Infrastructure for multi-level secure service-oriented architecture (MLS-SOA)

Service-oriented architecture (SOA) is the premier application framework for integrating complex heterogeneous computing systems in business and government. To utilize SOA in sensitive military systems, however, the issue of multi-level security (MLS) must be addressed. MLS requirements call for strict separation and limit interaction between classification levels. However, many Web services and resources reside in the Low domains. Support services such as weather forecasting, mapping, and procurement typically reside in the Unclassified level. There is strong desire from High clients and applications to make use of those services. This paper presents a framework for adding MLS capabilities to SOA systems. Specifically, it will allow clients in High to securely and transparently utilize resources in Low. It addresses MLS requirements by minimizing the potential risks for information leak and thwart inference attacks. It also provides privilege control capabilities to limit and manage interaction between High and Low at the infrastructure level. Since an overt channel is created from High to Low, cross domain SOA has to be used with caution where the functional benefits outweigh the security risk. MLS-SOA is a practical solution that leverages the existing MLS infrastructure and augments security. Cross-domain solutions (CDS) already in place will mediate traffic across domain boundaries. MLS-SOA will provide additional safeguards and control for domains, applications, and users in High that need to invoke services across domain boundaries.