Distributed security policies for service-oriented architectures over tactical networks

Whilst tactical networks must provide basic functionality over highly restricted networks including basic VHF links and should tolerate outright disruption and partitioning, it is highly desirable to provide access to richer services available within the tactical network, from higher-level units, or through cyber foraging. The resulting requirement to also invoke services asynchronously or to delegate authority while also incorporating constraints and obligations limits the effectiveness of conventional access control mechanisms. Centralised security policy decisions are also undesirable, and as policies will evolve over the course of a mission, mere replication is also insufficient. In this paper we describe a distributed security policy mechanism based on the tactical nodes´ specializations, where policies can be partitioned based on security domains, network layers and kinetic tasks represented by Boyd´s OODA-loop (Observe, Orient, Decide and Act loop). This permits security policy decisions incorporating services´ protection goals and constraints based on inference mechanisms dealing with mission´s current context.