Classical approaches to distributed system security often rely on single-purpose entities to authenticate clients, enforce access and security policy, or at least distribute authentication tokens.  While these models are reasonable for controlling access to a centralized resource (such as a database), they are not suitable for highly-distributed and dynamic systems where fielded nodes with intermittent connectivity require access to real-time data.  For instance, it is unacceptable to deny a field operator real-time access to UAV imagery data simply because a remote authentication server is temporarily unavailable.  A new approach is needed.

The combination of data-in-transit with data-at-rest, commonly found in many combat systems, presents additional challenges. It is not enough to protect point-to-point communications using standard transport-level or IPSEC security mechanisms. Data must also be labeled or tagged so that its security attributes are preserved when stored and queried.  Middleware used to distribute data is also affected by this. For example, it is not enough to secure DDS communication using a secure transport protocol such as TLS. It is necessary to also properly label, encrypt, and validate stored data in middleware services such as the DDS persistence service. 

This presentation covers four topics:

(1) Analysis of access control models with regards to their performance, scalability, deployability, and robustness characteristics as they apply to the real-time GIG environment.  The analysis will include both classical models (e.g., discretionary (DAC), mandatory (MAC), role-based, and attribute-based) as well as models from recent research (e.g.,  risk-adaptive, capabilities-based, and authorization based).

(2) Analysis of available open-source and COTS technologies that can be used to describe access control policies, encode access rights, and enforce access control. These technologies include Kerberos, PKI, XACML, and SAML, etc.

(3) Recent research on pragmatic access control models and security enforcement mechanisms suitable for highly dynamic real-time systems that can operate with high resilience in a decentralized environment

(4) Proposed extensions to the DDS standard such that it can enforce access control and secure communications in these environments.