Designing a Large SOA across Multiple Security Domains

The current best practices for securing large scale SOA systems on GIG computer networks rely on layered computer network defenses based on firewalls, IDS/IPS appliances, high assurance guards, PKI certificates and VPN technologies. These are costly to procure, deploy and maintain, and require a significant amount of physical and personnel security to mitigate their shortcomings. Furthermore they do not easily facilitate the recent presidential orders to share information. This paper describes a security system based on classic reference monitor and cryptographic techniques that is cost effective, scalable, easy to use, and will allow information sharing in an MLS or MSL type of communications environment.