Project Summary

The Joint Battlespace Infosphere (JBI) is a combat management system that integrates information from a variety of sources, processes the information, and distributes it in an appropriate and timely manner to users at all security levels. Much of this information is sensitive, and specifying and enforcing correct security policies is essential for its protection.

Specifying correct security policies for a large, complex, system, such as the JBI, is non-trivial. This application typically has many, diverse security policies differing in their syntax, semantics, and pragmatics. Policies may conflict with each other and may interfere with other requirements of the application. In addition, the application may evolve, and so must the associated security policies. Although a lot of research exists on security policy, there is no framework that provides a comprehensive solution to the problems of specification, validation, integration, and evolution of security policies. In this research, we propose such a framework and develop a prototype tool to partially automate the solution and aid the JBI user in specifying correct security policies.

We follow the recommendations of other researchers in keeping an application separate f rom its security policies. This allows for the security requirements to be clearly documented, policies to be changed independently of the application, policies to be independently analyzed, and policies to be centrally managed. Eventually the policy concerns must be integrated with the application. Security policies typically impact multiple modules of an application, and ad-hoc approaches to integrating such concerns in the individual modules may result in problems, such as, security breaches. We adopt the aspect-oriented technique to address this problem. An aspect is a concern that cross-cuts multiple modules of an application. We encapsulate security policies in aspects and then integrate (weave) the aspect with the application in a methodical manner. Treating security policies as aspects facilitates their specification, validation, integration, and evolution, and allows developers to focus on specification of policies without concern about the entire application. The weaving techniques allow the policy aspects to be methodically integrated with the application, and the process can be repeated to incorporate multiple policies. The application can then be validated to test whether the correct policies have been specified. Encapsulating security policies as aspects also aids evolution -- a change of policy necessitates only a change in the corresponding aspect and not the individual modules that are affected by the policy. Once the corresponding aspect has been adapted to reflect the change in policy, the only thing that needs to be done to reflect this modification is to weave the new aspects into the application.

Our research approach addresses the following concerns:

  1. Policy Formulation:

    A suitable language must be developed for specifying policy aspects that represents them in an analyzable, user-friendly form, and facilitates their integration with the application. We will develop a UML-based language for expressing policy aspects. We will represent application-independent policies as UML template models and application-specific policies as UML models. The template representation facilitates reuse, while the use of the UML to represent policies allows integration of policy definitions with UML artifacts created in system development projects.
  2. Policy Validation:

    Security policies must be validated against intent and their impact on application analyzed. We will validate a set of security policies by composing the aspects with models of the application and then analyzing the composed model. Techniques will also be developed to resolve conflicts arising from this composition. We will test the composed model against scenarios depicting authorized interactions and malicious attacks.
  3. Policy Integration:

    A JBI may operate under the influence of multiple policies, or several JBIs, each with their own policies, may need to work together to accomplish a mission. We will develop techniques for integrating independently developed policies. We will investigate how existing information integration techniques can be adapted to support policy integration. The composition techniques and technologies used for validating aspects will be used to support testing the integrated policy aspects.
  4. Policy Evolution:

    JBI security policies may change during a mission and evolving systems must keep pace with those changes. By encapsulating security concerns (in aspects), changes can be made in the aspect, and the effects can be incorporated into the models through composition. We will investigate how aspects can be extracted from the woven model, how they can be modified, and the modified aspect once again woven with the application.