Compound Identity Measure: A New Concept for Information Assurance

Choudhary,

doi:10.1109/iaw.2006.1652089

Cited by 4 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The results should lead to a strategy, and its execution, to fill the identified gaps, as well as to improve and expand the existing technologies and products. 6 …”

Section: Pbm Technology and Capabilities Evaluationmentioning

confidence: 97%

“…In the present example, it would be easier to add a meta-policy rule to the digital policies for the QoS. The rule will look at the security classification of the flow [6] and determine that the particular label switched path is not available for the flows in that security category. The scenario depicted in Figure 4 is harder to implement, partly because the topic has not been adequately researched within the GIG.…”

Section: Deconfliction Of Policy Actionsmentioning

confidence: 98%

“…The PMI can be visualized as a backbone from which one can hang individual PBM applications, as is schematically illustrated in Figure 3. Examples of the PBM applications include the routing management, quality of service management [4], service level specifications management, information assurance management [5], [6], and of course the network management [2]. In the case of the PMI based deployment, the PBM capabilities arise from three main sources: (a) the capabilities of the policy management infrastructure; (b) the capabilities of the domain specific digital policies such as those for routing, quality of service, service level specifications, information assurance, and network management; and (c) the capabilities that derive from the situation evaluation and decision making logic2 employed within a PDP.…”

Section: Pmi Based Deploymentmentioning

confidence: 99%

See 2 more Smart Citations

Policy based Management: Deployment Challenges in the GIG

Choudhary¹

2007

MILCOM 2007 - IEEE Military Communications Conference

View full text Add to dashboard Cite

The policy based management is an emerging technology. Requirements exist for the global information grid (GIG) to use this technology, including in its space based component referred to as the transformational satellites (TSAT). There are serious difficulties and challenges in deploying the PBM technology in the GIG. In this paper we analyze these difficulties and challenges, and suggest possible solutions. 1 INTRODUCTION In this paper we will assume a general introductory knowledge about the policy based management (PBM) technology. The readers are referred to the published literature [1] [2] for an introduction. The global information grid (GIG) and its space base component, the transformational satellites (TSAT), are essential enablers for the Net Centric Operations and Warfare (NCOW). The GIG requires the capability for flexible and dynamic (re)allocation of resources with access control decisions made in a risk adaptable manner. The policy based management (PBM) technology uses digital policies to enable the above mentioned capabilities for the GIG. Digital policies include well-structured 'IF X THEN Y' type policy rules, where X is the policy condition and Y is the policy action. They are formulated using semantics that a computer can understand, evaluate, and arrive at a unique and unambiguous decision for taking policy action that is appropriate under the prevailing operational conditions. However, the deployment of the emerging PBM technology in the GIG and TSAT poses serious difficulties and challenges. These arise from three main sources: (1) the (mis)understanding about the PBM technology capabilities and usage; (2) the emerging nature of the technology itself; and (3) the needed systems engineering within the GIG to facilitate the deployment of PBM. In this paper we will analyze these difficulties and the ensuing challenges. Along the way we will suggest possible approaches to resolve the difficulties and meet the challenges. We will take a practical approach in our analysis, so that generality will be less emphasized relative to the practical needs within the GIG program. After a brief description of the digital policies in section 2, we discuss the PBM usage and deployment modes in section 3, the emerging nature of the PBM technology in section 4, and some needed systems engineering activities within the GIG in section 5. We summarize major recommendations in section 6, and present our conclusions in section 7. 2 DIGITAL POLICIES Policies are described in two very distinct ways. First there are policy documents that are issued from executives and administrators. These policy documents implicitly contain rules and procedures according to which the operations should be conducted. Second, there are computer interpretable statements that formally state the individual rules and procedures in such a way that a computer can evaluate them and arrive at unique and unambiguous decisions. In this paper we refer to such formal policy rule sets that computers can understand and evaluate, as the Digital Polic...

show abstract

“…The results should lead to a strategy, and its execution, to fill the identified gaps, as well as to improve and expand the existing technologies and products. 6 …”

Section: Pbm Technology and Capabilities Evaluationmentioning

confidence: 97%

Section: Deconfliction Of Policy Actionsmentioning

confidence: 98%

Section: Pmi Based Deploymentmentioning

confidence: 99%

See 1 more Smart Citation

Policy based Management: Deployment Challenges in the GIG

Choudhary¹

2007

MILCOM 2007 - IEEE Military Communications Conference

View full text Add to dashboard Cite

show abstract

“…The PMI can be visualised as a backbone from which one can hang individual PBM applications, as is schematically illustrated in Figure 5. Examples of the PBM applications that can hang from a PMI include the routing management, quality of service management (Choudhary, 2004b), service level specifications management, information assurance management (Choudhary, 2005b(Choudhary, , 2006, and of course the network management (Choudhary, 2004a). This process is roughly like having a network backbone from which individual local area networks can be hanged.…”

Section: Pmi Based Deploymentmentioning

confidence: 99%

Policy Based Management in the Global Information Grid

Choudhary¹

2008

IJIPT

View full text Add to dashboard Cite

The Global Information Grid (GIG) is briefly described and the application of the Policy Based Management (PBM) technology to the GIG is discussed in detail. Given the state of the technology, industry, and the needed products, there are serious difficulties and challenges in deploying the PBM technology in the GIG. This paper analyses these difficulties and challenges, and suggests possible solutions. It is suggested that PBM be deployed in carefully chosen small scale applications in the GIG such as the management of the Teleports, and these deployed applications be transitioned to the recommended deployment modes when needed technology becomes available.

show abstract

“…Recent work [8,9] on policy-based management [23] and the NSA's RAdAC (Risk Adaptable Access Control) [17] model have demonstrated that evaluation of dynamic policies is feasible and desirable. This is a powerful mechanism, closely related to Arachne.…”

Section: Related Workmentioning

confidence: 99%

Asynchronous policy evaluation and enforcement

Burnside

Keromytis

2008

Proceedings of the 2nd ACM Workshop on Computer Security Architectures

View full text Add to dashboard Cite

Evaluating and enforcing policies in large-scale networks is one of the most challenging and significant problems facing the network security community today. Current solutions are limited by an out-of-date allow/deny paradigm, and policies are evaluated synchronously and independently at each service. This makes it difficult to detect or defend against multi-stage attacks, or attacks which begin as innocent requests and then later exhibit malicious behavior in the same context. In this paper we describe Arachne, a prototype for asynchronous policy evaluation. We evaluate the system by testing it against pre-recorded traffic containing known and unknown attacks and show that it is capable of processing events at more than 10x the required rate for a deployed, heavily-used network.

show abstract

Compound Identity Measure: A New Concept for Information Assurance

Cited by 4 publications

References 5 publications

Policy based Management: Deployment Challenges in the GIG

Policy based Management: Deployment Challenges in the GIG

Policy Based Management in the Global Information Grid

Asynchronous policy evaluation and enforcement

Contact Info

Product

Resources

About