Skip to main content
SpringerLink
Log in

A Security Policy Infrastructure for Tactical Service Oriented Architectures

  • Conference paper
  • First Online:
Security of Industrial Control Systems and Cyber-Physical Systems (CyberICPS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10166))

Abstract

Tactical networks are affected by multiple constraints related to the limited node characteristics and the availability of resources. These constraints within the highly dynamic tactical environment, impose significant limitations to the functionalities and efficiency of current generic security policy frameworks.

Earlier studies have provided a risk analysis of tactical service oriented architectures (SOA), and a set of fine-grained protection goals in correspondence to the aforementioned constraints. Furthermore, web ontology language has been identified as a suitable mediator towards the requirements and opportunities imposed by tactical SOA. Thus, in this article we present a security policy framework dedicated to tactical networks, as it has been developed within the project TACTICS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Gkioulos, V., Wolthusen, S.D.: Securing tactical service oriented architectures. In: 2nd International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC) (2016)

    Google Scholar 

  2. Aloisio, A., Autili, M., D’Angelo, A., Viidanoja, A., Leguay, J., Ginzler, T., Lampe, T., Spagnolo, L., Wolthusen, S.D., Flizikowski, A., Sliwa, J.: TACTICS: tactical service oriented architecture. CoRR, vol. abs/1504.07578 (2015)

    Google Scholar 

  3. Gkioulos, V., Wolthusen, S.D.: Enabling dynamic security policy evaluation for service-oriented architectures in tactical networks. In: Norwegian Information Security Conference 2015 (NISK-2015) (2015)

    Google Scholar 

  4. Gkioulos, V., Wolthusen, S.D.: Constraint analysis for security policy partitioning over tactical service oriented architectures. In: Advances in Networking Systems Architectures, Security, and Applications - of Springer’s Advances in Intelligent Systems and Computing (2015)

    Google Scholar 

  5. Gkioulos, V., Wolthusen, S.D.: Reconciliation of ontologically defined security policies for tactical service oriented architectures. In: International Conference on Future Network Systems and Security-FNSS (2016)

    Google Scholar 

  6. OASIS: OASIS Security Services (SAML) TC

    Google Scholar 

  7. Ramli, C.D.P.K., Nielson, H.R., Nielson, F.: The logic of XACML. Sci. Comput. Program. 83, 80–105 (2014)

    Article  Google Scholar 

  8. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lupu, E.C., Lobo, J. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001). doi:10.1007/3-540-44569-2_2

    Chapter  Google Scholar 

  9. Kagal, L., Finin, T., Paolucci, M., Srinivasan, N., Sycara, K., Denker, G.: Authorization and privacy for semantic web services. IEEE Intell. Syst. 19, 50–56 (2004)

    Article  Google Scholar 

  10. Uszok, A., Bradshaw, J.M., Johnson, M., Jeffers, R., Tate, A., Dalton, J., Aitken, S.: KAoS policy management for semantic web services. IEEE Intell. Syst. 19, 32–41 (2004)

    Article  Google Scholar 

  11. Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W.H., Thuraisingham, B.: ROWLBAC - representing role based access control in OWL. In: Proceedings of the 13th Symposium on Access control Models and Technologie, estes Park, Colorado, USA. ACM Press, June 2008

    Google Scholar 

  12. Kolter, J., Schillinger, R., Pernul, G.: Building a distributed semantic-aware security architecture. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., Solms, R. (eds.) SEC 2007. IIFIP, vol. 232, pp. 397–408. Springer, Boston, MA (2007). doi:10.1007/978-0-387-72367-9_34

    Chapter  Google Scholar 

  13. Trivellato, D., Zannone, N., Glaundrup, M., Skowronek, J., Etalle, P.S.: A semantic security framework for systems of systems. Int. J. Coop. Inf. Syst. 22, 1–35 (2013)

    Article  Google Scholar 

  14. Becker, M., Sewell, P.: Cassandra: distributed access control policies with tunable expressiveness. In: Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks. POLICY 2004, pp. 159–168, June 2004

    Google Scholar 

  15. Czenko, M., Doumen, J., Etalle, S.: Trust management in P2P systems using standard TuLiP. In: Karabulut, Y., Mitchell, J., Herrmann, P., Jensen, C.D. (eds.) IFIPTM 2008. ITIFIP, vol. 263, pp. 1–16. Springer, Boston, MA (2008). doi:10.1007/978-0-387-09428-1_1

    Chapter  Google Scholar 

  16. Li, N., Mitchell, J., Winsborough, W.: Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130 (2002)

    Google Scholar 

  17. Nejdl, W., Olmedilla, D., Winslett, M.: PeerTrust: automated trust negotiation for peers on the semantic web. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 118–132. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30073-1_9

    Chapter  Google Scholar 

  18. Lampe, T.A., Prasse, C., Diefenbach, A., Ginzler, T., Sliwa, J., McLaughlin, S.: TACTICS TSI Architecture. In: International Conference on Military Communications and Information Systems ICMCIS (2016)

    Google Scholar 

  19. Gkioulos, V., Flizikowski, A., Stachowicz, A., Nogalski, D., Gleba, K., Sliwa, J.: Interoperability of security and quality of service policies over tactical SOA. Submitted for review at: Military Communication conference-MILCOM (2016)

    Google Scholar 

  20. NATO: Nato c3 classification taxonomy, March 2012. https://www.act.nato.int/article-8a

  21. Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P.F. (eds.): The Description Logic Handbook: Theory, Implementation, and Applications. Cambridge University Press, New York (2003)

    MATH  Google Scholar 

Download references

Acknowledgments

The results described in this work were obtained as part of the European Defence Agency project TACTICS (Tactical Service Oriented Architecture). The TACTICS project is jointly undertaken by Patria (FI), Thales Communications & Security (FR), Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie FKIE (DE), Thales Deutschland (DE), Leonardo (IT), Thales Italia (IT), Norwegian University of Science and Technology (NO), ITTI (PL), Military Communication Institute (PL), and their partners, supported by the respective national Ministries of Defence under EDA Contract No. B 0980.

Author information

Authors and Affiliations

  1. Norwegian Information Security Laboratory, Norwegian University of Science and Technology, Gjøvik, Norway

    Vasileios Gkioulos & Stephen D. Wolthusen

  2. School of Mathematics and Information Security, Royal Holloway, University of London, Egham, UK

    Stephen D. Wolthusen

Authors
  1. Vasileios Gkioulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephen D. Wolthusen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vasileios Gkioulos .

Editor information

Editors and Affiliations

  1. Telecom Bretagne , Cesson Sevigne, France

    Nora Cuppens-Boulahia

  2. University of Piraeus , Piraeus, Greece

    Costas Lambrinoudakis

  3. Telecom Bretagne, Cesson Sevigne , France

    Frédéric Cuppens

  4. Norwegian University of Science & Technology, Gjøvik, Norway

    Sokratis Katsikas

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Gkioulos, V., Wolthusen, S.D. (2017). A Security Policy Infrastructure for Tactical Service Oriented Architectures. In: Cuppens-Boulahia, N., Lambrinoudakis, C., Cuppens, F., Katsikas, S. (eds) Security of Industrial Control Systems and Cyber-Physical Systems. CyberICPS 2016. Lecture Notes in Computer Science(), vol 10166. Springer, Cham. https://doi.org/10.1007/978-3-319-61437-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-61437-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-61436-6

  • Online ISBN: 978-3-319-61437-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation