• DocumentCode
    1940547
  • Title

    Infrastructure for multi-level secure service-oriented architecture (MLS-SOA)

  • Author

    Luo, Jim ; Kang, Myong

  • Author_Institution
    Center for High Assurance Comput., Naval Res. Lab., Washington, DC, USA
  • fYear
    2010
  • fDate
    Oct. 31 2010-Nov. 3 2010
  • Firstpage
    475
  • Lastpage
    481
  • Abstract
    Service-oriented architecture (SOA) is the premier application framework for integrating complex heterogeneous computing systems in business and government. To utilize SOA in sensitive military systems, however, the issue of multi-level security (MLS) must be addressed. MLS requirements call for strict separation and limit interaction between classification levels. However, many Web services and resources reside in the Low domains. Support services such as weather forecasting, mapping, and procurement typically reside in the Unclassified level. There is strong desire from High clients and applications to make use of those services. This paper presents a framework for adding MLS capabilities to SOA systems. Specifically, it will allow clients in High to securely and transparently utilize resources in Low. It addresses MLS requirements by minimizing the potential risks for information leak and thwart inference attacks. It also provides privilege control capabilities to limit and manage interaction between High and Low at the infrastructure level. Since an overt channel is created from High to Low, cross domain SOA has to be used with caution where the functional benefits outweigh the security risk. MLS-SOA is a practical solution that leverages the existing MLS infrastructure and augments security. Cross-domain solutions (CDS) already in place will mediate traffic across domain boundaries. MLS-SOA will provide additional safeguards and control for domains, applications, and users in High that need to invoke services across domain boundaries.
  • Keywords
    military computing; military systems; security of data; service-oriented architecture; MLS-SOA; SOA systems; cross-domain solutions; heterogeneous computing systems; information leak; military systems; multilevel secure service-oriented architecture; security risk; thwart inference attacks; weather forecasting; Authentication; Context; Military computing; Protocols; Semiconductor optical amplifiers; Service oriented architecture; MLS; SOA;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    MILITARY COMMUNICATIONS CONFERENCE, 2010 - MILCOM 2010
  • Conference_Location
    San Jose, CA
  • ISSN
    2155-7578
  • Print_ISBN
    978-1-4244-8178-1
  • Type

    conf

  • DOI
    10.1109/MILCOM.2010.5680368
  • Filename
    5680368