Policy Based Access Management

According to ACT, NEC is a business model intended to federate capabilities through a service based model or service oriented architecture (SOA). This model requires the ability to structure policies, doctrine, and processes in an ownership decentralized environment.56

Service-oriented architecture (SOA) is a platform for building heterogeneous interoperable information services that require uniform access to data stored in distributed repositories. SOA provides common infrastructure for data access, integration, provisioning, cataloguing, and security services.

Common security architecture for SOA involves extended use of policies for manageable security services. Policies are created and controlled by a designated service administrator or by an organization that owns the service or resource. Policies allow for adjustable security services and can be used for service negotiation. In grid environments, policies are typically managed by a virtual organization (VO), which provides attributes and identity management services for member organizations. A VO is created on the basis of an agreement and combines users, resources, and associated services. Due to the potentially complex structure of VO or other associations of services and resources in SOA, access control services must be designed to handle multiple policies related to both service level and resource level.57

Policy Based Access Control is a strategy for managing user access to one or more systems, where business classification of users is combined with policies to determine what access privileges a user should have. Theoretical privileges are compared to actual privileges, and differences are automatically applied to manage system.58

Hence, policy based access management regulates the access control to information, networks, systems, applications, and services in an NEC environment. Although “duty to share” is the trend, it is necessary to continue to manage the “need to know” principle. Only personnel who have the need to access the information, system, etc., can access it. Equally important as accessing the information is controlling the requirement that the person who accesses it has the right permissions. Confidentiality continues being a primary requirement in an NEC.

Policy based access management must be elaborated, taking into consideration users and object (information, system or network element, application or service) attributes. Identity and security clearance are the traditional parameters used for personnel access control, but in an NEC other criteria, such as time, location, and relevance, are also required.

Finally, it is important to highlight the electronic labelling as an essential aspect for identifying and categorizing each element requiring access and for applying a strong access policy.

56

Op. Cit. 2

57 _{Dr. Yuri Demchenko, advanced internet researcher group, University of Amsterdam} [http://www.touchbriefings.com/pdf/1426/ACF2BA.pdf ]

58

[86]

8.4.

_{NECCS. The Services}

NECCS services are systems, applications, or activities aimed at providing the security properties required by an NEC. These security properties include: integrity of information, integrity of labels, authorship and source guarantee, sender and receiver non-repudiation, availability of information, availability and resilience of computers, computers networks, and information systems, need to know and information confidentiality.

NECCS services, at the same time, should make NEC security requirements compatible with NEC operative requirements, such as information visibility, accessibility, manageability, reliability, and usefulness.

Identity Management (digital signature, strong authentication, PKI), time stamping, encryption, dynamic risk management, products security certification, standardization, security policies, and education are some of the security services that NEC must implement to provide the security properties mentioned above. These services are described below:

Identity Management should provide information regarding a user’s role, rights, and privileges for accessing a particular piece of information, system, network, application, or service. In a federation context, identity management is essential for controlling the access to multiple heterogeneous systems and interconnected networks and for acting as a single logical system.

Time Stamping is an important service that should be provided in an NEC. It can ensure that certain actions have been performed in a precise time, thus providing a guarantee of the information update. It can also be used to guarantee that data have existed and have not been modified since a particular moment. Thus, it meets the reliability operational requirement of NEC.

Encryption continues being the essential mechanism to ensure confidentiality of information. In a federation context, multiple certified and interoperable cryptographic equipment is needed. Regarding algorithms, the evolution of suite B (public) algorithms and their implementation through software open the possibility of replacing crypto hardware with future software solutions that will allow an important cost reduction and increased interoperability.

Dynamic Risk Management. In NEC, data to support risk assessment should be continually renewed in order to determine the level of actual risk. This new service is called Dynamic Risk Management. Assets (their value and impacts), threats, vulnerabilities, and even security measures are constantly reviewed and updated, and the level of risk based on these data is continuously calculated. The automation of processes for data collection, overall assessment, and risk determination is essential to bring this concept to reality.

[87]

Products Security Certification. The process of certification is needed to ensure the implementation or acquisition of IT products and applications that have been previously studied, analyzed, and tested in a controlled environment or lab by a reliable organization according to criteria defined and agreed upon by the international community (Common Criteria for Information Technology Security Evaluation or CC)).

Security certifications have so far been the recognized and accepted method of confidence, indicating that a specific product or system has a certain level of security.

In NECCS, products security certification should become a balance point between the need of a guarantee regarding accuracy and goodness of security products and the need to use the latest technology in a rapidly changing technological environment.

In addition, there is a need for a security evaluation system. This should be internationally agreed upon, faster and more efficient, and more consistent with the current speed of the IT evolution.

Standardization refers to the use of common products, processes, procedures, and policies to facilitate attainment of business objectives.59 It is used to achieve interoperability and secure communications among NATO equipment. Furthermore, standardization also reduces the need for new and expensive developments. However, it is necessary to remember that security standards should never be relaxed in order to maintain trust between organizations.

Security policies are essential for all organizations. With such policies, the general security lines to follow are defined, and all security procedures to be implemented are based on them.

One significant aspect of NECCS is a set of policies and regulations addressed to build security, trust, and confidence among users and organizations when handling and sharing information. Policies in themselves are ineffective; their potential to be effective is directly proportional to the support they receive from the power structures of the organization.

Education. One of the main pillars of security is people. Consequently, it is vital to define and implement a complete security awareness, training, and exercise program for all NEC users, CIS related people, NECCS related staff, and NEC authorities. Education must be considered a service to be provided by an NEC as other security service, and e-learning is the model that most precisely meets NEC requirements.

59

[88]

8.5.

_{NECCS. The Technology}

There is a prevailing idea that technology is mature enough to respond to all challenges that NEC entails. However, the reality is not the case. Although technology could be sufficient in theory, in practical terms there is a lack of reliable physical implementations that provide an efficient way to address some critical security issues. These issues include virtualization, multilevel systems, secure wireless, event correlations, electronic generation, management and distributions of keys, multilevel systems, robust confidentiality by software, secure e-labelling, and object level protection.

In the future various emerging technologies may be useful. Some of these technologies include: virtualization, whose security features are not yet mature, will provide great flexibility; secure wireless systems, for which mobility is necessary; event correlation systems; key generation, management, and distribution electronic systems; and multilevel systems that allow different levels access in the same environment. Nevertheless, so far all these technologies need a higher maturity level to be implemented in NEC.

The maturity level of security technology is an important factor to determine the way to approach an NEC implementation, whether top down or bottom up.