Advertisement

High Assurance Enterprise Scaling Issues

  • William R. Simpson
  • Coimbatore Chandersekaran
Chapter
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 247)

Abstract

Many Organizations are moving to web-based approaches to computing. As the threat evolves to higher levels of sophistication, many governmental and commercial organizations are also moving toward high assurance. This chapter describes an approach that uses strong bi-lateral end-to-end authentication with end-point encryption and with SAML-based authorization using OASIS Security Standards. This service-based approach offers many of the advantages of the cloud-based approaches. Cloud-based approaches allow for more agile scale-up, while maintaining a low marginal cost of accommodating increased users. However, many of the applications require high assurance, attribution, formal access control processes, and a wide range of threat mitigation procedures for many of the industries (banking, credit, content distribution, etc.) that are considering conversion to cloud computing environments. Current implementations of cloud services do not meet these high assurance requirements. This high assurance requirement presents many challenges to normal computing and some rather precise requirements that have developed from high assurance issues for web service applications. Gearing up for a large number of users is often difficult without security issues. The most difficult part of scaling up to higher user levels is the maintenance of the security paradigms that provide mitigation of these generic and specific threats. Several issues relating to large scale use that are specific to high assurance and their solutions are discussed at length.

Keywords

Assurance Attribution Authentication Authorization Cloud Hypervisor Security PKI SAML Virtualization 

References

  1. 1.
    Simpson WR (2012) Lecture notes in engineering and computer science. In: Proceedings world congress on engineering and computer science 2012, Enterprise high assurance scale-up, vol 1. San Francisco, pp 54–59Google Scholar
  2. 2.
    Chandersekaran C (2009) Air force information assurance strategy team, air force information assurance enterprise architecture, version 1.70, SAF/XC. (Not available to all)Google Scholar
  3. 3.
    Shibboleth Project (2011) Available at http://shibboleth.internet2.edu/
  4. 4.
    OASIS Identity Federation (2005a) Web service security: scenarios, patterns, and implementation guidance for web services enhancements (WSE) 3.0, Microsoft CorporationGoogle Scholar
  5. 5.
    OASIS Identity Federation (2005b) WSE 3.0 and WS-reliablemessaging, Microsoft white paper. Available at http://msdn2.microsoft.com/en-us/library/ms996942(d=printer).aspx
  6. 6.
    OASIS Identity Federation (2007) WS-reliablemessaging specification. WS-SecureConversation specification, OASISGoogle Scholar
  7. 7.
    OASIS Identity Federation (2011a) Liberty alliance project. Available at http://projectliberty.org/resources/specifications.php
  8. 8.
    OASIS Identity Federation (2011b) Profiles for the OASIS security assertion markup language (SAML) V2.0. Available at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security. Accessed 19 Feb 2011
  9. 9.
    Anonymous (2010) Standard for naming active entities on DoD IT networks, version 3.5Google Scholar
  10. 10.
    Simpson WR, Chandersekaran C, Trice A (2008) The 1st international multi-conference on engineering and technology innovation, cross-domain solutions in an era of information sharing, vol I. Orlando, FL, pp 313–318Google Scholar
  11. 11.
    Chandersekaran C, Simpson WR (2008) World Wide Web consortium (W3C) workshop on security models for device APIs, the case for bi-lateral end-to-end strong authentication, London, England, p 4Google Scholar
  12. 12.
    Simpson WR, Chandersekaran C (2009) In: 2nd International multi-conference on engineering and technological innovation, vol 1, information sharing and federation, Orlando, FL, pp 300–305Google Scholar
  13. 13.
    Chandersekaran C, Simpson WR (2011) In: 16th international command and control research and technology symposium: CCT2011, an agent based monitoring system for web services, vol II. Orlando, FL, pp 84–89Google Scholar
  14. 14.
    Simpson WR, Chandersekaran C (2011) In: 1st international conference on design, user experience, and usability, part of the 14th international conference on human-computer interaction (HCII 2011), a multi-tiered approach to enterprise support services, Orlando, FL, p 10Google Scholar
  15. 15.
    Simpson WR, Chandersekaran C, Wagner R (2011) Lecture notes in engineering and computer science. In: Proceedings world congress on engineering and computer science 2011, vol I, high assurance challenges for cloud computing, San Francisco, pp 61–66Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2014

Authors and Affiliations

  • William R. Simpson
    • 1
  • Coimbatore Chandersekaran
    • 1
  1. 1.Institute for Defense AnalysesAlexandriaUSA

Personalised recommendations