Homeland Security Issues and Solutions - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Homeland Security Issues and Solutions

Description:

Delivering Critical Data in Timely Fashion for DC ... Critical to Understand the Security Issues for Users and System of Dynamic Coalitions ... – PowerPoint PPT presentation

Number of Views:61
Avg rating:3.0/5.0
Slides: 14
Provided by: chipph
Category:

less

Transcript and Presenter's Notes

Title: Homeland Security Issues and Solutions


1
Homeland Security Issues and Solutions
Prof. Steven A. Demurjian, Sr. Director, CSE
Graduate Program Computer Science Engineering
Department The University of Connecticut Storrs,
CT 06269-3155
steve_at_engr.uconn.edu http//www.engr.uconn.edu/st
eve http//www.engr.uconn.edu/steve/DSEC/dsec.htm
l (860) 486 - 4818
Lt. Col. Charles E. Phillips, Jr. Dept. of
Electrical Engineering and Computer
Science United States Military Academy West
Point, NY
Charles.Phillips_at_usma.edu (845) 938 -
5564 (Instructor at USMA/Ph.D. Student at UConn)
2
Dynamic Coalition for Homeland Security
  • Crisis
  • Any Situation Requiring National or International
    Attention
  • Coalition
  • Alliance of Organizations
  • Military, Civilian, International or any
    Combination
  • Dynamic Coalition
  • Formed in a Crisis and Changes as Crisis Develops
  • Key Concern Being the Most Effective way to Solve
    the Crisis
  • Dynamic Coalition Problem (DCP)
  • Security, Resource, and Information Sharing Risks
    that Occur as a Result of Coalition Being Formed
    Quickly

3
DC for Military Deployment/Engagement
OBJECTIVES Securely Leverage Information in a
Fluid Environment Protect Information While
Simultaneously Promoting the Coalition Security
Infrastructure in Support of DCP
SICF France
LFCS Canada
HEROS Germany
SIACCON Italy
4
DC for Medical Emergency
Transportation
Military Medics
Govt.
Local Health Care
CDC
ISSUES Privacy vs. Availability in Medical
Records Support Life-Threatening Situations via
Availability of Patient Data on Demand
5
Security Issues Information Access and Flow
  • What are the Security Requirements for Each User
    in DC Information at What Times?
  • What Information Needs to Be Sent (Pushed) to
    Which Users at What Time (Regular Intervals)?
  • Delivering Critical Data in Timely Fashion for DC
  • Correct and Consistent Information at Right Time
  • What Information Needs to Be Available On-demand
    (Pulled) to Which Users at What Time?
  • Satisfying Dynamic Data Requirements for DC
  • Exactly Enough Information and No More
  • Can we Support User Privileges that Change Based
    on the Context and State of DC?

6
Security Issues System Considerations
  • How Does Distribution of a DC Affect Security
    Policy Definition and Enforcement?
  • Are Security Handlers/Enforcement Mechanisms of
    DC Centralized and/or Distributed for Multiple
    Policies?
  • Are there Reusable Security Components that Can
    Be Composed on Demand to Support DC?
  • Support for RBAC, DAC, and/or MAC?
  • What is the Impact of Legacy/COTs/GOTs of a DC on
    Delivering the Information Securely?
  • At What Level, If Any, is Secure Access
    Available?
  • How is Security Added If it is Not Present?
  • What Techniques Are Needed to Control Access to
    Legacy/COTS?

7
Security Issues Different Approaches
  • Discretionary Access Control (DAC)
  • Restricts Access Based on Identity of
    Group/Subject
  • Discretion Supports the Pass-on of Permissions
  • Role-Based Access Control (RBAC)
  • Permissions Based on Responsibilities or Roles
  • Users may Play Multiple Roles Each
  • RBAC Flexible in both Management and Usage
  • Mandatory Access Control (MAC)
  • Restrict Access Based on Sensitivity Level (Top
    Secret, Secret, Confidential, Unclassified)
  • If Clearance of User Dominates Classification of
    Object, Access is Allowed
  • Homeland Security Likely Requires All Three at
    Times!

8
Security Issues Confidence in Security
  • Assurance
  • Are the Security Privileges for Each User of DC
    Adequate (and Limited) to Support their Needs?
  • What Guarantees are Given by the Security
    Infra-structure of DC in Order to Attain
  • Safety Nothing Bad Happens During Execution
  • Liveness All Good Things can Happen During
    Execution
  • Consistency
  • Are the Defined Security Privileges for Each User
    Internally Consistent? Least-Privilege Principle
  • Are the Defined Security Privileges for Related
    Users Globally Consistent? Mutual-Exclusion

9
Solution RBAC/MAC at Design Level
  • Security as First Class Citizen in the Design
    Process
  • Use Cases and Actors (Roles) Marked with Security
    Levels
  • Dynamic Assurance Checks to Insure that
    Connections Do Not ViolateMAC Rules

10
Solution UML-Based RBAC/MAC
Other Possibilities Reverse Engineer Existing
Policy to Logic Based Definition UML Model with
Security Capture all Security Requirements!
11
Solution Unifying RBAC/MAC
  • Interacting Software Artifacts
  • New/Existing Clients use APIs
  • Control Access to APIs by
  • Role (who)
  • Classification (MAC)
  • Time (when)
  • Data (what)
  • Delegation

NETWORK
Working Prototype Available using CORBA, JINI,
Java, Oracle
12
Solution Unifying RBAC/MAC
  • Security Model that Unifies RBAC/MAC with
    Method-Level Approach
  • Constraints using Role, MAC, Time, and Data
  • Customized Access to APIs of Artifacts
  • Contrast with Object Level Approach
  • Security Policy and Enforcement Assurance
  • Design Time (During Security Policy Definition)
    Security Assurance
  • Run Time (Executing Application) Security
    Enforcement
  • RBAC/MAC for a Distributed Setting (Middleware)
  • Flexible, Portable, Platform Independent
  • Security with Minimal/Controlled Impact

13
Concluding Remarks
  • Dynamic Coalitions will play a Critical Role in
    Homeland Security during Crisis Situations
  • Critical to Understand the Security Issues for
    Users and System of Dynamic Coalitions
  • At UConn, Multi-Faceted Approach to Security
  • Attaining Consistency and Assurance at Policy
    Definition and Enforcement
  • Capturing Security Requirements at Early Stages
    via UML Enhancements/Extensions
  • Providing a Security Infrastructure that Unifies
    RBAC and MAC for Distributed Setting
  • http//www.engr.uconn.edu/steve/DSEC/dsec.html
Write a Comment
User Comments (0)
About PowerShow.com