DocumentCode
1940547
Title
Infrastructure for multi-level secure service-oriented architecture (MLS-SOA)
Author
Luo, Jim ; Kang, Myong
Author_Institution
Center for High Assurance Comput., Naval Res. Lab., Washington, DC, USA
fYear
2010
fDate
Oct. 31 2010-Nov. 3 2010
Firstpage
475
Lastpage
481
Abstract
Service-oriented architecture (SOA) is the premier application framework for integrating complex heterogeneous computing systems in business and government. To utilize SOA in sensitive military systems, however, the issue of multi-level security (MLS) must be addressed. MLS requirements call for strict separation and limit interaction between classification levels. However, many Web services and resources reside in the Low domains. Support services such as weather forecasting, mapping, and procurement typically reside in the Unclassified level. There is strong desire from High clients and applications to make use of those services. This paper presents a framework for adding MLS capabilities to SOA systems. Specifically, it will allow clients in High to securely and transparently utilize resources in Low. It addresses MLS requirements by minimizing the potential risks for information leak and thwart inference attacks. It also provides privilege control capabilities to limit and manage interaction between High and Low at the infrastructure level. Since an overt channel is created from High to Low, cross domain SOA has to be used with caution where the functional benefits outweigh the security risk. MLS-SOA is a practical solution that leverages the existing MLS infrastructure and augments security. Cross-domain solutions (CDS) already in place will mediate traffic across domain boundaries. MLS-SOA will provide additional safeguards and control for domains, applications, and users in High that need to invoke services across domain boundaries.
Keywords
military computing; military systems; security of data; service-oriented architecture; MLS-SOA; SOA systems; cross-domain solutions; heterogeneous computing systems; information leak; military systems; multilevel secure service-oriented architecture; security risk; thwart inference attacks; weather forecasting; Authentication; Context; Military computing; Protocols; Semiconductor optical amplifiers; Service oriented architecture; MLS; SOA;
fLanguage
English
Publisher
ieee
Conference_Titel
MILITARY COMMUNICATIONS CONFERENCE, 2010 - MILCOM 2010
Conference_Location
San Jose, CA
ISSN
2155-7578
Print_ISBN
978-1-4244-8178-1
Type
conf
DOI
10.1109/MILCOM.2010.5680368
Filename
5680368
Link To Document