The Joint Battlespace Infosphere (JBI) is a combat management system that
integrates information from a variety of sources, processes the information,
and distributes it in an appropriate and timely manner to users at all security
levels. Much of this information is sensitive, and specifying and enforcing
correct security policies is essential for its protection.
Specifying correct security policies for a large, complex, system, such
as the JBI, is non-trivial. This application typically has many, diverse
security policies differing in their syntax, semantics, and pragmatics. Policies
may conflict with each other and may interfere with other requirements of
the application. In addition, the application may evolve, and so must the
associated security policies. Although a lot of research exists on security
policy, there is no framework that provides a comprehensive solution to the
problems of specification, validation, integration, and evolution of security
policies. In this research, we propose such a framework and develop a prototype
tool to partially automate the solution and aid the JBI user in specifying
correct security policies.
We follow the recommendations of other researchers in keeping an application
separate f rom its security policies. This allows for the security requirements
to be clearly documented, policies to be changed independently of the application,
policies to be independently analyzed, and policies to be centrally managed.
Eventually the policy concerns must be integrated with the application. Security
policies typically impact multiple modules of an application, and ad-hoc
approaches to integrating such concerns in the individual modules may result
in problems, such as, security breaches. We adopt the aspect-oriented technique
to address this problem. An aspect is a concern that cross-cuts
multiple modules of an application. We encapsulate security policies in aspects
and then integrate (weave) the aspect with the application
in a methodical manner. Treating security policies as aspects facilitates
their specification, validation, integration, and evolution, and allows developers
to focus on specification of policies without concern about the entire application.
The weaving techniques allow the policy aspects to be methodically integrated
with the application, and the process can be repeated to incorporate multiple
policies. The application can then be validated to test whether the correct
policies have been specified. Encapsulating security policies as aspects
also aids evolution -- a change of policy necessitates only a change in the
corresponding aspect and not the individual modules that are affected by
the policy. Once the corresponding aspect has been adapted to reflect the
change in policy, the only thing that needs to be done to reflect this modification
is to weave the new aspects into the application.
Our research approach addresses the following concerns:
A suitable language must be developed for specifying policy aspects that
represents them in an analyzable, user-friendly form, and facilitates their
integration with the application. We will develop a UML-based language for
expressing policy aspects. We will represent application-independent policies
as UML template models and application-specific policies as UML models. The
template representation facilitates reuse, while the use of the UML to represent
policies allows integration of policy definitions with UML artifacts created
in system development projects.
Security policies must be validated against intent and their impact on application
analyzed. We will validate a set of security policies by composing the aspects
with models of the application and then analyzing the composed model. Techniques
will also be developed to resolve conflicts arising from this composition.
We will test the composed model against scenarios depicting authorized interactions
and malicious attacks.
A JBI may operate under the influence of multiple policies, or several JBIs,
each with their own policies, may need to work together to accomplish a mission.
We will develop techniques for integrating independently developed policies.
We will investigate how existing information integration techniques can be
adapted to support policy integration. The composition techniques and technologies
used for validating aspects will be used to support testing the integrated
JBI security policies may change during a mission and evolving systems must
keep pace with those changes. By encapsulating security concerns (in aspects),
changes can be made in the aspect, and the effects can be incorporated into
the models through composition. We will investigate how aspects can be extracted
from the woven model, how they can be modified, and the modified aspect once
again woven with the application.