Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Constraint Analysis for Security Policy Partitioning Over Tactical Service Oriented Architectures

  • Conference paper
  • First Online:
Advances in Network Systems (iNetSApp 2015)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 461))

Abstract

Tactical networks are typically of an ad-hoc nature operating in highly restricted environments and constrained resources. The frequent presence of communication disruptions and network partitioning must also be expected and managed, while core functionalities must be maintained, providing asynchronous invocation and access to services in a distributed manner. Supporting the required functionalities of the contemporary tactical environment, requires the dynamic evaluation of security policies, incorporating semantic knowledge from various network layers, together with facts and rules that are defined axiomatically a priori. However, the required basis for such policy decisions can be excessively extended and dynamic. Thus, it is desirable to locally minimize the scope of the policy maximizing efficiency. In this paper, we therefore analyze criteria and optimization goals for the a priori distribution and partitioning of security policies, ensuring the continuous support of the required capabilities, given the operational tasks of each deployed actor.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Horne, G., Leonardi, M.: Maneuver warfare science 2001 (2001)

    Google Scholar 

  2. Bar-Noy, A., Cirincione, G. Govindan, R. Krishnamurthy, S., LaPorta, T., Mohapatra, P., Neely, M., Yener, A.: Quality-of-information aware networking for tactical military networks. In: 2011 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 2–7, Mar 2011

    Google Scholar 

  3. Burbank, J., Chimento, P., Haberman, B., Kasch, W.: Key challenges of military tactical networking and the elusive promise of manet technology. IEEE Commun. Mag. 44, 39–45 (2006)

    Article  Google Scholar 

  4. Elmasry, G.: A comparative review of commercial versus tactical wireless networks. IEEE Commun. Mag. 48, 54–59 (2010)

    Article  Google Scholar 

  5. Shi, V.: Evaluating the performability of tactical communications networks. IEEE Trans. Veh. Technol. 53, 253–260 (2004)

    Article  Google Scholar 

  6. Moffat, J.: Adapting Modeling & Simulation for Network Enabled Operations (2011)

    Google Scholar 

  7. Alberts, D.S., Hayes, R.E.: Power to the Edge (2003)

    Google Scholar 

  8. Smith, E.A.: Complexity, Networking, and Effects-Based Approaches to Operations (2006)

    Google Scholar 

  9. Lund, K., Eggen, A., Hadzic, D., Hafsoe, T., Johnsen, F.: Using web services to realize service oriented architecture in military communication networks. IEEE Commun. Mag. 45, 47–53 (2007)

    Article  Google Scholar 

  10. Johnsen, F., Bloebaum, T., Schenkels, L., Fiske, R., Van Selm, M., de Sortis, V., van der Zanden, A., Sliwa, J., Caban, P.: Soa over disadvantaged grids experiment and demonstrator. In: Communications and Information Systems Conference (MCC), 2012 Military, pp. 1–8, Oct 2012

    Google Scholar 

  11. Suri, N.: Dynamic service-oriented architectures for tactical edge networks. In: Proceedings of the 4th Workshop on Emerging Web Services Technology, WEWST ’09, pp. 3–10. ACM, New York, NY, USA (2009)

    Google Scholar 

  12. IST-090 Task Group, Service oriented architecture (SOA) challenges for real time and disadvantaged grid (IST-090). https://www.cso.nato.int/Activity_Meta.asp?ACT=1830, Apr 2014

  13. IST-118 Task Group, SOA recommendations for disadvantaged grids in the tactical domain (IST-118). https://www.cso.nato.int/ACTIVITY_META.asp?ACT=2293

  14. Maule, R., Lewis, W.: Security for distributed soa at the tactical edge. In: Military Communications Conference, 2010—MILCOM 2010, pp. 13–18, Oct 2010

    Google Scholar 

  15. Mayott, G., Self, M., Miller, G.J., McDonnell, J.S.: Soa approach to battle command: simulation interoperability (2010)

    Google Scholar 

  16. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lupu, E., Lobo, J. (eds.) Policies for Distributed Systems and Networks, Lecture Notes in Computer Science, vol. 1995, pp. 18–38. Springer, Berlin (2001)

    Google Scholar 

  17. OASIS, Oasis security services (saml) tc

    Google Scholar 

  18. Ramli, C.D.P.K., Nielson, H.R., Nielson, F.: The logic of XACML. Sci. Comput. Prog. 83, 80–105 (2014)

    Article  Google Scholar 

  19. Li, N., Mitchell, J., Winsborough, W.: Design of a role-based trust-management framework. In: Proceedings. 2002 IEEE Symposium on Security and Privacy, 2002, pp. 114–130 (2002)

    Google Scholar 

  20. Becker, M., Sewell, P.: Cassandra: distributed access control policies with tunable expressiveness. In: Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004, pp. 159–168, June 2004

    Google Scholar 

  21. Nejdl, W., Olmedilla, D., Winslett, M.: Peertrust: Automated trust negotiation for peers on the semantic web. In: Jonker, W., Petkovi, M. (eds.) Secure Data Management, Lecture Notes in Computer Science, vol. 3178 pp. 118–132. Springer, Berlin (2004)

    Google Scholar 

  22. Czenko, M., Doumen, J., Etalle, S.: Trust management in p2p systems using standard tulip. In: Karabulut, Y., Mitchell, J., Herrmann, P., Jensen, C. (eds.) Trust Management II, FIP The International Federation for Information Processing, vol. 263 pp. 1–16, Springer, US (2008)

    Google Scholar 

  23. Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W.H., Thuraisingham, B.: ROWLBAC—representing role based access control in OWL. In: Proceedings of the 13th Symposium on Access control Models and Technologies, ACM Press, Estes Park, Colorado, USA, June 2008

    Google Scholar 

  24. Kagal, L., Finin, T., Paolucci, M., Srinivasan, N., Sycara, K., Denker, G.: Authorization and privacy for semantic web services. IEEE Intell. Syst. 19, 50–56 (2004)

    Article  Google Scholar 

  25. Uszok, A., Bradshaw, J.M., Johnson, M., Jeffers, R., Tate, A., Dalton, J., Aitken, S.: Kaos policy management for semantic web services. IEEE Intell. Syst. 19, 32–41 (2004)

    Article  Google Scholar 

  26. Kolter, J., Schillinger, R., Pernul, G.: Building a distributed semantic-aware security architecture. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments, IFIP International Federation for Information Processing, vol. 232 pp. 397–408. Springer, US (2007)

    Google Scholar 

  27. Ferrini, R., Bertino, E.: Supporting RBAC with XACML + OWL. In: Carminati, B., Joshi, J. (eds.) Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT ’09), pp. 145–154. ACM Press, Stresa, Italy, June 2009

    Google Scholar 

  28. Ben Brahim, M., Chaari, T., Ben Jemaa, M., Jmaiel, M.: Semantic matching of ws-securitypolicy assertions. In: Pallis, G., Jmaiel, M., Charfi, A., Graupner, S., Karabulut, Y., Guinea, S., Rosenberg, F., Sheng, Q., Pautasso, C., Ben Mokhtar, S. (eds.) Service-Oriented Computing-ICSOC 2011 Workshops, Lecture Notes in Computer Science, vol. 7221, pp. 114–130. Springer, Berlin (2012)

    Google Scholar 

  29. Helil, N., Rahman, K.: Extending xacml profile for rbac with semantic concepts. In: 2010 International Conference on Computer Application and System Modeling (ICCASM), vol. 10, pp. V10–69–V10–74, Oct 2010

    Google Scholar 

  30. Blanco, C., Lasheras, J., Valencia-Garcia, R., Fernandez-Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: 3rd International Conference on Availability, Reliability and Security, 2008. ARES 08, pp. 813–820, Mar 2008

    Google Scholar 

  31. Souag, A., Salinesi, C., Comyn-Wattiau, I.: Ontologies for security requirements: a literature survey and classification. In: Bajec, M., Eder, J. (eds.) Advanced Information Systems Engineering Workshops, Lecture Notes in Business Information Processing, vol. 112 pp. 61–69. Springer, Berlin (2012)

    Google Scholar 

  32. Nguyen, V.: Ontologies and information systems: a literature survey 6 (2011)

    Google Scholar 

  33. Kolovski, V., Parsia, B., Katz, Y., Hendler, J.: Representing web service policies in owl-dl. In: International Semantic Web Conference (ISWC), pp. 6–10 (2005)

    Google Scholar 

  34. Trivellato, D., Zannone, N., Glaundrup, M., Skowronek, J., Etalle, P.S.: A semantic security framework for systems of systems. Int. J. Coop. Inf. Syst. 22, 1–35 (2013)

    Article  Google Scholar 

  35. Gkioulos, V., Wolthusen, S.D.: Enabling dynamic security policy evaluation for service-oriented architectures in tactical networks. In: Accepted for presentation at Norwegian Information Security Conference 2015 (NISK-2015) (2015)

    Google Scholar 

  36. Nato Architecture Framework, NATO Capability View, NAF v3 NCV-2, June 2013

    Google Scholar 

  37. W3C Recommendation, OWL2-OVERVIEW OWL 2 Web Ontology Language Document Overview, 2nd Edn. http://www.w3.org/TR/2012/REC-owl2-overview-20121211/. Dec 2012

  38. Schneider, P.F.P., Hayes, P., Horrocks, I.: OWL-SEMANTICS OWL Web Ontology Language Semantics and Abstract Syntax. http://www.w3.org/TR/2004/REC-owl-semantics-20040210/. Feb 2004

  39. Motik, B., Grau, B.C., Horrocks, I., Wu, Z., Fokoue, A.: OWL2-PROFILES OWL 2 Web Ontology Language Profiles, 2nd edn. http://www.w3.org/TR/2012/REC-owl2-profiles-20121211/. Dec 2012

  40. Breton, R., Rousseau, R.: The future of c2 the c-ooda: a cognitive version of the ooda loop to represent c2 activities. Topic: C2 process modelling

    Google Scholar 

  41. Smith, E.A.: Effects Based Operations. Crisis, and War. Center for Advanced Concepts and Technology, Applying Network Centric Warfare in Peace (2002)

    Google Scholar 

  42. Harrison, F.: The Managerial Decision-Making Process-5th edn. South-Western College Pub (1998)

    Google Scholar 

  43. Veni, K.K., Balachandar, S.R.: Int. J. Math. Comput. Phys. Electr. Comput. Eng. 4(7), 1044–1048 (2010)

    Google Scholar 

  44. Balas, E., Glover, F., Zionts, S.: An additive algorithm for solving linear programs with zero-one variables. Oper. Res. 13(4), 517–549 (1965)

    Article  MathSciNet  Google Scholar 

  45. Frville, A.: The multidimensional 01 knapsack problem: an overview. Eur. J. Oper. Res. 155(1), 1–21 (2004)

    Article  Google Scholar 

  46. Ohkura, K., Igarashi, T., Ueda, K., Okauchi, S., Matsunaga, H.: A genetic algorithm approach to large scale combinatorial optimization problems in the advertising industry. In: Proceedings. 2001 8th IEEE International Conference on Emerging Technologies and Factory Automation, 2001, vol. 2, pp. 351–357, Oct 2001

    Google Scholar 

  47. Chu, P., Beasley, J.: A genetic algorithm for the multidimensional knapsack problem. J Heuristics 4(1), 63–86 (1998)

    Article  MATH  Google Scholar 

  48. Balas, E., Martin, C.H.: Pivot and complement heuristic for 0–1 programming. Manag. Sci. 26(1), 86–96 (1980)

    Google Scholar 

  49. Gavish, B., Pirkul, H.: Efficient algorithms for solving multiconstraint zero-one knapsack problems to optimality. Math. Program. 31(1), 78–105 (1985)

    Article  MathSciNet  MATH  Google Scholar 

  50. Gilmore, P.C., Gomory, R.E.: The theory and computation of knapsack functions. Oper. Res. 14(6), 1045–1074 (1966)

    Article  MathSciNet  MATH  Google Scholar 

  51. Osorio, M., Glover, F., Hammer, P.: Cutting and surrogate constraint analysis for improved multidimensional knapsack solutions. Ann. Oper. Res. 117(1–4), 71–93 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  52. Magazine, M., Oguz, O.: A heuristic algorithm for the multidimensional zero-one knapsack problem. Eur. J. Oper. Res. 16(3), 319–326 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  53. Volgenant, A., Zoon, J.A.: An improved heuristic for multidimensional 0–1 knapsack problems. J. Oper. Res. Soc. 41(10), 963–970 (1990)

    Article  MATH  Google Scholar 

  54. Weingartner, H.M., Ness, D.N.: Methods for the solution of the multidimensional 0/1 knapsack problem. Oper. Res. 15(1), 83–103 (1967)

    Article  Google Scholar 

  55. Caccetta, L., Kulanoot, A.: Computational aspects of hard knapsack problems. In: Proceedings of the Third World Congress of Nonlinear Analysts Nonlinear Analysis: Theory, Methods & Applications, vol. 47, no. 8, pp. 5547–5558 (2001)

    Google Scholar 

  56. Pisinger, D.: Where are the hard knapsack problems? Comput. Oper. Res. 32(9), 2271–2284 (2005)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgements

The results described in this work were obtained as part of the European Defence Agency project TACTICS (Tactical Service Oriented Architecture). The TACTICS project is jointly undertaken by Patria (FI), Thales Communications & Security (FR), Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie FKIE (DE), Thales Deutschland (DE), Finmeccanica (IT), Thales Italia (IT), Norwegian University of Science and Technology (NO), ITTI (PL), Military Communication Institute (PL), and their partners, supported by the respective national Ministries of Defence under EDA Contract No. B 0980.

Author information

Authors and Affiliations

  1. Norwegian Information Security Laboratory, Norwegian University of Science and Technology, Trondheim, Norway

    Vasileios Gkioulos & Stephen D. Wolthusen

  2. School of Mathematics and Information Security, Royal Holloway, University of London, London, UK

    Stephen D. Wolthusen

Authors
  1. Vasileios Gkioulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephen D. Wolthusen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vasileios Gkioulos .

Editor information

Editors and Affiliations

  1. Faculty of Mathematics and Information Science, Warsaw University of Technology, , Research and Development Center, Orange Polska, , Warszawa, Poland

    Maciej Grzenda

  2. Department of Computer Science, Electrical and Space Engineering, Luleå University of Technology, Faculty of Engineering, Al Azhar University, Luleå, Sweden

    Ali Ismail Awad

  3. Military University of Technology, Warszawa, Poland

    Janusz Furtak

  4. Faculty of Mathematics and Information Science , Warsaw University of Technology , Military University of Technology, Warszawa, Poland

    Jarosław Legierski

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing Switzerland

About this paper

Cite this paper

Gkioulos, V., Wolthusen, S.D. (2017). Constraint Analysis for Security Policy Partitioning Over Tactical Service Oriented Architectures. In: Grzenda, M., Awad, A., Furtak, J., Legierski , J. (eds) Advances in Network Systems . iNetSApp 2015. Advances in Intelligent Systems and Computing, vol 461. Springer, Cham. https://doi.org/10.1007/978-3-319-44354-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-44354-6_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-44352-2

  • Online ISBN: 978-3-319-44354-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation