Security architecture for system wide information management

Air Traffic Service Providers (ATSPs) are embarking on a transition of their information systems to a new paradigm of System Wide Information Management (SWIM). SWIM defines an enterprise-wide open, flexible, modular, manageable and secure architecture that is transparent to users. Information sharing, including real-time capability, enables operational improvements and facilitates a reduction in the overall cost of operation and maintenance. SWIM enables decision support systems that connect many stakeholders including the ATSPs and the Airline Operations Centers. For the National Airspace System (NAS), SWIM also facilitates information sharing between with other agencies such as the Department of Homeland Security (DHS). Due to the increased interconnection of ATSP systems and connections to outside enterprises and agencies, security requirements have expanded. New SWIM applications will be written using new technologies. Adapters will be developed to connect legacy applications. The new technologies introduced by SWIM allow a more standardized approach to security, while supporting existing security mechanisms in legacy applications. This paper proposes a security architecture for SWIM, including Identity and Access Management, Registry-Directory-Naming services security, Messaging security, Digital Rights Management and Security Information Management. It also describes the security requirements for the Common Data Transport (CDT) that underlies SWIM, including link and network security, firewalls and intrusion detection systems.