High assurance information exchange based on publish-subscribe and ABAC methods

Author
Fongen, Anders
Mancini, Federico
Date Issued
2014
Permalink
http://hdl.handle.net/20.500.12242/724
https://publications.ffi.no/123456789/724
DOI
10.1109/MILCOM.2014.45
Collection
Articles
Description
Fongen, Anders; Mancini, Federico. High assurance information exchange based on publish-subscribe and ABAC methods. MILCOM IEEE Military Communications Conference 2014 s. 242-248
1221306.pdf
Size: 738k
Abstract
The presented effort employs a combination of publish-subscribe distribution and ABAC (Attribute Based Access Control) methods to control the information exchange between security domains. It follows strictly the "separation of duty" principle so a message router only has infrastructure duties while the identity management entity deals with management of authorizations and security policies. The presented work also implements a novel model for message protection and subject authorization. One characteristic of the resulting transfer protocol is that an external bump-on-the-wire device can verify the integrity of the messages and that the security policies are observed. This device can be carefully constructed for the purpose of high assurance and offer fail-safe mechanism in case the message router is malfunctioning or compromised.
View Meta Data