6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Harm Schotanus et al.<br />
these aspects can be combined to develop a labelling solution that in the end delivers a cross domain<br />
solution, but in the mean time can be useful for several purposes. We have provided a proposition for<br />
an incremental approach to create a cross domain solution.<br />
By starting with labelling for information management purposes, we can quickly gain results as it can<br />
make accessing the right information easier. This can be extended with limited effort to support a<br />
method to exchange release information with other domains having a similar security policy. This way,<br />
not only have we provided the technical basis for labelling, but also have we prepared the users to<br />
work with labels and appreciate their purpose. The third step in this process can be to implement<br />
integrity protection and this requires an elevation of the assurance of the label creation process. And<br />
finally we reach a true cross domain solution if we elevate the assurance on the validation side as<br />
well. It can be easily spotted nevertheless that careful planning and a solid overview of each individual<br />
step as well as the whole is a necessity to reach the goal. On the other hand, implementing a cross<br />
domain solution in one big step may be just a bridge too far.<br />
5. Future work<br />
The proposed means to realise a cross domain solution can be further extended with other<br />
functionality. These require further research to determine feasibility and technical means to realise<br />
them.<br />
Fine-grained control over information, e.g. labels on individual chapters or paragraphs.<br />
Automatic labelling of information; for instance information from sensors, such as radar or<br />
cameras can be automatically labelled, depending on both the content as well as the capabilities<br />
to generate the information.<br />
Integration of applications and labelling, so that the user can control the process of labelling<br />
(semi-)automatically from the applications.<br />
Life cycle management of information, e.g. use of labels to express changes in the information.<br />
Cross Domain Solutions; it can be a very useful technique to use different labels to exchange<br />
information across different security domains. Based on a domain policy external labels can be<br />
translated into an internal label which is understandable within the domain.<br />
Methodology for policy development. A core concept of an automate release mechanism is<br />
enforcing a policy; creating a usable policy is a complex task, hence a methodology to develop<br />
based on all rules and agreements is needed to ensure the completeness and consistency.<br />
6. References<br />
Buckman, T. (2005) “Nato Network Enabled Capability Feasibility Study – Executive Summary”, [online] version<br />
2.0, NC3A, http://www.dodccrp.org/files/nnec_fs_executive_summary_2.0_nu.pdf<br />
Schotanus, H.A., Boonstra, D. and te Paske, B.J. (2009) “Information Labeling – Cross- Domain Solutions”,<br />
Intercom Vereniging Officieren Verbindingsdienst, 38 th year, No. 2<br />
Martis, E.R., et al. (2006) “Information Assurance : Trendanalysis”, TNO report TNO-D&V 2006 B312<br />
Eggen, A., et al. (2010) “Binding of Metadata to Data Objects – A proposal for a NATO specification”, Norwegian<br />
Defence Research Establishment (FFI) & NC3A<br />
Hartog, T., Degen, A.J.G. and Schotanus, H.A. (2010) “High assurance platform for labelling solutions”, TNO<br />
Information and Communication Technology<br />
Rushby, J. (1981) “Design and Verification of Secure Systems”, ACM Operating Systems Review, Vol. 15, No. 5,<br />
pp 12-21, http://www.csl.sri.com/papers/sosp81/sosp81.pdf<br />
Smulders, A.C.M. (2010) “Rubriceren bottleneck voor informatiedeling”, Intercom Vereniging Officieren<br />
Verbindingsdienst, 39 th year, No. 1, p 33-34<br />
Verkoelen, C.A.A., et al. (2010) “Security shift in future network architectures”, information assurance and cyber<br />
defence; NATO RTO IST 091<br />
Information Assurance Directorate (2007), “U.S. Government Protection Profile for Separation Kernels in<br />
Environments Requiring High Robustness”, version 1.03, http://www.niapccevs.org/pp/pp_skpp_hr_v1.03.pdf<br />
Oudkerk, S., et al. (2010) “A Proposal for an XML Confidentiality Label Syntax and Binding of Metadata to Data<br />
Objects”, information assurance and cyber defence, NATO RTO IST 091<br />
W3C, POWDER: Protocol for Web Description Resources, 1 september 2009, http://www.w3.org/2007/powder/<br />
237