Information Sharing and Security in Dynamic Coalitions Steven A. Demurjian
advertisement
CSE 4701 Information Sharing and Security in Dynamic Coalitions Steven A. Demurjian Computer Science & Engineering Department 371 Fairfield Way, Box U-2155 The University of Connecticut Storrs, Connecticut 06269-2155 http://www.engr.uconn.edu/~steve steve@engr.uconn.edu Chaps22-1 Overview of Presentation CSE 4701 Introduction and Motivation Preparedness Scenarios (Civilian and Military) The Dynamic Coalition Problem Civilian Organizations Military Involvement/GCCS Information Sharing and Security Federating Resources Database Interoperability Syntax, Semantics, and Pragmatics Data Integrity Access Control Conclusions and Future Work Chaps22-2 Crisis and Coalitions CSE 4701 A Crisis (Event) is Any Situation Requiring Regional, National or International Attention as Determined by the President of United States/UN A Coalition is an Alliance of Organizations: Governmental (Federal, State, and Local), Military, Civilian, International or Combination A Dynamic Coalition is Formed in a Crisis and Changes as Crisis Develops, with the Key Concern Being the Most Effective way to Solve the Crisis Dynamic Coalition Problem (DCP) is the Inherent Security, Resource, and/or Information Sharing Risks that Occur as a Result of the Coalition Being Formed Quickly Chaps22-3 Crises in 2005 CSE 4701 Tidal Wave in Southeast Asia Hurricanes in US Katrina – Louisiana and Mississippi Rita – Texas and Louisiana Mudslides in Guatemala Earthquake in Pakistan/India Key Issues for US Crises: Both Hurricanes Involved Large Populations of Underinsured and Uninsured Rita had Notice – Evacuation Hampered/Slow Relief Hampered by Total Failure of Power, Particularly in New Orleans Coalitions Difficult to Form and Utilize Chaps22-4 Crises in 2007 CSE 4701 October 2007 Fires in Southern California What is the Typical Impacted Family? Middle to Upper Middle Class? Insured vs. Uninsured? Individuals Evacuated Great Distances from their Homes Difficulty in Tracking Medical Records Residual Smoke Causing Respiratory Issues Elsewhere Impact on Cities and Urban Areas Underinsured and Uninsured Populations Coalition Must Systematically Deal with Both Population Groups from the Same Event Chaps22-5 International: Near Simultaneous Crises CSE 4701 Crisis Point NATO Hq Olympic Games BOSNIA (NATO) KOSOVO (US,UK) Earthquake (United Nations) Ship Wreck (UK,SP) Chaps22-6 Emergent Need for Coalitions CSE 4701 “Coalitions must be flexible and no one coalition is or has the answer to all situations.” » Secretary of Defense, Donald Rumsfeld “Whenever possible we must seek to operate alongside alliance or coalition forces, integrating their capabilities and capitalizing on their strengths.” » U.S. National Security Strategy “Currently, there is no automated capability for passing command and control information and situational awareness information between nations except by liaison officer, fax, telephone, or loaning equipment.” » Undersecretary of Defense for Advanced Technology Chaps22-7 Dealing with Crises in CT CSE 4701 Uninsured/Underinsured Patients are Difficult to Manage/Treat from an Informatics Perspective Move from State Agency to Agency Visit Many Diverse Health Care Providers Incomplete/Inconsistent Data for Each Visit Treatment of Chronic Diseases is Difficult Consider Asthma – Many Different Types, Treatment Plans, Medication Regimes, etc. History, Symptoms, Past Meds, etc., all Vital to Deal with Current Problem Problematic with Incomplete/Missing History One Individual at a Time – What Happens when there is a State-Wide Event that Impacts 10,000? Chaps22-8 National Preparedness Scenarios CSE 4701 Major Events or Natural Disasters that Impact Health Care May be Impossible to Handle Various Preparedness Scenarios for: Pandemic Influenza Toxic Industrial Chemical Release Earthquake or Major Hurricane Wide Scale Forest Fires (October 2007) Irrespective of Accident or Terrorist Cause These Events Could Result in Respiratory Impact Underinsured/Uninsured Disproportionately Young and Old Populations Vulnerable Correct and Complete Patient Data Vital to Insure Timely Treatment/Minimize Deaths Chaps22-9 Consider Respiratory Event in CT CSE 4701 What Happens if there is a Chemical Gas Release Off of Route 91 North of Hartford? Deal with Patients with Respiratory Issues Assemble Appropriate Agencies/Personnel Health Infrastructure/Ambulances/ERs Integrate Patient Data from Myriad Sources CT Agencies: EPA, Public Safety, PH Gas Cloud Drifting – Weather/Wind Forecast Transcend Barriers of: HIPAA Disparate Databases from Federal/State Agencies, Hospitals, Clinics, Insurers, Pharmacies, etc. Chaps22-10 Consider Respiratory Event in CT CSE 4701 Dealing with Different Patient Populations? Insured Populations: Less Dispersed Profile of Medical Visits Easier to Obtain Compete Patient Records Underinsured/Uninsured Populations: Varied/Disparate Visit Profile Changing Addresses/Homeless Cycle Among State Agencies, Providers Higher Rates of Respiratory Illnesses Coalitions Need to Deal with All Potential Patients Difficulty with Underinsured/Uninsured Populations Means Potential for Incorrect Care Chaps22-11 National Preparedness Scenarios CSE 4701 Issued by Homeland Security – 15 Scenarios Intended to Assist Federal, State, and Local, Govts. and the Private Sector in Preparedness When Event Occurs, Must Deal with Citizens: Needing Urgent Medical Treatment Those that Seek Care not Required (in 9/11, this was 15 times actual number) Must Deal with Infrastructure Impact Breakdown of Transportation, Communication, Medical/Utility Infrastructure, etc. Issue for 9/11; Catastrophe for Katrina Potential for International Assistance as Well Chaps22-12 Mission Areas for Scenarios CSE 4701 Emergency Assessment/Diagnosis Detect Incident, Determine Impact, Monitor Environment, Notify Governments Emergency Management/Response Direct, Control, Coordinate Response Prove Emergency Public Information for Population at Risk Population at Large Incident/Hazard Mitigation Control, Collect, and Contain Incident Public Protection Provide Initial Warnings to at Risk/at Large Shelters, Evacuation, Transportation, etc. Chaps22-13 Mission Areas for Scenarios CSE 4701 Victim Care Treat Victims at Scene, Transport, etc. Treat Patients at Medical Facilities Track and Notify/Security of Evidence Investigation/Apprehension Cause of Attack – Even a Gas Leak needs to be Checked to Insure NOT Terrorist Act Evidence of Crime Must be Preserved Recovery/Remediation Restore Essential Services, Businesses, Economy, Return Evacuees Provide Support for Area, Victims, Long-Term Medical & Mental Health Services, etc. Chaps22-14 Scenario 6: Chemical Attack CSE 4701 Not Limited to Terrorism – Could be Just a Local Event at a Chemical Plant or Storage Tank Emergency Assessment/Diagnosis Scope of Gas Release, Prediction of Cloud Path Emergency Management/Response Notify, Evacuate, Assemble Resources Incident/Hazard Mitigation Understand Health Vulnerabilities of Cloud Impact of Rain, Wind, Spraying Foam, etc. Public Protection Cell Phone/Text Message Notification (Storrs) Victim Care Key Issue – Also Preventive as Well Chaps22-15 Scenario 6: Chemical Attack CSE 4701 Key Implications 7,000 in Actual Downwind Area Half will Die Before/During Treatment Additional 15% Hospitalization 70,000 Worried Well (Seek/Don’t Need Care) Long-Term Carcinogens, Damage to Internal Organs, Eyes Chaps22-16 Scenario 10: Natural Disaster CSE 4701 Emergency Assessment/Diagnosis Direct Impact (Infrastructure) plus Indirect Impact (Causes Another Event) Emergency Management/Response Infrastructure Loss – Difficulty in Notification Incident/Hazard Mitigation Wide Range of Potential Hazards Potable Water, Power (Heat), etc. Public Protection Problematic – Tied to Advance Warning Victim Care Wide Ranging w.r.t. Diseases/Injuries Chaps22-17 Scenario 10: Natural Disaster CSE 4701 Key Implications – Advance Warning Tourists/Residents – 48 Hours Massive Evacuation – 24 Hours Service Disruptions, Shelters Filled to Capacity, Search and Rescue, etc. Potential to Cause Another Event Chaps22-18 What is the Dynamic Coalition Problem? CSE 4701 Dynamic Coalition Problem (DCP) is the Inherent Security, Resource, and/or Information Sharing Risks that Occur as a Result of the Coalition Being Formed Quickly Private Organizations (PVO) Doctors Without Boarders Red Cross Non-Government Organizations (NGO) NYPD Government Agencies FBI CIA Military Chaps22-19 DC for Military Deployment/Engagement U.S. Global C2 Systems CSE 4701 Air Force NGO/ PVO OBJECTIVES: Navy Joint Command System Battle Management System GCCS Securely Leverage Information in a U.N. Battle Combat Fluid Environment Army Command Operations NATO Protect U.S.A System System Information While Simultaneously Army Marine Corps Promoting the Coalition Security Infrastructure in Support of DCP LFCS Canada HEROS Germany SICF France AFATDS ASAS ABCS CSSCS GCCS-A MCS SIACCON Italy FADD Other Chaps22-20 Medical Informatics CSE 4701 Security Requirements for Medical Records Privacy vs. Availability All Aspects of Security for Medical Information Treatment and Long-Term Care Insurance Claims and Future Insurability Nationalization of Medical Information Critical Aspect of Dynamic Coalition Problem (DCP) DCP - Security, Resource, and Information Sharing Risks for Alliance of Governmental, Military, Civilian, and International Organizations Bring Together Divergent Requirements to Support Life-Threatening Situation Rapid Availability of Patient Data in Emergency Situations Chaps22-21 Dynamic Coalition for Medical Emergency CSE 4701 Red Cross Transportation Pharma. Companies MDs w/o Borders Military Medics Govt. Govt. Local Health Care CDC EMTs ISSUES: Privacy vs. Availability in Medical Records Support Life-Threatening Situations via Availability of Patient Data on Demand RNs MDs Other State Health Chaps22-22 DCP Objectives for Crisis CSE 4701 Federate Users Quickly and Dynamically Bring Together Resources (Legacy, COTs, GOTs, DBs, etc.) Without Modification Dynamically Realize/Manage Simultaneous Crises Identify Users by Roles to Finely Tune Access Authorize, Authenticate, and Enforce a Scalable Security Policy that is Flexible in Response to Collation Needs Provide a Security Solution that is Portable, Extensible, and Redundant for Survivability Include Management/Introspection Capabilities to Track and Monitor System Behavior Chaps22-23 Military Coalition Clients Using Services CSE 4701 U.S. Army Client Federal Agencies (FEMA, FBI, CIA, etc.) Client Resources Provide Services COTS LFCS (Canada) U.S. Navy Client SICF (France) French Air Force Client HEROS U.S. Legacy System (Germany) SIACCON NATO Database Client German COTS Client NATO SYS (Italy) NGO/PVO (Red Cross, NYPD, etc.) Client GCCS (US) NGO/PVO Resource Chaps22-24 Joint and Combined Information Flow Common Operating Environment CSE 4701 ARMY Combined: Many Countries GCCS-A GCCS CORPS Joint Task Force ABCS MCS XX Coalition Partners NATO Systems Coalition Systems Marines DIV Air Force GCCS-M FAADC2I MCS Adjacent Navy GCCS-N GCCS-AF CSSCS AFATDS ASAS TBMCS TCO JMCIS X BDE BSA TOC MCS || BN || BN || MCS MCS CO FBCB2 Joint - Marines, Navy, Air Force, Army Chaps22-25 DCP: Combined Information Flow CSE 4701 Maneuver Logistics GCCS - Joint/Coalition - Air Defense/Air Operations Fire Support Combined Database Intelligence Network and Resource Management Chaps22-26 DCP: Global Command and Control System GLOBAL C2 SYSTEMS CSE 4701 MOBILE SUBSCRIBER EQUIPMENT DATA RADIO SATELLITE MISSION PLANNING MET SUPPORT INTEL SATCOM MANEUVER CONTROL TOPO AIR DEFENSE ARTY Client/Server AIR DEFENCE MET MISSION PLANNING SUPPORT INTEL MANEUVER CONTROL Client/Server SATCOM GCCS Provides: - Horizontal and Vertical Integration of Information to Produce a Common Picture of the Battlefield - 20 separate automated systems - 625 locations worldwide - private network ARTY TOPO Company AIR DEFENCE SUPPORT INTEL Client/Server SATCOM ARTY MANEUVER CONTROL Situational Awareness FBCB2 /EBC Tactical BATTLEFIELD C2Platoon SYSTEM EMBEDDED BATTLE COMMAND Internet FBCB2 /EBC Squad MOBILE SUBSCRIBER EQUIPMENT Chaps22-27 DCP: Global Command and Control System CSE 4701 Joint Services : Weather Video Teleconference Joint Operations Planning and Execution System Common Operational Picture Transportation Flow Analysis Logistics Planning Tool Defense Message System NATO Message System Component Services : Army Battle Command System Air Force Battle Management System Marine Combat Operations System Navy Command System a.k.a METOC TLCF JOPES COP JFAST LOGSAFE DMS CRONOS ABCS TBMCS TCO JMCIS Chaps22-28 DCP: Global Command and Control System CSE 4701 Common Operational Picture Common Picture Chaps22-29 DCP Objectives for Crisis CSE 4701 Federate Users Quickly and Dynamically Personnel Responding to Event Some Known in Advance, Others Dynamic Promote On-Line/Database Interactions Bring Together Resources without Modification Physical Resources/Response Equipment Information Resources – Databases and Patient Records from Myriad of Sources Monumental Task in Ordinary Situations Dynamically Realize/Manage Simultaneous Crises Event (Hurricane) causes Another (Chemical) Conflicting Resources/Limited Personnel Utilities Always Borrowing Workers Chaps22-30 Health Care Coalition Clients CSE 4701 State Police Informatics Infrastructure Federal Agencies (FEMA, FBI, CIA, etc.) Client UCHC CCMC St. Francis EMTs in Field Hartford Hospital DPH Hospital for Central CT CT EPA Weather/ GIS Hospital Access Utilities Power, etc. GIS State Database NGO/PVO (Red Cross, CT State Police, etc.) Clients CT Emergency Response DB NGO/PVO Resource Chaps22-31 Combined Information Flow CSE 4701 What is the Information Flow for Chemical Event? Maneuver Maneuver Air Defense/Operations Operations Emergency Headquarters Local Control Base Medical Coordination Base Intelligence Logistics Weather/GIS Resources GCCS - Joint/Coalition Interactions with Federal Agencies Local Governments Other States Combined Database Network and Resource Management Utilities Power Water etc. Chaps22-32 Coalition Tracking for CT Event CSE 4701 Common Operational Picture For CT Events, Need GIS Maps Weather Overlays, Location of Resources on Maps, etc. Common Picture Chaps22-33 DCP: Critical Requirements CSE 4701 Establish Roles to Information Repositories Responders, Emergency/Medical Personnel ... Coalitions Dynamic –Secure/Flexible Access Transcend HIPAA, Other Constraints Time Controllable Access to Information Time Limits on Users and Roles As Event Abates, Access Becomes Stricter Value Based Constraints on Access Multiple Events, Responders Limited Access Difficult to Federate Users and Resources Proprietary Databases in Different Formats Common (Virtual) Information Repository Chaps22-34 GCCS Shortfalls: User Roles CSE 4701 Currently, GCCS Users have Static Profile Based on Position/Supervisor/Clearance Level Granularity Gives “Too Much Access” Profile Changes are Difficult to Make - Changes Done by System Admin. Not Security Officer What Can User Roles Offer to GCCS? User Roles are Valuable Since They Allow Privileges to be Based on Responsibilities Security Officer Controls Requirements Support for Dynamic Changes in Privileges Towards Least Privilege Chaps22-35 User Roles and Coalitions CSE 4701 Emergent Events (Chemical) Requires a Response Some Critical Issues Who’s in Charge? Who is Allowed to do What? Who can Mobilize Governmental Resources? Roles can Help: Role for Event Commander(s) Roles for Event Participants/Personnel Roles Dictate Control over Resources For Katrina: Lack of Leadership & Defined Roles Army Corps of Engineers Only Allowed to Repair Levees – Not Upgrade and Change Chaps22-36 GCCS Shortfalls: Time Controlled Access CSE 4701 Currently, in GCCS, User Profiles are Indefinite with Respect to Time Longer than a Single Crisis Difficult to Distinguish in Multiple Crises No Time Controllable Access on Users or GCCS Resources What can Time Constrained Access offer GCCS? Junior Planners - Air Movements of Equipment Weeks before Deployment Senior Planners - Adjustment in Air Movements Near and During Deployment Similar Actions are Constrained by Time Based on Role Chaps22-37 Time Controlled Access and Coalitions CSE 4701 Multiple Events Require Ability to Distinguish Between Roles Based on Time and Crisis Occurrence of Rita (one Event) Impacted the Ongoing Event (Katrina) Need to Manage Simultaneous Events w.r.t. Time Different Roles Available at Different Times for Different Events Role Might be “Finishing” in one Event (e.g., First Response Role) and “Starting” in Another Individual May Play Different Roles in Different Event Individual May Play Same Role with Different Duration in Time w.r.t. its Activation Chaps22-38 GCCS Shortfalls: Value Based Access CSE 4701 Currently, in GCCS, Controlled Access Based on Information Values Difficult to Achieve Unlimited Viewing of Common Operational Picture (COP) Unlimited Access to Movement Information Attempts to Constrain would have to be Programmatic - which is Problematic! What can Value-Based Access Offer to GCCS? In COP Constrain Display of Friendly and Enemy Positions Limit Map Coordinates Displayed Limit Tier of Display (Deployment, Weather, etc.) Chaps22-39 Value Based Access and Coalitions CSE 4701 In Katrina/Rita, What People can See and Do May be Limited Based on Role Katrina Responders Limited to Katrina Data Rita Responders Limited to Rita Data Some Responders (Army Corps Engineers) May Need Both to Coordinate Activities For Chemical Event – Same Issue to Address Within Each Event, Information Also Limited Some Katrina Roles (Commander, Emergency Responders, etc.) see All Data Other Katrina Roles Limited (Security Deployment Plans Not Available to All) Again – Customization is Critical Chaps22-40 GCCS Shortfalls: Federation Needs CSE 4701 Currently, GCCS is Difficult to Use for DCP Difficult to Federate Users and Resources U.S. Only system Incompatibility in Joint and Common Contexts Private Network (Not Multi-Level Secure) What are Security/Federation Needs for GCCS? Quick Admin. While Still Constraining US and Non-US Access Employ Middleware for Flexibility/Robustness Security Definition/Enforcement Framework Extend GCCS for Coalition Compatibility that Respects Coalition and US Security Policies Chaps22-41 Federated Resources CSE 4701 RESOURCES Command&Control Vehicles Army Airborne Command & Control System JSTARS Unmanned Aerial Vehicle Satellites Army Battle Command System Embedded Command System INTEL FUSION Embedded Battle Command AIR DEFENCE Embedded Battle Command FIELD ARTILLERY Embedded Battle Command MANEUVER CONTROL Embedded Battle Command Common Picture PERSONNEL AND LOGISTICS Embedded Battle Command Fwd Support Element Ammo/Fuel Refit ABCS Bradley / EBC Embedded Battle Command Chaps22-42 Federation Needs and Coalitions CSE 4701 Katrina Devastated Basic Communication at All Levels There was No Need to Federate Computing Systems at Crisis Location with No Power, etc. Rita Event Known Well in Advance Didn’t Prevent Disorganized Evacuation, Running out of Fuel 10+ Hour Highway Waits Federation Must Coordinate Critical Resources 9/11 –Drop in Casualties was Database Problem Multiple DBs, Bad/Inconsistent Data, etc. Moral: If it Can go Wrong, it Will Go Wrong Chaps22-43 Database Interoperability CSE 4701 Federation of Resources Requires Database Interoperability to be Addressed Multiple DB Platforms (Oracle, Sybase, Informix) Incompatibility of Information Different DB Schemas that Contain Same Information Expressed in Different Tables Often Un-Normalized Inconsistency of Information Grid Coordinates with Different Meanings True North vs. Magnetic North Miles vs. Kilometers (US + NATO) Integration of Heterogeneous DB has Been LongStanding Research Area - Today Leveraging XML Chaps22-44 Database Interoperability Requirements CSE 4701 Oracle Legacy Database Systems Sybase AFATDS ASAS Format Change Modeling Enhanced Structures Application SPECIFIC FORMAT VISUAL INTERFACE Display Style 1 Informix Application SPECIFIC FORMAT PROCESSING LOGIC Intelligence Division Commander MCS Format Change Application SPECIFIC FORMAT VISUAL INTERFACE Application SPECIFIC FORMAT PROCESSING LOGIC Display Style 2 Brigade Commander Chaps22-45 Info Sharing/Access: Potential Pitfalls CSE 4701 Dealing with Information at Different Levels Syntax – Format of Information Semantics – Meaning of Information Pragmatics – Usage of Information When Unifying Databases/Information Repositories, Must Address all Three! Data Integrity and Data Security Correct and Consistent Values Assurance in All Secure Accesses Alternative Access Control Models Issues for Federating Information Repositories Chaps22-46 Syntactic Considerations CSE 4701 Syntax is Structure and Format of the Information That is Needed to Support a Coalition Incorrect Structure or Format Could Result in Simple Error Message to Catastrophic Event For Sharing, Strict Formats Need to be Maintained Health Care Data Suffers from Lack of Standards Standards for Diagnosis (Insurance Industry) Emerging Standards Include: Health Level 7 (HL7) Based on XML Formats Non-Standard for Different Health Organizations, Insurers, Pharmacy Networks, etc. N*N Translations Prone to Errors! Chaps22-47 Syntactic Considerations CSE 4701 Syntax is Structure and Format of the Information That is Needed to Support a Coalition Incorrect Structure or Format Could Result in Simple Error Message to Catastrophic Event For Sharing, Strict Formats Need to be Maintained In US Military, Message Formats Include Heading and Ending Section United States Message Text Formats (USMTF) 128 Different Message Formats Text Body of Actual Message Problem: Formats Non-Standard Across Different Branches of Military and Countries Chaps22-48 Semantics Concerns CSE 4701 Semantics (Meaning and Interpretation) NATO and US - Different Message Formats Distances (Miles vs. Kilometers) Grid Coordinates (Mils, Degrees) Maps (Grid, True, and Magnetic North) What Can Happen in Health Care Data? Possible to Confuse Dosages of Medications? Weight of Patients (Pounds vs. Kilos)? Measurement of Vital Signs? Dana Farber Chemo Death – Checks/Balances What Others are Possible? Chaps22-49 Syntactic & Semantic Considerations CSE 4701 What’s Available to Support Information Sharing? How do we Insure that Information can be Accurately and Precisely Exchanged? How do we Associate Semantics with the Information to be Exchanged? What Can we Do to Verify the Syntactic Exchange and that Semantics are Maintained? Can Information Exchange Facilitate Federation? Can this be Handled Dynamically? Or, Must we Statically Solve Information Sharing in Advance? Chaps22-50 Pragmatics Considerations CSE 4701 Pragmatics Require that we Totally Understand Information Usage and Information Meaning What are the Critical Information Sources? How will Information Flow Among Them? What Systems Need Access to these Sources? How will that Access be Delivered? Who (People/Roles) will Need to See What When? How will What a Person Sees Impact Other Sources? Focus on: Way that Information is Utilized and Understood in its Specific Context Can Medical Info be Misused even if Understood? Chaps22-51 Pragmatics Issues CSE 4701 Pragmatics - The Way that Information is Utilized and Understood in its Specific Context For Example, in GCCS Inter-TOC TOC-1 M-1068 M-1068 • Messaging • VMF • USMTF • Situation Awareness • BFA unique • Files and DB Snapshots • Unicast FTP • Multicast FTP • E-mail • Global Broadcast Satellite (GBS) • Database Replication Operational Operational Challenges Challenges • Autonomy • Autonomy • •Jump JumpTOCs TOCs • Split TOCs • Split TOCs • Survivability • Survivability • •Bandwidth Bandwidth Contention Contention • Scalability • Scalability TOC 2/A-Cell M-1068 M-1068 M-1068 M-1068 Intra-TOC Intra-TOC • ACDB DB • ACDB DB Synchronization Synchronization (RPC-based SR) (RPC-based SR) Tactical WAN Mixture of clients and servers M-1068 M-1068 TOC 2/B-Cell Chaps22-52 Information Pragmatics Considerations Pragmatics in Military-Led Coalition CSE 4701 GBS DSCS Node Estimate For CT Events, Coalition will have Similar Complex Structure • Many Different Systems • Alternative Communication Paths • Policies in Regards to Data Sharing • Interacting Databases Under Control (State Agencies) and External (Others) • Infrastructure (Power, Water, etc.) Concerns DR DR GBS SEN VTel BVTC Info/Intel/Plans BVTC Mobility BVTC TGT/Fires BVTC SEN SEN GBS DR DR BCV DR MVR BN GBS DR SEN DR MVR BN GBS 204FSB DR GBS DR DR 704MSB LEN Current FDD laydown has 53 autonomous Command Post/TOCs (i.e., nodes) GBS DR DR GBS CMDR DR BVTC DR Relay SEN GBS DR TAC 1st BDE GBS GBS GBS DR BVTC SINCGARS (FS) EPLRS (AD) GBS XX Sustainment XXX DR DISCOM DIV REAR SINCGARS (FS) EPLRS (AD) GBS 299 ENG DR For a full Corps >200 nodes MVR BN GBS 4-42FA X SEN GBS DIVARTY BVTC SEN XX Division Slice GBS DR GBS 124th SIG BN DR HCLOS XXX GBS DR SEN GBS GBS SINCGARS (FS) EPLRS (AD) BCV BVTC DR MVR BN GBS DR SEN GBS DR DR MVR BN GBS 4 FSB Relay DR GBS DR DR DR DR MVR BN GBS 3-16FA X DIV CDR DMAIN CMDR DR 2nd BDE A2C2S VTel DR TAC DIV CDR GBS BVTC 588 ENG GBS DR DR DR C2V Theater Injection Point (TIP) SEN GBS SINCGARS (FS) EPLRS (AD) HCLOS SEN DR DR DR DR DR DR GBS DR 4 ENG GBS DR TAC Basic Distribution Requirement • Distribution Polices • Automation & Notification • User Controls • Transport Mechanisms • System and Process Monitors • Security, Logs, and Archives CMDR BCV GBS SEN 404 ASB SEN GBS DR DR 4th BDE BVTC SINCGARS (FS) EPLRS (AD) GBS DR DR DTAC 1 BVTC BVTC SINCGARS (FS) EPLRS (AD) DR DR Relay SEN GBS DR 1/4 AVN BN DR GBS 2/4 AVN BN DR DR DR GBS Distribution Policy DR MVR BN GBS 64 FSB GBS DR DR GBS DR MVR BN GBS XX SEN DR GBS DR DR 3rd BDE MVR BN GBS DR DR 9-1FA 3-29FA DR 1/10 CAV CMDR BCV SEN GBS DR • What • How • When - Prioritized • Where - Encrypted - Network 1/10 CAV Sqdn Note: 3rd BDE not part of 1DD in Sep 2000. Chaps22-53 Integrity: Confidence in Information Content CSE 4701 Concerns: Consistency, Accuracy, Reliability Accidental Errors – All too Prevalent Crashes, Concurrent Access, Logical Errors Actions: Integrity Constraints (Correct Data Values) GUIs (Correctly Entered Values) Redundancy (Values are Backed Up Offsite: 9/11) Malicious Errors - Not Totally Preventable Individuals Seek to Interfere with Coalition Operations During Actual Event Actions: Authorization, Authentication, Enforcement Policy Concurrent Updates to Backup DBs Chaps22-54 Security: Confidence in Information Access CSE 4701 Assurance Do Security Privileges for Each User Support their Needs? What Guarantees are Given by the Security Infrastructure in Order to Attain: Safety: Nothing Bad Happens During Execution Liveness: All Good Things can Happen During Execution Consistency Are the Defined Security Privileges for Each User Internally Consistent? Are the Defined Security Privileges for Related Users Globally Consistent? Chaps22-55 What are Key Security Concepts? CSE 4701 Principal or Subject Entity (Person/Process/etc.) to Which Authorizations are Granted Can be a User, User Group, Program, Client, Protected Object (Chunk of Information) Known Object whose Internal Structure is Inaccessible Except by Protection System The Unit of Protection For Our Purposes: Patient Record, Patient Test, etc. Geographic Database, Weather Map, etc. Glossary from: Saltzer and Schroeder, “The Protection of Information in Computer Systems”, Proc. of IEEE, Vol. 63, No. 9, September 1975. Chaps22-56 What are Key Security Concepts? CSE 4701 Authentication Proving you are who you are Is the Client who S/he Says they are? Authorization Granting/Denying Access to Information Revoking Access to Information Does the Client have Permission to do what S/he Wants? Encryption Establishing Communications so that No One but Receiver Gets the Content of the Message Symmetric and Public Key Encryption All Three are Vital for Coalitions/Events Chaps22-57 What are Key Security Issues? CSE 4701 Legal and Ethical Issues Information Must be Protected (e.g., SSN) Information Must be Accessible (e.g., Medical Record) Policy Issues Who Can See What Information When? Applications Limits w.r.t. Data vs. Users? Access Control Models Govern the Way that Secure Access of Subjects to Objects is Controlled Ranges from User (Roles) to Data Control Also Includes Ability to Delegate Capabilities from One User to Another Chaps22-58 Role Based Access Control CSE 4701 What is Role Based Access Control (RBAC)? Roles Provide Means for Permissions to Objects, Resources, Based on Responsibilities Users May have Multiple Roles Each with Different Set of Permissions Role-Based Security Policy Flexible in both Management and Usage Issues for RBAC and DCP Who Creates the Roles? Who Determines Permissions (Access)? Who Assigns Users to Roles? Are there Constraints Placed on Users Within Those Roles? Chaps22-59 Discretionary Access Control CSE 4701 What is Discretionary Access Control (DAC)? Restricts Access to Objects Based on the Identity of Group and /or Subject Discretion with Access Permissions Supports the Ability to “Pass-on” Permissions DAC and DCP Pass on from Subject to Subject is a Problem Information Could be Passed from Subject (Owner) to Subject to Party Who Should be Restricted For Example, Local Commanders Can’t Release Information Rely on Discretion by Foreign Disclosure Officer Pass on of DAC Must be Carefully Controlled! Chaps22-60 Mandatory Access Control CSE 4701 What is Mandatory Access Control (MAC)? Restrict Access to Information, Resources, Based on Sensitivity Level (Classification) Classified Information - MAC Required If Clearance (of User) Dominates Classification, Access is Allowed MAC and DCP MAC will be Present in Coalition Assets Need to Support MAC of US and Partners Partners have Different Levels/Labels Need to Reconcile Levels/Labels of Coalition Partners (which Include Past Adversaries!) Chaps22-61 Other Issues CSE 4701 Intrusion Detection Not Prevention Intrusion Types: Trojan Horse, Data Manipulation, Snooping Defense: Tracking and Accountability Survivability Reliability and Accessibility Defense: Redundancy Cryptography Fundamental to Security Implementation Details (key distribution) Chaps22-62 Federating Information Repositories CSE 4701 Must Deal with Multiple Repositories/Databases Syntactic, Semantic and Pragmatic Differences Integrity, Consistency, Assurance Different Access Control Models Overcome Physical Issues Private Computer Networks Repositories Behind Firewalls Different Data Formats (Relational vs. OO) Reconcile Legal/Business/Political Issues What Info can be Released (HIPAA)? Is it in “my” Interest to Release Info (Bus.)? What is the Impact if I Don’t (Political)? I Own Data – Why should I Share? Chaps22-63 DCs for Clinical and Translational Science CSE 4701 Pfizer Bayer UConn Storrs UConn Health Center Saint DCF, Francis, DSS, etc. CCMC, … Info. Sharing - Joint R&D Support T1, T2, and Clinical Research Company and University Partnerships Collaborative Funding Opportunities Cohesive and Trusted Environment Existing Systems/Databases and New Applications How do you Protect Commercial Interests? Promote Research Advancement? Free Read for Some Data/Limited for Other? Commercialization vs. Intellectual Property? NIH FDA NSF Balancing Cooperation with Propriety Chaps22-64 Bioinformatics: Public Policy on Security CSE 4701 How do we Protect a Person’s DNA? Who Owns a Person’s DNA? Who Can Profit from Person’s DNA? Can Person’s DNA be Used to Deny Insurance? Employment? Etc. How do you Define Security Limitations/Access? What about i2b2 – Informatics for Integrating Biology and the Bedside (see https://www.i2b2.org/) Scalable Informatics Framework to Bridge Clinical Research Data Vast Data Banks for Basic Science Research Goal: Understand Genetic Bases of Diseases Chaps22-65 Bioinformatics: Public Policy on Security CSE 4701 Can DNA Repositories be Anonymously Available for Medical Research? Do Societal Needs Trump Individual Rights? Can DNA be Made Available Anonymously for Medical Research? De-identified Data Repositories Privacy Protecting Data Mining International Repository Might Allow Medical Researchers Access to Large Enough Data Set for Rare Conditions (e.g., Orphan Drug Act) Individual Rights vs. Medical Advances Chaps22-66 Our Three-Pronged Security Emphasis CSE 4701 Secure Software Design to Design and Write Secure Software Programs Assurance Consistency Integriy RBAC, DAC, MAC Safety Liveness Secure Information Exchange via XML with MAC/RBAC Secure MAC/RBAC Interactions via Middleware in Distributed Setting Chaps22-67 Security for XML Documents CSE 4701 Emergence of XML for Document/Information Exchange Incorporate RBAC/DAC/MAC into XML for Security of XML Content Applicability to Standards Based on XML An XML Document Appears Differently to Different Users Based on Multiple Factors Filter XML Document Depending on user Security DTDs n Role DTD n User DTD n Constraint DTD Security Officer Generates Security XML files for the Application Application DTDs and XML Application DTDs Application XML Files Appl_Role.xml Appl _User.xml Appl_Constraint.xml Application User’s Role Determines the Scope of Access to Each XML Document Chaps22-68 Concluding Remarks CSE 4701 Dynamic Coalitions are Vital to Deal with Events that Require Significant Response in: Emergency Personnel Health Care Infrastructure/Treatment Large Numbers of Injured Major Issue for Coalitions: Dealing with Collecting Patient Data from Diverse Sources Underinsured and Uninsured Populations may be More Seriously Impacted Future: Collaboration Among Public Health, UCHC, CS&E, Health Care Providers, Insurers, … Chaps22-69
