1. 1 Homeland Security Issues and Solutions Prof. Steven A. Demurjian, Sr. Director, CSE Graduate Program Computer Science & Engineering Department The University of Connecticut Storrs, CT 06269-3155 steve@engr.uconn.edu http://www.engr.uconn.edu/~steve http://www.engr.uconn.edu/~steve/DSEC/dsec.html (860) 486 - 4818 Lt. Col. Charles E. Phillips, Jr. Dept. of Electrical Engineering and Computer Science United States Military Academy West Point, NY Charles.Phillips @ usma.edu (845) 938 - 5564 (Instructor at USMA/Ph.D. Student at UConn)

2. 2 Dynamic Coalition for Homeland Security  Crisis  Any Situation Requiring National or International Attention  Coalition  Alliance of Organizations  Military, Civilian, International or any Combination  Dynamic Coalition  Formed in a Crisis and Changes as Crisis Develops  Key Concern Being the Most Effective way to Solve the Crisis  Dynamic Coalition Problem (DCP)  Security, Resource, and Information Sharing Risks that Occur as a Result of Coalition Being Formed Quickly

3. 3 FADD AFATDS GCCS-A MCS ASAS CSSCS Other ABCS U.N. U.S.A NGO/ PVO NATO Marine Corps NavyAir Force Army GCCS Battle Management System Joint Command System Army Battle Command System Combat Operations System U.S. Global C2 Systems DC for Military Deployment/Engagement LFCS Canada SICF France HEROS Germany SIACCON Italy OBJECTIVES: Securely Leverage Information in a Fluid Environment Protect Information While Simultaneously Promoting the Coalition Security Infrastructure in Support of DCP

4. 4 DC for Medical Emergency Govt. Transportation Military Medics Local Health Care CDC ISSUES: Privacy vs. Availability in Medical Records Support Life-Threatening Situations via Availability of Patient Data on Demand Pharma. Companies Govt. MDs w/o Borders Red Cross RNs EMTs MDs State Health Other

5. 5 Security Issues: Information Access and Flow  What are the Security Requirements for Each User in DC Information at What Times?  What Information Needs to Be Sent (Pushed) to Which Users at What Time (Regular Intervals)?  Delivering Critical Data in Timely Fashion for DC  Correct and Consistent Information at Right Time  What Information Needs to Be Available On-demand (Pulled) to Which Users at What Time?  Satisfying Dynamic Data Requirements for DC  Exactly Enough Information and No More  Can we Support User Privileges that Change Based on the “Context” and “State” of DC?

6. 6 Security Issues: System Considerations  How Does Distribution of a DC Affect Security Policy Definition and Enforcement?  Are Security Handlers/Enforcement Mechanisms of DC Centralized and/or Distributed for Multiple Policies?  Are there Reusable Security Components that Can Be Composed on Demand to Support DC?  Support for RBAC, DAC, and/or MAC?  What is the Impact of Legacy/COTs/GOTs of a DC on Delivering the Information Securely?  At What Level, If Any, is Secure Access Available?  How is Security Added If it is Not Present?  What Techniques Are Needed to Control Access to Legacy/COTS?

7. 7 Security Issues: Different Approaches  Discretionary Access Control (DAC)  Restricts Access Based on Identity of Group/Subject  Discretion Supports the “Pass-on” of Permissions  Role-Based Access Control (RBAC)  Permissions Based on Responsibilities or Roles  Users may Play Multiple Roles Each  RBAC Flexible in both Management and Usage  Mandatory Access Control (MAC)  Restrict Access Based on Sensitivity Level (Top Secret, Secret, Confidential, Unclassified)  If Clearance of User Dominates Classification of Object, Access is Allowed  Homeland Security Likely Requires All Three at Times!

8. 8 Security Issues: Confidence in Security  Assurance  Are the Security Privileges for Each User of DC Adequate (and Limited) to Support their Needs?  What Guarantees are Given by the Security Infra- structure of DC in Order to Attain:  Safety: Nothing Bad Happens During Execution  Liveness: All Good Things can Happen During Execution  Consistency  Are the Defined Security Privileges for Each User Internally Consistent? Least-Privilege Principle  Are the Defined Security Privileges for Related Users Globally Consistent? Mutual-Exclusion

9. 9 Solution: RBAC/MAC at Design Level  Security as First Class Citizen in the Design Process  Use Cases and Actors (Roles) Marked with Security Levels  Dynamic Assurance Checks to Insure that Connections Do Not Violate MAC Rules

10. 1010 Other Possibilities: Reverse Engineer Existing Policy to Logic Based Definition UML Model with Security Capture all Security Requirements! Extending UML for the Design and Definition of Security Requirements Address Security in Use-Case Diagrams, Class Diagrams, etc., as Part of Application Design Formal Security Policy Definition using Existing Approach (Logic Based Policy Language) Iterate, Revise Bi-Directional Translation - Prove that all UML Security Definitions in UML in Logic- Based Policy Language and vice-versa Security Model Generation RBAC99 RBAC/MAC UConn Oracle Security Must Prove Generation Captures all Security Requirements Solution: UML-Based RBAC/MAC

11. 1 Legacy COTSGOTSDatabase Java Client Legacy Client Database Client COTS Client Solution: Unifying RBAC/MAC  Interacting Software Artifacts  New/Existing Clients use APIs  Control Access to APIs by …  Role (who)  Classification (MAC)  Time (when)  Data (what)  Delegation Security Authorization Client (SAC) Security Policy Client (SPC) Security Registration Services Unified Security Resource (USR) Security Policy Services Security Delegation Client (SDC) Security Analysis and Tracking (SAT) Security Authorization Services Working Prototype Available using CORBA, JINI, Java, Oracle NETWORK

12. 1212 Solution: Unifying RBAC/MAC  Security Model that Unifies RBAC/MAC with Method- Level Approach  Constraints using: Role, MAC, Time, and Data  Customized Access to APIs of Artifacts  Contrast with Object Level Approach  Security Policy and Enforcement Assurance  Design Time (During Security Policy Definition) Security Assurance  Run Time (Executing Application) Security Enforcement  RBAC/MAC for a Distributed Setting (Middleware)  Flexible, Portable, Platform Independent  Security with Minimal/Controlled Impact

13. 1313 Concluding Remarks  Dynamic Coalitions will play a Critical Role in Homeland Security during Crisis Situations  Critical to Understand the Security Issues for Users and System of Dynamic Coalitions  At UConn, Multi-Faceted Approach to Security  Attaining Consistency and Assurance at Policy Definition and Enforcement  Capturing Security Requirements at Early Stages via UML Enhancements/Extensions  Providing a Security Infrastructure that Unifies RBAC and MAC for Distributed Setting  http://www.engr.uconn.edu/~steve/DSEC/dsec.html