1

Homeland Security Issues and SolutionsHomeland Security Issues and SolutionsProf. Steven A. Demurjian, Sr.

Director, CSE Graduate ProgramComputer Science & Engineering Department

The University of ConnecticutStorrs, CT 06269-3155

steve@engr.uconn.eduhttp://www.engr.uconn.edu/~steve

http://www.engr.uconn.edu/~steve/DSEC/dsec.html(860) 486 - 4818

Lt. Col. Charles E. Phillips, Jr. Dept. of Electrical Engineering and Computer Science

United States Military AcademyWest Point, NY

Charles.Phillips@usma.edu(845) 938 - 5564

(Instructor at USMA/Ph.D. Student at UConn)

2

Dynamic Coalition for Homeland SecurityDynamic Coalition for Homeland Security CrisisCrisis

Any Situation Requiring National or International Attention

CoalitionCoalition Alliance of Organizations Military, Civilian, International or any Combination

DynamicDynamic CoalitionCoalition Formed in a Crisis and Changes as Crisis Develops Key Concern Being the Most Effective way to Solve

the Crisis Dynamic Coalition Problem (DCP)Dynamic Coalition Problem (DCP)

Security, Resource, and Information Sharing Risks that Occur as a Result of Coalition Being Formed Quickly

3

FADDAFATDS

GCCS-A

MCS

ASAS

CSSCS

Other

ABCS

U.N.

U.S.A

NGO/PVO

NATOMarine Corps

NavyAir Force

Army

GCCS

Battle Management

System

JointCommand

System

Army Battle Command

System

CombatOperations

System

U.S. Global C2 Systems

DC for Military Deployment/EngagementDC for Military Deployment/Engagement

LFCSCanada

SICF France

HEROS Germany

SIACCON Italy

OBJECTIVES: Securely Leverage Information in a

Fluid EnvironmentProtect Information While Simultaneously

Promoting the CoalitionSecurity Infrastructure in Support of DCP

4

DC for Medical EmergencyDC for Medical Emergency

Govt.

TransportationMilitaryMedics

LocalHealthCare

CDC

ISSUES: Privacy vs. Availability in Medical RecordsSupport Life-Threatening Situations via Availability of Patient Data on Demand

Pharma.Companies

Govt.MDs w/oBorders

RedCross

RNsEMTs

MDsState

HealthOther

5

Security Issues: Information Access and FlowSecurity Issues: Information Access and Flow What are the Security Requirements for Each User in DC What are the Security Requirements for Each User in DC

Information at What Times? Information at What Times? What Information Needs to Be Sent (Pushed) to Which What Information Needs to Be Sent (Pushed) to Which

Users at What Time (Regular Intervals)? Users at What Time (Regular Intervals)? Delivering Critical Data in Timely Fashion for DC Correct and Consistent Information at Right Time

What Information Needs to Be Available On-demand What Information Needs to Be Available On-demand (Pulled) to Which Users at What Time? (Pulled) to Which Users at What Time? Satisfying Dynamic Data Requirements for DC Exactly Enough Information and No More

Can we Support User Privileges that Change Based on the Can we Support User Privileges that Change Based on the “Context” and “State” of DC?“Context” and “State” of DC?

6

Security Issues: System ConsiderationsSecurity Issues: System Considerations How Does Distribution of a DC Affect Security Policy How Does Distribution of a DC Affect Security Policy

Definition and Enforcement?Definition and Enforcement? Are Security Handlers/Enforcement Mechanisms of DC Are Security Handlers/Enforcement Mechanisms of DC

Centralized and/or Distributed for Multiple Policies?Centralized and/or Distributed for Multiple Policies? Are there Reusable Security Components that Can Be

Composed on Demand to Support DC? Support for RBAC, DAC, and/or MAC?

What is the Impact of Legacy/COTs/GOTs of a DC on What is the Impact of Legacy/COTs/GOTs of a DC on Delivering the Information Securely?Delivering the Information Securely? At What Level, If Any, is Secure Access Available? How is Security Added If it is Not Present? What Techniques Are Needed to Control Access to

Legacy/COTS?

7

Security Issues: Different ApproachesSecurity Issues: Different Approaches Discretionary Access Control (DAC)Discretionary Access Control (DAC)

Restricts Access Based on Identity of Group/Subject Discretion Supports the “Pass-on” of Permissions

Role-Based Access Control (RBAC) Role-Based Access Control (RBAC) Permissions Based on Responsibilities or Roles Users may Play Multiple Roles Each RBAC Flexible in both Management and Usage

Mandatory Access Control (MAC)Mandatory Access Control (MAC) Restrict Access Based on Sensitivity Level (Top

Secret, Secret, Confidential, Unclassified) If Clearance of User Dominates Classification of

Object, Access is Allowed Homeland Security Likely Requires All Three at Times!Homeland Security Likely Requires All Three at Times!

8

Security Issues: Confidence in SecuritySecurity Issues: Confidence in Security AssuranceAssurance

Are the Security Privileges for Each User of DC Adequate (and Limited) to Support their Needs?

What Guarantees are Given by the Security Infra-structure of DC in Order to Attain: Safety: Nothing Bad Happens During Execution Liveness: All Good Things can Happen During Execution

ConsistencyConsistency Are the Defined Security Privileges for Each User

Internally Consistent? Least-Privilege Principle Are the Defined Security Privileges for Related Users

Globally Consistent? Mutual-Exclusion

9

Solution: RBAC/MAC at Design LevelSolution: RBAC/MAC at Design LevelPoll Topic Archived System

JuniorOperator- C

Senior Staff - S

Poll Topic Admin - TS

Enter PollTopic - S

Activate PollTopic - TS Deactivate Poll

Topic - TS

Enter Question - C Verify Topic - S

EnterOrdinaryQuestion - C

EnterSpecialQuestion - S

CategorizeQuestion - C

Enter Category - S

Supervisor - TS

<<extend>>

<<extend>><<extend>>

<<include>>

<<extend>>

<<include>>

<<include>>

<<include>>

Security as First Security as First Class Citizen in Class Citizen in the Design the Design ProcessProcess

Use Cases and Use Cases and Actors (Roles) Actors (Roles) Marked with Marked with Security LevelsSecurity Levels

Dynamic Dynamic Assurance Assurance Checks to Insure Checks to Insure that Connections that Connections Do Not Do Not ViolateViolateMAC RulesMAC Rules

10

Other Possibilities: Reverse Engineer Existing Policy to

Logic Based DefinitionUML Model with Security

Capture all Security Requirements!

Extending UML for the Designand Definition of Security Requirements

Address Security in Use-Case Diagrams, Class Diagrams, etc., as Part of Application Design

Formal Security Policy Definition usingExisting Approach (Logic Based Policy Language)

Iterate, Revise

Bi-Directional Translation - Prove thatall UML Security Definitions in UML in Logic-Based Policy Language and vice-versa

Security Model Generation

RBAC99 RBAC/MAC UConn

OracleSecurity

Must Prove Generation Captures all Security Requirements

Solution: UML-Based RBAC/MACSolution: UML-Based RBAC/MAC

11

Legacy

COTS

GOTS

Database

JavaClient

LegacyClient

DatabaseClient

COTSClient

Solution: Unifying RBAC/MACSolution: Unifying RBAC/MAC Interacting Software ArtifactsInteracting Software Artifacts New/Existing Clients use APIsNew/Existing Clients use APIs Control Access to APIs by … Control Access to APIs by …

Role (who) Classification (MAC) Time (when) Data (what) Delegation

Security AuthorizationClient (SAC)

Security Policy Client (SPC)

SecurityRegistration

Services

Unified Security Resource (USR)Security Policy

Services

Security DelegationClient (SDC)

SecurityAnalysis and

Tracking (SAT)

SecurityAuthorization

Services

Working Prototype Available

usingCORBA,

JINI, Java, Oracle

NETWORK

12

Solution: Unifying RBAC/MACSolution: Unifying RBAC/MAC Security Model that Unifies RBAC/MAC with Method-Security Model that Unifies RBAC/MAC with Method-

Level Approach Level Approach Constraints using: Role, MAC, Time, and Data Customized Access to APIs of Artifacts Contrast with Object Level Approach

Security Policy and Enforcement AssuranceSecurity Policy and Enforcement Assurance Design Time (During Security Policy Definition)

Security Assurance Run Time (Executing Application) Security

Enforcement RBAC/MAC for a Distributed Setting (Middleware)RBAC/MAC for a Distributed Setting (Middleware)

Flexible, Portable, Platform Independent Security with Minimal/Controlled Impact

13

Concluding RemarksConcluding Remarks Dynamic Coalitions will play a Critical Role in Homeland Dynamic Coalitions will play a Critical Role in Homeland

Security during Crisis SituationsSecurity during Crisis Situations Critical to Understand the Security Issues for Users and Critical to Understand the Security Issues for Users and

System of Dynamic CoalitionsSystem of Dynamic Coalitions At UConn, Multi-Faceted Approach to SecurityAt UConn, Multi-Faceted Approach to Security

Attaining Consistency and Assurance at Policy Definition and Enforcement

Capturing Security Requirements at Early Stages via UML Enhancements/Extensions

Providing a Security Infrastructure that Unifies RBAC and MAC for Distributed Setting

http://www.engr.uconn.edu/~steve/DSEC/dsec.html