong impact on system interoperability and onthe security requirements of collaborating parties. In this demowe present the prototype implementation of a security frameworkthat addresses the security challenges of systems of systems. I. I NTRODUCTION Systems of systems  (SoS) consist of dynamic coalitions of systems and services that collaborate to achieve a commongoal. Examples of such coalitions include Web Services, Mo-bile Ad-hoc Networks (MANETs), air traffic control systems,etc. Sharing sensitive information with other parties mightbe required for the success of a coalition; nevertheless, thisinformation should be accessed exclusively by authorizedparties, which may vary depending on the context (e.g.,in emergency situations). Furthermore, when heterogeneoussystems form dynamic coalitions that transgress the traditionalboundaries between organizational and cultural units, partieswill likely “speak” different languages and employ differentorganizational models.Several security frameworks for SoS have been proposed.These frameworks can be divided into two categories: se-mantic frameworks and trust management (TM) frameworks.Semantic frameworks rely on ontologies for the specificationof access control policies and the definition of domain knowl-edge. This enables interoperability among parties at the costof limiting the expressive power of the policy language. Onthe other hand, TM frameworks rely on an attribute-basedapproach to access control where access decision are based ondigital certificates, called credentials. TM frameworks employexpressive policy specification languages to ensure data con-fidentiality; however, they either require all parties in an SoSto use the same vocabulary, or do not provide a mechanismto align different vocabularies.In this demo we present the prototype implementationof the security framework for SoS that we are developingwithin the POSEIDON project ( framework combines context-aware access control withTM and ontology-based services [1], [2] to guarantee con-fidentiality of information (both data and security policies),autonomy and interoperability among parties in an SoS. Weshow an application of the framework to a coast surveillancescenario, where parties need to exchange sensitive informationto achieve situational awareness. Fig. 1. Security Framework Architecture II. S ECURITY  F RAMEWORK  A RCHITECTURE This section presents the security framework that is em-ployed by each party in the SoS to protect the local resources.An overview of the security framework’s architecture is shownin Fig. 1; the dashed line separates the local components (i.e.,the trusted environment of a party) from the external world.The  policy enforcement point   (PEP) is the interface of a party with the external world, and has three main tasks:(1) intercepting incoming requests for local resources, (2)contacting the appropriate  policy decision point   (PDP) toevaluate those requests, and (3) enforcing the decision of the PDP. Two types of requests are allowed:  access requests and  credential requests . Access requests are processed by the access control PDP  (AC PDP), while credential requests bythe  trust management PDP  (TM PDP).When it receives an access request, the AC PDP fetches therelevant authorization clauses through the  policy administra-tion point   (PAP). If the clauses depend on some credentials,the AC PDP requests them to the TM PDP, which takes overthe responsibility of retrieving them. Once all the necessarycredentials have been collected, they are asserted togetherwith the authorization clauses into the authorization engineto determine the access decision. Similarly to the AC PDP,upon receiving a request the TM PDP fetches the applicablecredential clauses and the locally available credentials throughthe PAP. The policy evaluation algorithm within the TM PDPdefines the procedure to compute the answers to a credentialrequest. In our framework we employ GEM [3], a policyevaluation algorithm that evaluates credential requests in acompletely distributed way without disclosing the policies of parties, thereby preserving their confidentiality. 2011 IEEE International Symposium on Policies for Distributed Systems and Networks 978-0-7695-4330-7/11 $26.00 © 2011 IEEEDOI 10.1109/POLICY.2011.16182  Both authorization and credential clauses are expressed inPOLIPO [1], a logic-based policy language that relies on on-tologies for enabling mutual understanding among parties. Inparticular, POLIPO uses ontologies in two ways: (a) to obtaindomain and context information relevant for an access decisionor credential release by means of ontology atoms in the bodyof clauses; (b) to provide a semantics to the attributes certifiedby credentials, which enables the use of semantic alignmenttechniques to map attributes defined in different ontologies.Ontology atoms are resolved by requesting their evaluation tothe  Knowledge Base  (KB) component, which consists of a setof ontologies defining the concepts employed in policies aswell as domain and context information. Attribute mappingrequests are evaluated by the  Semantic Alignment Evaluator  ,which implements the ontology alignment technique in [2].III. P ROTOTYPE  I MPLEMENTATION We have deployed a prototype implementation of the se-curity framework into an SoS in the Maritime Safety andSecurity (MSS) domain that has been developed within thePOSEIDON project. The POSEIDON SoS consists of fivetypes of systems: coastal AIS 1 receivers, sea-based AIS re-ceivers, the Internet, a Maritime Security Center (MSC),and patrol vessels. The AIS receivers capture AIS messagesbroadcasted by the ships transiting in their coverage areaand send those messages to the MSC for further processing.The MSC collects data from the various receivers, analyzesthem (e.g., for detecting anomalous behavior of ships), andintegrates them with further information from the Internet;the resulting information forms the KB of the MSC. Theinformation in the KB is used by the operators of both theMSC and patrol vessels to analyze the maritime traffic.In this demo we show an application of the security frame-work to a coast surveillance scenario, where the MSC and apatrol vessel of the coast guard collaborate to prevent illicitactivities off the Dutch coast. Every request to access theMSC’s KB, coming either from within the MSC or from thepatrol vessel, passes through the MSC’s security framework,which checks whether the requester possesses the requiredcredentials (possibly initiating a credential discovery process),and filters the response based on the security policy of theMSC. Communication among parties is via HTTP. Accord-ingly, we developed the PEP of the security framework as aweb proxy that intercepts all the HTTP requests and returnsan HTTP response in the appropriate format; this allowed usto deploy the framework without modifying the rest of thePOSEIDON SoS.We use Google Earth as visualization software; the view isupdated every 30 seconds to display the new data collectedby the AIS receivers. Fig. 2(a) and 2(b) show the output of the visualization for an operator of the MSC and an operatorof the patrol vessel respectively. In the visualization, iconsrepresent the current position of ships, and the color of a ship’s 1 The Automatic Identification System (AIS) is a short range coastal trackingsystem used for identifying and locating vessels.(a) Data View for an MSC Operator(b) Data View for a Patrol Vessel OperatorFig. 2. Data Views Filtered by Security Policies trajectory reflects the anomaly factor associated to that ship.In our scenario, MSC’s operators (Fig. 2(a)) are authorized tosee all the maritime traffic off the Dutch coast, while patrolvessel’s operators (Fig. 2(b)) are allowed to see only shipswith a high anomaly factor.IV. C ONCLUSIONS We have presented a security framework that providesconfidentiality of information, autonomy and interoperabilityof parties in dynamic coalitions of heterogeneous systems.The framework consists of a set of components implementedfollowing the service-oriented paradigm. This facilitates thedeployment of the framework into existing SoS, and allowsfor an easy integration of additional components to support theevaluation of policies and provide additional functionalities.  Acknowledgments .  This work has been carried out as part of the PO-SEIDON project under the responsibility of the Embedded Systems Institute(ESI). This project is partially supported by the Dutch Ministry of EconomicAffairs under the BSIK03021 program. R EFERENCES[1] D. Trivellato, F. Spiessens, N. Zannone, and S. Etalle, “POLIPO: Policies& OntoLogies for Interoperability, Portability, and autOnomy,” in  Proc.of POLICY’09 . IEEE Computer Society, 2009.[2] ——, “Reputation-Based Ontology Alignment for Autonomy and Inter-operability in Distributed Access Control,” in  Proc. of CSE ’09 , vol. 3.IEEE, 2009, pp. 252–258.[3] D. Trivellato, N. Zannone, and S. Etalle, “GEM: a Distributed GoalEvaluation Algorithm for Trust Management,” Eindhoven University of Technology, Tech. Rep. CS 10-15, 2010. 183
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks