Title :
High Assurance information exchange based on Publish-Subscribe and ABAC methods
Author :
Fongen, Anders ; Mancini, Federico
Author_Institution :
Norwegian Defence Res. Establ. (FFI), Kjeller, Norway
Abstract :
The presented effort employs a combination of publish-subscribe distribution and ABAC (Attribute Based Access Control) methods to control the information exchange between security domains. It follows strictly the "separation of duty" principle so a message router only has infrastructure duties while the identity management entity deals with management of authorizations and security policies. The presented work also implements a novel model for message protection and subject authorization. One characteristic of the resulting transfer protocol is that an external bump-on-the-wire device can verify the integrity of the messages and that the security policies are observed. This device can be carefully constructed for the purpose of high assurance and offer fail-safe mechanism in case the message router is malfunctioning or compromised.
Keywords :
access control; authorisation; cryptographic protocols; message authentication; ABAC method; attribute based access control method; authorization policies; bump-on-the-wire device; fail-safe mechanism; high assurance information exchange; identity management; message protection; message router; publish-subscribe distribution; security domain; security policies; separation of duty principle; transfer protocol; Authorization; Receivers; Routing protocols; Subscriptions;
Conference_Titel :
Military Communications Conference (MILCOM), 2014 IEEE
Conference_Location :
Baltimore, MD
DOI :
10.1109/MILCOM.2014.45
