Download
1 / 71
710 likes | 857 Vues
US/UK International Technology Alliance (ITA). Network and Information Sciences. John Gowens ARL Collaborative Alliance Manager Jack Lemon MoD Collaborative Alliance Manager Dinesh Verma & David Watson Program Managers. IBM. The ITA Vision.
E N D
US/UK International Technology Alliance(ITA) Network and Information Sciences John Gowens ARL Collaborative Alliance Manager Jack Lemon MoD Collaborative Alliance Manager Dinesh Verma & David Watson Program Managers IBM
The ITA Vision • Creating an international collaborative research culture • Academia, Industry, Government in US and UK • Innovative multidisciplinary approaches • Developing ground-breaking fundamental science • Empower innovators • Develop understanding of the root cause of military technical challenges • Making an impact on coalition military effectiveness • Focus on key problems with a critical mass of researchers • Gain synergies from UK/US alignment • Innovative transition model A US/UK Alliance conducting collaborative research focused on improving coalition operations by:
ITA Team Overview 10 11 12 13 11 10 Academia U.S. Gov. U.K. Gov. 2 3 5 9 3 6 8 2 8 9 5 1 4 1 4 7 7 6 Industry • ACADEMIA • Cranfield University, Royal Military College of Science, Shrivenham • Imperial College, London • Royal Holloway University of London • University of Aberdeen • University of Cambridge • University of Southampton • University of York • ACADEMIA • Carnegie Mellon University • City University of New York • Columbia University • Pennsylvania State University • Rensselaer Polytechnic Institute • University of California Los Angeles • University of Maryland • University of Massachusetts • INDUSTRY • IBM UK • LogicalCMG • Roke Manor Research Ltd. • Systems Engineering • & Assessment Ltd. • INDUSTRY • BBNT Solutions LLC • The Boeing Corporation • Honeywell Aerospace Electronic Systems • IBM Research • Klein Associates
Technical Areas • Network Theory • Enable the formation/operation of ad hoc coalition teams • Security Across a System of Systems • Fundamental underpinnings for adaptive networking and security to support complex system-of-systems • Sensor Information Processing and Delivery • Sensor information processing/delivery from distributed sensor networks to support enhanced decision-making • Distributed Coalition Planning and Decision Making • Understand and support complex human, social, and technical interactions in distributed coalition teams Goal: Enhancing distributed, secure, and flexible decision-making to improve coalition operations
Theoretical Foundations for Analysis/Design of Wireless and Sensor Networks Towsley, U Mass Mission Adaptive Collaborations Poltrock, Boeing Quality of Information of Sensor Data Bisdikian, IBM Policy Based Security Management Calo, IBM Task-Oriented Deployment of Sensor Data Infrastructures La Porta, Penn State Energy Efficient Security Architectures and Infrastructures Paterson, Royal Holloway Cultural Analysis Sieck, Klein Assoc Interoperability of Wireless Networks and Systems Lee, IBM Hancock, RMR Trust and Risk Management in Dynamic Coalition Environments Clark, York Semantic Integration & Coalition Planning Smart, Southhampton Braines, IBM Complexity Management of Sensor Data Infrastructures Szymanski, RPI Biologically-Inspired Self-Organization in Networks Lio, Cambridge Pappas, IBM International Technology Alliance in Network and Information Sciences Collaborative Alliance Managers/Consortium Managers Jay Gowens (ARL) Jack Lemon (MoD) Dinesh Verma (IBM) Dave Watson (IBM-UK) Network Theory Ananthram Swami (ARL) Tom McCutcheon (Dstl) Don Towsley (U Mass) Kang-Won Lee (IBM) Security Across a System-of-Systems Trevor Benjamin (Dstl) Greg Cirincione (ARL) John Mcdermid (York) Dakshi Agrawal (IBM) Sensor Information Processing Tien Pham (ARL) Gavin Pearson (Dstl) Thomas La Porta (PSU) Vic Thomas (Honeywell) Distributed Coalition Planning Jitu Patel (Dstl) Mike Strub (ARL) Nigel Shadbolt (SHamp) Graham Bent (IBM)
Key US/UK Collaborations Enabled Policy Management Sloman (Imperial) Bellovin (Columbia) Calo/Lobo (IBM-US) Biologically Inspired Techniques Lio (Cambridge) Seshan (CMU) Towsley (U. Mass) Mission Specific Sensor Network Configuration Leung (Imperial) La Porta (Penn State) Operations Analysis using Second Life Wagget (IBM-UK) US Military Academy (Graham) Semantic Battlespace Infosphere Shadbolt (Southampton) Hendler (RPI) Technical Results Attained Policy based self managed cells for coalition operations Wireless sensor network design based on human circulatory systems. Models to analyze properties of MANETs in non-asymptotic case Quality of Information calculus to improve detection methods for sensor network Lightweight scalable infrastructure for sensor information collection and dissemination Multi-player online role playing game based Paradigms to model coalition operations Accomplishments 06-07
Simple biological network Finding hidden community structure and motifs in networks Lethal Slow-growth Non-lethal Unknown Network Theory (Towsley U. Mass, Lee IBM-US) Fundamental underpinnings for adaptive networking to support complex system-of-systems and ad hoc coalition teams • Theoretical foundations for design of wireless and sensor networks (Towsley, U. Mass) • Interoperability of wireless networks and systems (Hancock, RMR/Lee IBM-US) • Biologically-Inspired self-organization in networks (Lio Cambridge/Pappas IBM-US) FY08-09 Objectives • Mathematical models of interoperation to enable design of coalition networks • Analysis of community patterns in biological networks and their applications to wireless systems. • Models analyzing MANETs and performance of protocols
Natural Language Vocabulary Policy SpecificationLayer Natural Language Specifications Battle Space Ontologies Abstract PolicyLayer Abstract Policies Special-purpose Modeling Notations Concrete PolicyLayer Cross-cutting Interaction Models Real-time Updates State Machines, ACLs, Other ConfigLanguages Implementation and ConfigurationLayer Platform-specific Configurations Security Across a System-of-Systems (Mcdermid York, Agrawal IBM-US) Fundamental underpinnings for adaptive security to support complex system-of-systems and ad hoc coalition teams • Policy based security management (Calo, IBM-US) • Energy efficient security architectures and infrastructures (Paterson, Royal Holloway) • Trust and risk management in dynamic coalition environments (Murdoch, York) FY08-09 Objectives • Fixed infrastructure free security mechanism • Enablement of secure dynamic communities of interest • Identity based trust management systems for MANETs
Sensor Information Processing/Delivery (La Porta Penn State, Thomas Honeywell) Sensor information processing and delivery from distributed multi-modal sensor systems within adaptive sensor networks • Quality of Information of sensor data (Bisdikian, IBM-US) • Task-oriented deployment of sensor data infrastructure (La Porta, Penn State) • Complexity management of sensor data infrastructure (Szymanski, RPI) Quality of Information (7) Updated Configuration QoI Updated Configuration Management (9) Deployment (8) Target Operating point FY08-09 Objectives • Quality of information representations to facilitate fusion at multiple levels • Adaptive data infrastructures based on mission requirements and sensor-mission matching algorithms • Information overload reduction techniques for military sensor networks Service Oriented Architecture for Sensor Networks
Distributed Coalition Planning/Decision-Making (Shadbolt Southampton, Bent IBM-UK) Planning and decision-making that takes into consideration the human, social, and technical interactions anticipated in distributed coalition teams • Mission adaptive collaborations (Poltrock, Boeing) • Cultural analysis (Sieck, Klein Assoc) • Shared situational awareness/ Semantic Battlespace Infosphere (Waggett, IBM-UK) FY08-09 Objectives • Improved understanding of multinational planning and decision making • Agile, adaptive collaboration among humans and software agents engaged in collaborative decision-making • Semantic Integration and Collaborative Planning
Project 1: Theoretical foundations for design of wireless and sensor networks Power reduction by cooperative transmission • Team • U. Mass, BBN, ARL, Imperial, Cambridge, SEA, RMR, Dstl • Goal • determine fundamental performance limits in military mobile multi-hop ad hoc wireless networks. • develop robust optimization framework for the design of resource allocation algorithms in such networks. • Key US/UK Collaboration • U. Mass and Imperial for cooperative diversity using MIMO antennas • SEA and U. Mass collaboration with potential visits/training experiences. • Key 2006 Achievements • Analysis of power reduction attributes in cooperative diversity • Analysis of 1-D and 2-D arrays with duty-cycling • Key Objectives 2007-2009 • Analysis of Cooperative Networking • Analysis of Robust optimization of routing and rate control • Protocols for Mission Specific Network Configuration • joint task with TA-3 Project 8 • Military Relevance • Understanding characteristics of networks is fundamental necessity for NCO • Results will lead to better protocols for MANETs, and better network design/planning tools.
Project 2: Interoperability of Wireless Systems and Networks • Team • IBM, Honeywell, UCLA, CUNY, IBM-UK, ARL, Imperial, Cambridge, RMR, Dstl • Goal • Investigate fundamental technical issues related to the interoperation of heterogeneous wireless networks and systems • US/UK Collaborations • Imperial, IBM UK and IBM US for MANET monitoring • Cambridge and IBM US on Inter Domain Routing • Imperial, IBM-US and UCLA on Epidemic Data Dissemination • Key Achievement for 2006 • Analysis of capacity gains using Opportunistic Spectrum Scavenging in Coalition Networks • Investigated scalable and efficient data dissemination in MANETs using a novel network coding technology, and improved data delivery ratio while reducing the overhead. • Developed a formal inter-domain meta-routing framework for multi-domain MANETs. • Extended network coding models for multi-party and multi-hop network coding. • Formulation of finite MANETs in terms of static equivalent graphs for analysis • 2007-2008 Objectives • Task 1: Network Monitoring and Troubleshooting in MANETs • Task 2: Inter-domain Wireless Routing in MANETs • Task 3: Data Delivery Using Controlled Epidemic Multicasting • Military Relevance • Analysis of network characteristics of coalition environments. Each different network will have different performance characteristics, access policies, operational goals, … The different network requirements lead to different internal MANET routing mechanisms
Project 3: Biologically Inspired Self-Organization in Wireless Networks Simple biological network Small Hop Count Wireless Network Lethal Slow-growth Non-lethal Unknown • Team • IBM, CMU, U. Mass, BBN, ARL, Cambridge, RMR, Dstl • Goal • Leverage millennia of evolution of biological systems to design better wireless networks • US/UK Collaborations • Cambridge, CMU and IBM US working together on BioInspired Topology Control Mechanisms • Cambridge, U. Mass and BBN working together on dynamic graphs • Cambridge, U. Mass, ARL and IBM working together on organization of BioWire. • Key Achievements for 2006 • Developed algorithms for identification of hidden patterns in communication graphs. • Organization of BioWire 2007 as a catalyst for biologically inspired approaches • Using the Human Circulation Model to design efficient duty-cycling wireless sensor networks • 2007-2008 Objectives • Task 1: Mobility Models for Dynamic Graphs and Information Dissemination • Task 2: MANET Topology Control • Military Relevance • Develop self-organizing systems that are as resilient as biological systems.
Project 4: Policy based Security Management 2. Safety, liveness goals compilation 3. Abstract state machine 1. User Intuitive notation refinement analysis Feedback on feasibility 6. Policy negotiation 5. System and concrete policies 4. Concrete state machine enforceability • Team • IBM, Honeywell, Columbia, ARL, Imperial, Cambridge, CESG, • Goal • Automate the process of enforcing and validating operational security policies into coalition networks. • US/UK Collaborations • Imperial and IBM UK working together on developing policy analysis and refinement algorithms. • Cambridge and Columbia working together on policy enforcement in coalition MANETs. • Key Achievements for 2006 • Developed architecture for self-managing secure cells in dynamic environments. • Specifications for formal representations of security policies in coalition networks. • 2007-2008 Objectives • Task 1: Policy Refinement Algorithms • Task 2: Foundations for Policy Specification and Analysis • Task 3: Policy based Enablement of Secure Dynamic Communities • Task 4: Distributed Policy Enforcement for Secure Information Flows • Military Relevance • Simplify compliance with security policies of coalition networks.
Project 5: Energy Efficient Security Architectures TA Authentic public parameters Secure channel Alice’s ID Info Flow X • Team • IBM, UMD, CUNY, ARL, Royal Holloway, York, Dstl • Goal • Enable security for information flows in flexible dynamic coalitions with multiple communities, dynamic node mobility and constrained power. • Pioneer use of new security infrastructures, key management techniques and lightweight security mechanisms/protocols in dynamic, mobile, ad hoc military networking environments • Understand interactions between security and heterogeneity in military networking environments • make security an enabler rather than a hindrance for collaboration in dynamic CoIs • US/UK Collaborations • RHUL, UMD and IBM US working together on applying threshold cryptography to MANETs. • Key Achievements for 2006 • Developed techniques for inter-operation of entities with different trust authorities to enable dynamic coalition formation. • Developed usage models and scenarios for Identity based keying in MANET environments. • 2007-2008 Objectives • Threshold approaches to building security services in MANETs • Lightweight security infrastructures for MANETs • Mechanisms enabling secure information flows • Military Relevance • Efficient security protocols for better efficiency of coalition networks
Project 6: Trust and Risk in Coalition Environments To trust or not to trust? That is the question Armed Person Approaching Adversary Model Adversary Model Trust level is high Adversary Models Trust Algebra Initial Bootstrapping • Team • IBM, UMD, ARL, York, Holloway, Cranfield, Dstl • Goal • Incorporate the concept of acceptable trust in coalition operations to make security and enabler of coalition operations, as opposed to a hinderance. • US/UK Collaborations • York, RHUL and IBM US working together on development of trust and risk calculus. • Key Achievements for 2006 • Developed techniques for fuzzy logic based risk calculation and access control. • 2007-2008 Objectives • Dynamic Distributed Risk Estimation in MANETs • Risk Calculations • Military Relevance • Enable an understanding of trust and risk trade-offs in coalition operations
Project 7: Quality of Information in Sensor Networks Recent Measurements Measurements at same time previous day Proximate Nodes Nodes of Same Altitude or Depth Another modality on the same node Contextual or multiscale information • Team • IBM, Honeywell, UCLA, CUNY, UMD, ARL, Imperial, Dstl • Goal • Develop technologies to describe, analyze and estimate the quality of information delivered by a sensor network. • How good is the sensor information and how is it affected by network and sensor characteristics • US/UK Collaborations • Imperial and Honeywell working together on development of Impact of routing and energy on QoI. • Imperial and IBM working together on QoI Calculus • Key Achievements for 2006 • Developed statistical and physical model techniques for in-network blind calibration. • Analysis of relationship between QoI and Sensor Sampling Policies • Impact of routing on timeliness of information. • 2007-2008 Objectives • QoI Specification and Analysis Framework • Sensor characteristics and QoI • QoI and Network Services • QoI Calculus for Event Detection • Military Relevance • Improvements in the quality of information delivered by the sensor network infrastructure
Project 8: Mission Oriented Sensor Configuration Mission Operation Operation Task Capability Task Capability Task Capability Platform Capability requirements to perform tasks to standard under given conditions System Component • Team • Penn State, CUNY, IBM, ARL, Aberdeen, Imperial, IBM-UK, Dstl • Goal • Develop technologies to capture mission requirements and to configure, provision and optimize sensor information fusion infrastructure to best support the mission requirements. • US/UK Collaborations • IBM UK and IBM US working on applying message fabric infrastructure to sensor networks. • Key Achievements for 2006 • Developed algorithms for optimal assignment of sensors to missions • Pioneered use of message queue infrastructure for sensor information processing. • 2007-2008 Objectives • Sensor Mission Matching • Mission Specific Network Configuration • Direction and Dissemination • Military Relevance • Optimal use of resources to get “best” and most important intelligence in a timely manner to the right parties
Project 9: Complexity Reduction of Sensor Deployments Mission Tasking CMC Central Mission Control Central Banking Authority Sensor Tasking Process Choreography Mapping of Missions Into Budget Decisions QoS Layer (Security, Management & Monitoring Infrastructure Services) Data Architecture (meta-data) & Business Intelligence Governance Integration (Enterprise Service Bus) Budget Allocations Service Composition C C C C C C C Mission Commanders Component Discovery Tactical Information Bids for services Optimized Deployment Bidding Strategies Systems domain Network domain SN Allocation Decisions SN SN SN Sensors Allocation Policies SN SN SN Sensor Networks • Team • RPI, IBM, CUNY, ARL, Aberdeen, Southampton, IBM-UK, Dstl • Goal • Develop technologies to capture mission requirements and to configure, provision and optimize sensor information fusion infrastructure to best support the mission requirements. • Key Achievements for 2006 • Developed paradigm for sensor as a distributed network database • Development of opportunistic routing mechanisms for sensor networks. • 2007-2008 Objectives • User Oriented Information Processing and Retrieval Paradigms • Semantically Mediated Data Fusion • Root Cause Analysis and Overload Protection • Military Relevance • Simplify the management and interpretation of sensor information by the warfighter during tactical operations.
Project 10: Mission Adaptive Collaborations Analyze Military Task Develop Reasoning Model Evaluate Accuracy Of Model Agent implementing Reasoning Model Validate with Human Team • Team • Boeing, CMU, CUNY, ARL, Aberdeen, IBM-UK, Dstl • Goal • Develop and validate a theory for agile, adaptive collaboration among humans and software agents . • US/UK Collaboration • Aberdeen and CMU have significant rotation and cross-collaborative activities • IBM UK in significant studies with US Military Academy, West Point • Key Achievements for 2006 • Second Life Metaverse system based validation for Recognition Primed Decision Model • Analysis and Models of of Variability in Complex Collaborative Processes. • 2007-2008 Objectives • Models of Hybrid Human Agent Teams: Agent support for ad hoc adaptive teamwork • Perform task analysis of military tasks • Develop models of hybrid human-agent teamwork • Develop agent technologies to implement the models • Computer Mediated Social Interactions • Establish game/simulation environments where people and agents can collaborate • Develop analysis methods that reveal team activities and context • Military Relevance • Enable the war fighters in coalition to understand when and how to collaborate and use software assistance for improved effectiveness.
Project 11: Cultural Analysis • Team • Klein, Columbia, Boeing, ARL, Cranfield, IBM-UK, SEA, Dstl • Goal • Understand the differences in cultural behavior between US and UK and mitigate the frictions of culture in coalition operations • advance the state of the art in cultural analysis in cognition, language, social interaction to improve coalition operations. • Key Achievements for 2006 • New methodology for cultural network analysis was developed. • 2007-2008 Objectives • Cultural modelling of Planning and Intent • Analysis of culturally dependent communication patterns • Military Relevance • mitigates the friction of culture in coalition operations.
Project 12: Shared Situational Awareness Semantic Integration Techniques MAFRA GLUE PROMPT Others Empirical Evaluation Semantic Integration Information Exploitation Rules (Adaptive Selection, Automatic Parameterization) Task 2 Task 1 Information Exchange Communication & Collaboration Integrative Framework for Semantic Integration Shared Understanding Information Representation • Team • Boeing, RPI, Honeywell, Klein, Southamton, IBM-UK, Dstl, • Goal • Develop technologies and techniques to improve coalition interoperability, information exploitation, shared understanding and collaborative planning through semantic integration, improved information representation and formal plan representation. • US/UK Collaboration • Southampton and RPI working together on semantic technologies • Boeing and IBM-UK working on collaborative planning model • 2007-2008 Objectives • Semantic Integration and Interoperability • Plan representation with collaborative planning model • Military Relevance • Improved situational awareness and better planning tools.
Project 3 Biologically Inspired Self-Organization in Wireless Networks Champion: Pietro Lio, Cambridge and Vasilieos Pappas, IBM BBN IBM Research CMU University of Cambridge Roke Manor Research Ltd
Project 3 Team • US • Academia • Srini Seshan, CMU • Don Towsley, Jim Kurose, U. Massachusetts • Industry • Vasilieos Pappas, Kang-won Lee, Asser Tantawy, IBM • Prithwish Basu, BBN • Government • Ananthram Swami, ARL • UK • Academia • Pietro Lio, Jon Crowcoft, Cambridge • Industry Mark West, RMR • Government • Abigail Solomon, Tom McCutcheon, Dstl
Project 3 Overview • Goal • Leverage millennia of evolution of biological systems to design better wireless networks • US/UK Collaborations • Cambridge, CMU and IBM US working together on BioInspired Topology Control Mechanisms • Cambridge, U. Mass and BBN working together on dynamic graphs • Cambridge, U. Mass, ARL and IBM working together on organization of BioWire. • Key Achievements for 2006 • Developed algorithms for identification of hidden patterns in communication graphs. • Organization of BioWire 2007 as a catalyst for biologically inspired approaches • Using the Human Circulation Model to design efficient duty-cycling wireless sensor networks • 2007-2008 Objectives • Task 1: Mobility Models for Dynamic Graphs and Information Dissemination • Task 2: MANET Topology Control • Military Relevance • Develop self-organizing systems that are as resilient as biological systems.
Using the Human Circulation Model to design efficient duty-cycling wireless sensor networks Project 3 Achievements Biologically-inspired techniques for resilient self-organizing networks Key Collaborations Enabled • Cambridge (Lio), CMU (Seshan) and IBM US (Pappas) --- bio-inspired topology control mechanisms • U. Mass (Towsley), Cambridge (Crowcroft/Lio), and BBN (Redi) --- dynamic graphs ITA-Sponsored Biowire 2007 Workshop • Focus on bio-inspired design of wireless networks • Organized by ARL-Dstl-IBM-Cambridge with over 50 confirmed speakers • University of Cambridge, 2-5 April
Mobility Models for Dynamic Graphs Simple biological network Lethal Slow-growth Non-lethal Unknown • Problem • What are representative models for dynamic graphs representing MANETs? • Hypothesis • Dynamic graphs representing MANETs represent topology patterns and information dissemination models that are isomorphous to those found in epidemic spread of viruses. • Validation of Hypothesis • Obtain traces of mobility of dynamic wireless networks from U. Massachusetts DieselNet Infrastructure • Obtain mathematical models representing movement and information dissemination patterns. • Compare patterns to those obtained from epidemiology patterns found in Cambridge research efforts. • Determine Similarities and Differences • If hypothesis can be validated • Apply distributed models of epidemic propagation to disseminate information in military networks. Small Hop Count Wireless Network
MANET Topology Control Lungs Heart Artery Vein Blood flow Cells Capillary • Problem • How can we develop a good topology representing the structure of MANETs and wireless sensor Network? • Assertion • Synchronization Pulses created by Circulatory Systems provide a good approach for energy-efficient duty-cycling in wireless sensor networks. • Models for epidemiological propagation and assembly of circulatory systems provides mechanisms for distributed self-organization • Approach • Develop a network design algorithm modeled after circulatory system. • Obtain mathematical models representing growth of biological networks. • Adapt biological models to analyze topology formation in MANETs and compare effectiveness to non-biological approaches. • e.g. Ant Colony Optimization Mammalian Circulatory System
Natural Language Vocabulary Policy SpecificationLayer Natural Language Specifications Battle Space Ontologies Abstract PolicyLayer Abstract Policies Special-purpose Modeling Notations Concrete PolicyLayer Cross-cutting Interaction Models Real-time Updates State Machines, ACLs, Other ConfigLanguages Implementation and ConfigurationLayer Platform-specific Configurations Security Across a System-of-Systems (Mcdermid York, Agrawal IBM-US) Fundamental underpinnings for adaptive security to support complex system-of-systems and ad hoc coalition teams • Policy based security management (Calo, IBM-US) • Energy efficient security architectures and infrastructures (Paterson, Royal Holloway) • Trust and risk management in dynamic coalition environments (Murdoch, York) FY08-09 Objectives • Fixed infrastructure free security mechanism • Enablement of secure dynamic communities of interest • Identity based trust management systems for MANETs
Project 4 Policy based Security Management Champion: Seraphin Calo, IBM Honeywell Aerospace Electronic Systems IBM Research Columbia University University of Cambridge Imperial College
Project 4 Team • US • Academia • Steve Bellovin, Columbia • Industry • Seraphin Calo, Jorge Lobo, IBM • Thomas Markham, Honeywell • Government • Greg Cirincione, ARL • UK • Academia • Jon Crowcoft, Cambridge • Morris Sloman, Emil Lupu, Imperial • Government Chris Lloyd, CESG
Project 4 Overview • Goal • Automate the process of enforcing and validating operational security policies into coalition networks. • US/UK Collaborations • Imperial and IBM UK working together on developing policy analysis and refinement algorithms. • Cambridge and Columbia working together on policy enforcement in coalition MANETs. • Key Achievements for 2006 • Developed architecture for self-managing secure cells in dynamic environments. • Specifications for formal representations of security policies in coalition networks. • 2007-2008 Objectives • Task 1: Policy Refinement Algorithms • Task 2: Foundations for Policy Specification and Analysis • Task 3: Policy based Enablement of Secure Dynamic Communities • Task 4: Distributed Policy Enforcement for Secure Information Flows • Military Relevance • Simplify compliance with security policies of coalition networks.
Policy Operation in Coalitions US: Share Mission-Critical Information on Need to Know Basis US: XML Representation US: Policy possible with known configuration Commanders Specifies Operational Policies Policy System Translates Operational Policies Into Machine-Readable Operational Policies Policy System Analyzes Operational Policies for conflicts/errors UK: Isolate Coalition Traffic from UK only traffic UK: Isolation Not Feasible: require additional Comm. Vehicle UK: XML Representation Policy System Validates Compliance In Post-Mortem US: CIM-SPL/XACML representation of access control, Encryption and communication policies Policy System Refines Operational Policies Into Deployable Policies Compare Black Box and Monitored Information to Policy UK: CIM-SPL representation of Comm Equipment Access Filters Policy System updates Devices to Policies Effective Post Operation MANET Devices Enforce Policies Policy System Distributes Deployable Policies to MANET Devices Enforcement Support, Black Box device Capture Enforcement Support, Black Box device Capture A distributed messaging system designed for MANETs
Research Challenges Formal Representations Available for some domains Available for some Policy Models Analysis Definition Translation Task 1 Task 2 Deconflicting Algorithms Refinement Algorithms Task 1 Coalition Compatibility Analysis Incorporating Experiences Audit Red – Unsolved Research Problems Refinement Green – Known in State of Art Task 1 Policy Auditors & Validators Refinement for Security Policies Policy Models and Languages Task 4 Task 3 Reset Enforcement Deployment Enabled by Refinement Enforcement with Power Constraints Deployment in MANET environments Available for Wired Environments C&N CTA MANET Infrastructure Enforcement understood in wired networks
Policy Refinement Large Scale Analyses of NL and FL Policies Survey & Coding of Related Practices System Side Algorithms & Tools User Side Policy Specification Author NL policies Convert NL policies to FL policies Author FL policies Convert FL policies to NL policies In Natural Language Subclasses (NLS) Policy Presentation Processing & User Interaction In a Formal Language (FL) User-Level Paradigms for Preferences User Preferences in a FL Privacy / Security Ontologies Abstract Policy Models Policy Ratification Goals, High Level Policies In System Context Policy Transformation Policy Synchronization Preference Specification Tools Concrete Policy Sets Policy Authoring Policy Ratification AC & Audit Policies Data User Risk Choices & Model Model Model Consent Information Control Flow Policy Transformation Policy Synchronization Executable Policies Databases, XML Stores, Rule Engines, State Machines, etc Human Factors Based Design & Usability Studies Goals: Establish a layered policy model to reason about dynamic security policies. Develop algorithms for refinement of policies between levels. • A layered policy model has been formulated with four levels • Specification, Abstract, Concrete, and Executable. • At each layer • policies need to be represented in a suitable notation • Transformation procedures • map between the policies between layers
Theoretical Foundations for Policy Specification and Analysis 2. Safety, liveness goals compilation 3. Abstract state machine 1. User Intuitive notation refinement analysis Feedback on feasibility 6. Policy negotiation 5. System and concrete policies 4. Concrete state machine enforceability • Analyze Policies at different levels • Algorithms for feasibility and analysis • Determination of deployability and enforceability • Applicability analysis • Conflict removal and negotiation across domains
Policies to Enable Secure Dynamic Community Establishment • Objective • define policy-based algorithms for establishing communities of mobile entities • Develop Algorithms for • policy deployment in response to changing conditions in dynamic communities • revocation of non-relevant or unsafe policies. • Discovery, authentication and role-assignment of network elements • Self-management and self-protection • negotiation of trust relationships
Distributed Policy Enforcement for Secure Information Flows Outside A B C Develop dynamic, distributed security mechanisms for information flows. Adapt network structures to optimize information dissemination. • Schemes for optimizing flows based upon the filtering requirements of end nodes in the system. • Aggregation of secure flows to minimize transmissions • Development of an abstract policy algebra for distributing security enforcement throughout a MANET. • Exploit Policy Algebra for deployment and enforcement • Let C(Pi) be the cost of a policy being installed at node i. • Switch configuration if C(PA) < C(PB) + C(PC) • Let R(Pi) be the risk function of Policy P at node i. • If R(Pi) > L, reject policy deployment
Project 5 Energy Constrained Security Mechanisms for MANETs Champion: Kenny Paterson, Royal Holloway IBM Research City University of New York University of Maryland University of York Royal Holloway University of London Roke Manor Research Ltd.
Project 5 Team • US • Academia • Jonathan Katz, UMD • Kent Boklan, CUNY • Industry • Pankaj Rohatagi, Tal Rabin et. al. IBM • Government • Richard Gopaul, ARL • UK • Academia • Kenny Paterson, Stephen Wolthusen, RHUL • John Mcdermid, John Clark, John Murdoch, York • Government Helen Phillips, Dstl
Project 5 Overview • Goal • Enable security for information flows in flexible dynamic coalitions with multiple communities, dynamic node mobility and constrained power. • Pioneer use of new security infrastructures, key management techniques and lightweight security mechanisms/protocols in dynamic, mobile, ad hoc military networking environments • Understand interactions between security and heterogeneity in military networking environments • make security an enabler rather than a hindrance for collaboration in dynamic CoIs • US/UK Collaborations • RHUL, UMD and IBM US working together on applying threshold cryptography to MANETs. • Key Achievements for 2006 • Developed techniques for inter-operation of entities with different trust authorities to enable dynamic coalition formation. • Developed usage models and scenarios for Identity based keying in MANET environments. • 2007-2008 Objectives • Threshold approaches to building security services in MANETs • Lightweight security infrastructures for MANETs • Mechanisms enabling secure information flows • Military Relevance • Efficient security protocols for better efficiency of coalition networks
Threshold Cryptography for Survivable MANET Infrastructures • What are the cryptographic solutions for complex situations which have • Low interaction and low computation • Adaptive thresholds • Require graceful degradation with number of compromised nodes • Distributed key management with provable signing properties
Lightweight Security Infrastructures for MANETs TA Authentic public parameters Secure channel Alice’s ID • Goal: • Investigate alternative security infrastructures for MANETs • Approach using ID-PKC and CL-PKC • Public keys derived directly from system identities (e.g. an IP address). • Private keys generated and distributed to users by a Trusted Authority (TA) using a master key. • Allows encryption without certificates or directories • Challenges • How to perform Namespace/identifier selection for scalability and interoperability • How to develop distributed trust authorities
Secure Information Flow Goal: Develop mechanisms for secure information flows in MANETs Understand trade-off between availability and protection in presence of compromised nodes: • Challenges: • What is the right security metadata semantics for MANETS • How can one handle uncertainty in labels and data transformation • What are the efficient metadata transmission methods. • How does one detect and react to breaches in metadata integrity Wired or Satellite Infrastructure Info Flow X
Project 6 Trust and Risk Management for MANETs Champion: John Clark, York IBM Research University of Maryland University of York Cranfield University Royal Holloway University of London
Project 6 Team • US • Academia • Virgil Gligor, UMD • Industry • Dakshi Agrawal, Josyula Rao et. al. IBM • Government • Natalie Ivanic, ARL • UK • Academia • Kenny Paterson, Shane Balfe, RHUL • John Mcdermid, John Clark, John Murdoch, York • Howard Chivers, Cranfield University • Government Olwen Wirthington, Dstl
Project 6 Overview • Goal • Incorporate the concept of acceptable trust in coalition operations to make security and enabler of coalition operations, as opposed to a hinderance. • US/UK Collaborations • York, RHUL and IBM US working together on development of trust and risk calculus. • Key Achievements for 2006 • Developed techniques for fuzzy logic based risk calculation and access control. • 2007-2008 Objectives • Dynamic Distributed Risk Estimation in MANETs • Risk Calculations • Military Relevance • Enable an understanding of trust and risk trade-offs in coalition operations
Risk and Trust Estimation in MANETs: Technical Approach Adversary Model Adversary Model Adversary Models To trust or not to trust? That is the question • Goals • Define trust that is usable in MANETs • Advanced probabilistic mechanisms for computing trust • Algebra for composing trust in an adhoc network • Develop Feedback mechanism/learning algorithms for adjusting recommendation weights • Subactivities • Develop formal adversary models • models of adversary behavior are a crucial factor in determining risk. • Develop trust calculus and logic • Provides a way to combine and computer metrics for trust • Develop boot-strapping protocols and mechanisms • How does one establish trust in the beginning • How can initialization steps be simplified and more efficient. Armed Person Approaching Trust level is high Trust Algebra Initial Bootstrapping
Risk Information, Policy & Decision Support • Goal: Algorithms and Mechanisms to • Determine factors affecting risk decisions • Determine information needed for risk decisions • Handle lack of required information • Formulate risk policy formulation and control its evolution • Express risk data to make it usable • SubActivities • Extension of fuzzy logic risk calculation mechanisms to uncertain environments and risk modulating factors. • Automatic Inference of risk policy and its evolution with additional factors • Presentation of risk – How to incorporate factors of timeliness, operational effectiveness and security exposure when summarizing risk of an activity
