cse4701dcp - University of Connecticut
Download
Report
Transcript cse4701dcp - University of Connecticut
CSE
4701
Information Sharing and Security in
Dynamic Coalitions
Steven A. Demurjian
Computer Science & Engineering Department
371 Fairfield Way, Box U-2155
The University of Connecticut
Storrs, Connecticut 06269-2155
http://www.engr.uconn.edu/~steve
[email protected]
Chaps22-1
Overview of Presentation
CSE
4701
Introduction and Motivation
Preparedness Scenarios (Civilian and Military)
The Dynamic Coalition Problem
Civilian Organizations
Military Involvement/GCCS
Information Sharing and Security
Federating Resources
Database Interoperability
Syntax, Semantics, and Pragmatics
Data Integrity
Access Control
Conclusions and Future Work
Chaps22-2
Crisis and Coalitions
CSE
4701
A Crisis (Event) is Any Situation Requiring Regional,
National or International Attention as Determined by
the President of United States/UN
A Coalition is an Alliance of Organizations:
Governmental (Federal, State, and Local), Military,
Civilian, International or Combination
A Dynamic Coalition is Formed in a Crisis and
Changes as Crisis Develops, with the Key Concern
Being the Most Effective way to Solve the Crisis
Dynamic Coalition Problem (DCP) is the Inherent
Security, Resource, and/or Information Sharing Risks
that Occur as a Result of the Coalition Being Formed
Quickly
Chaps22-3
Crises in 2005
CSE
4701
Tidal Wave in Southeast Asia
Hurricanes in US
Katrina – Louisiana and Mississippi
Rita – Texas and Louisiana
Mudslides in Guatemala
Earthquake in Pakistan/India
Key Issues for US Crises:
Both Hurricanes Involved Large Populations of
Underinsured and Uninsured
Rita had Notice – Evacuation Hampered/Slow
Relief Hampered by Total Failure of Power,
Particularly in New Orleans
Coalitions Difficult to Form and Utilize
Chaps22-4
Crises in 2007
CSE
4701
October 2007 Fires in Southern California
What is the Typical Impacted Family?
Middle to Upper Middle Class?
Insured vs. Uninsured?
Individuals Evacuated Great Distances from their
Homes
Difficulty in Tracking Medical Records
Residual Smoke Causing Respiratory Issues
Elsewhere
Impact on Cities and Urban Areas
Underinsured and Uninsured Populations
Coalition Must Systematically Deal with Both
Population Groups from the Same Event
Chaps22-5
International: Near Simultaneous Crises
CSE
4701
Crisis Point
NATO Hq
Olympic Games
BOSNIA
(NATO)
KOSOVO
(US,UK)
Earthquake
(United Nations)
Ship Wreck
(UK,SP)
Chaps22-6
Emergent Need for Coalitions
CSE
4701
“Coalitions must be flexible and no one coalition is or
has the answer to all situations.”
» Secretary of Defense, Donald Rumsfeld
“Whenever possible we must seek to operate alongside
alliance or coalition forces, integrating their
capabilities and capitalizing on their strengths.”
» U.S. National Security Strategy
“Currently, there is no automated capability for
passing command and control information and
situational awareness information between nations
except by liaison officer, fax, telephone, or loaning
equipment.”
» Undersecretary of Defense for Advanced Technology
Chaps22-7
Dealing with Crises in CT
CSE
4701
Uninsured/Underinsured Patients are Difficult to
Manage/Treat from an Informatics Perspective
Move from State Agency to Agency
Visit Many Diverse Health Care Providers
Incomplete/Inconsistent Data for Each Visit
Treatment of Chronic Diseases is Difficult
Consider Asthma – Many Different Types,
Treatment Plans, Medication Regimes, etc.
History, Symptoms, Past Meds, etc., all Vital to
Deal with Current Problem
Problematic with Incomplete/Missing History
One Individual at a Time – What Happens when there
is a State-Wide Event that Impacts 10,000?
Chaps22-8
National Preparedness Scenarios
CSE
4701
Major Events or Natural Disasters that Impact Health
Care May be Impossible to Handle
Various Preparedness Scenarios for:
Pandemic Influenza
Toxic Industrial Chemical Release
Earthquake or Major Hurricane
Wide Scale Forest Fires (October 2007)
Irrespective of Accident or Terrorist Cause
These Events Could Result in Respiratory Impact
Underinsured/Uninsured Disproportionately
Young and Old Populations Vulnerable
Correct and Complete Patient Data Vital to Insure
Timely Treatment/Minimize Deaths
Chaps22-9
Consider Respiratory Event in CT
CSE
4701
What Happens if there is a Chemical Gas Release Off
of Route 91 North of Hartford?
Deal with Patients with Respiratory Issues
Assemble Appropriate Agencies/Personnel
Health Infrastructure/Ambulances/ERs
Integrate Patient Data from Myriad Sources
CT Agencies: EPA, Public Safety, PH
Gas Cloud Drifting – Weather/Wind Forecast
Transcend Barriers of:
HIPAA
Disparate Databases from Federal/State Agencies,
Hospitals, Clinics, Insurers, Pharmacies, etc.
Chaps22-10
Consider Respiratory Event in CT
CSE
4701
Dealing with Different Patient Populations?
Insured Populations:
Less Dispersed Profile of Medical Visits
Easier to Obtain Compete Patient Records
Underinsured/Uninsured Populations:
Varied/Disparate Visit Profile
Changing Addresses/Homeless
Cycle Among State Agencies, Providers
Higher Rates of Respiratory Illnesses
Coalitions Need to Deal with All Potential Patients
Difficulty with Underinsured/Uninsured Populations
Means Potential for Incorrect Care
Chaps22-11
National Preparedness Scenarios
CSE
4701
Issued by Homeland Security – 15 Scenarios
Intended to Assist Federal, State, and Local, Govts.
and the Private Sector in Preparedness
When Event Occurs, Must Deal with Citizens:
Needing Urgent Medical Treatment
Those that Seek Care not Required (in 9/11, this
was 15 times actual number)
Must Deal with Infrastructure Impact
Breakdown of Transportation, Communication,
Medical/Utility Infrastructure, etc.
Issue for 9/11; Catastrophe for Katrina
Potential for International Assistance as Well
Chaps22-12
Mission Areas for Scenarios
CSE
4701
Emergency Assessment/Diagnosis
Detect Incident, Determine Impact, Monitor
Environment, Notify Governments
Emergency Management/Response
Direct, Control, Coordinate Response
Prove Emergency Public Information for
Population at Risk
Population at Large
Incident/Hazard Mitigation
Control, Collect, and Contain Incident
Public Protection
Provide Initial Warnings to at Risk/at Large
Shelters, Evacuation, Transportation, etc.
Chaps22-13
Mission Areas for Scenarios
CSE
4701
Victim Care
Treat Victims at Scene, Transport, etc.
Treat Patients at Medical Facilities
Track and Notify/Security of Evidence
Investigation/Apprehension
Cause of Attack – Even a Gas Leak needs to be
Checked to Insure NOT Terrorist Act
Evidence of Crime Must be Preserved
Recovery/Remediation
Restore Essential Services, Businesses, Economy,
Return Evacuees
Provide Support for Area, Victims, Long-Term
Medical & Mental Health Services, etc.
Chaps22-14
Scenario 6: Chemical Attack
CSE
4701
Not Limited to Terrorism – Could be Just a Local
Event at a Chemical Plant or Storage Tank
Emergency Assessment/Diagnosis
Scope of Gas Release, Prediction of Cloud Path
Emergency Management/Response
Notify, Evacuate, Assemble Resources
Incident/Hazard Mitigation
Understand Health Vulnerabilities of Cloud
Impact of Rain, Wind, Spraying Foam, etc.
Public Protection
Cell Phone/Text Message Notification (Storrs)
Victim Care
Key Issue – Also Preventive as Well
Chaps22-15
Scenario 6: Chemical Attack
CSE
4701
Key Implications
7,000 in Actual Downwind Area
Half will Die Before/During Treatment
Additional 15% Hospitalization
70,000 Worried Well (Seek/Don’t Need Care)
Long-Term Carcinogens, Damage to Internal
Organs, Eyes
Chaps22-16
Scenario 10: Natural Disaster
CSE
4701
Emergency Assessment/Diagnosis
Direct Impact (Infrastructure) plus Indirect Impact
(Causes Another Event)
Emergency Management/Response
Infrastructure Loss – Difficulty in Notification
Incident/Hazard Mitigation
Wide Range of Potential Hazards
Potable Water, Power (Heat), etc.
Public Protection
Problematic – Tied to Advance Warning
Victim Care
Wide Ranging w.r.t. Diseases/Injuries
Chaps22-17
Scenario 10: Natural Disaster
CSE
4701
Key Implications – Advance Warning
Tourists/Residents – 48 Hours
Massive Evacuation – 24 Hours
Service Disruptions, Shelters Filled to Capacity,
Search and Rescue, etc.
Potential to Cause Another Event
Chaps22-18
What is the Dynamic Coalition Problem?
CSE
4701
Dynamic Coalition Problem (DCP) is the Inherent
Security, Resource, and/or Information Sharing Risks
that Occur as a Result of the Coalition Being Formed
Quickly
Private Organizations (PVO)
Doctors Without Boarders
Red Cross
Non-Government Organizations (NGO)
NYPD
Government Agencies
FBI
CIA
Military
Chaps22-19
DC for Military Deployment/Engagement
U.S. Global C2 Systems
CSE
4701
Air Force
NGO/
PVO
OBJECTIVES:
Navy
Joint
Command
System
Battle
Management
System
GCCS
Securely Leverage Information in a
U.N.
Battle
Combat
Fluid Environment Army
Command
Operations
NATO Protect
U.S.A
System
System
Information While Simultaneously
Army
Marine Corps
Promoting the Coalition
Security Infrastructure in Support of DCP
LFCS
Canada
HEROS
Germany
SICF
France
AFATDS
ASAS
ABCS
CSSCS
GCCS-A
MCS
SIACCON
Italy
FADD
Other
Chaps22-20
Medical Informatics
CSE
4701
Security Requirements for Medical Records
Privacy vs. Availability
All Aspects of Security for Medical Information
Treatment and Long-Term Care
Insurance Claims and Future Insurability
Nationalization of Medical Information
Critical Aspect of Dynamic Coalition Problem (DCP)
DCP - Security, Resource, and Information
Sharing Risks for Alliance of Governmental,
Military, Civilian, and International Organizations
Bring Together Divergent Requirements to
Support Life-Threatening Situation
Rapid Availability of Patient Data in Emergency
Situations
Chaps22-21
Dynamic Coalition for Medical Emergency
CSE
4701
Red
Cross
Transportation
Pharma.
Companies
MDs w/o
Borders
Military
Medics
Govt.
Govt.
Local
Health
Care
CDC
EMTs
ISSUES:
Privacy vs. Availability in Medical Records
Support Life-Threatening Situations via
Availability of Patient Data on Demand
RNs
MDs
Other
State
Health
Chaps22-22
DCP Objectives for Crisis
CSE
4701
Federate Users Quickly and Dynamically
Bring Together Resources (Legacy, COTs, GOTs,
DBs, etc.) Without Modification
Dynamically Realize/Manage Simultaneous Crises
Identify Users by Roles to Finely Tune Access
Authorize, Authenticate, and Enforce a Scalable
Security Policy that is Flexible in Response to
Collation Needs
Provide a Security Solution that is Portable,
Extensible, and Redundant for Survivability
Include Management/Introspection Capabilities to
Track and Monitor System Behavior
Chaps22-23
Military Coalition
Clients Using Services
CSE
4701
U.S. Army
Client
Federal Agencies
(FEMA, FBI, CIA, etc.)
Client
Resources Provide Services
COTS
LFCS
(Canada)
U.S. Navy
Client
SICF
(France)
French
Air Force
Client
HEROS
U.S. Legacy
System
(Germany)
SIACCON
NATO
Database
Client
German
COTS
Client
NATO SYS
(Italy)
NGO/PVO
(Red Cross, NYPD, etc.)
Client
GCCS (US)
NGO/PVO
Resource
Chaps22-24
Joint and Combined Information Flow
Common Operating Environment
CSE
4701
ARMY
Combined: Many
Countries
GCCS-A
GCCS
CORPS
Joint Task Force
ABCS
MCS
XX
Coalition
Partners
NATO
Systems
Coalition
Systems
Marines
DIV
Air Force
GCCS-M
FAADC2I
MCS
Adjacent
Navy
GCCS-N
GCCS-AF
CSSCS
AFATDS
ASAS
TBMCS
TCO
JMCIS
X
BDE
BSA
TOC
MCS
||
BN
||
BN
||
MCS
MCS
CO
FBCB2
Joint - Marines, Navy, Air Force, Army
Chaps22-25
DCP: Combined Information Flow
CSE
4701
Maneuver
Logistics
GCCS - Joint/Coalition -
Air Defense/Air Operations
Fire Support
Combined Database
Intelligence
Network and Resource
Management
Chaps22-26
DCP: Global Command and Control System
GLOBAL C2 SYSTEMS
CSE
4701
MOBILE SUBSCRIBER EQUIPMENT
DATA RADIO
SATELLITE
MISSION PLANNING
MET
SUPPORT
INTEL
SATCOM
MANEUVER
CONTROL
TOPO
AIR DEFENSE
ARTY
Client/Server
AIR DEFENCE
MET
MISSION PLANNING
SUPPORT
INTEL
MANEUVER
CONTROL
Client/Server
SATCOM
GCCS Provides:
- Horizontal and Vertical Integration
of Information to Produce a
Common Picture of the Battlefield
- 20 separate automated systems
- 625 locations worldwide
- private network
ARTY
TOPO
Company
AIR DEFENCE
SUPPORT
INTEL
Client/Server
SATCOM
ARTY
MANEUVER
CONTROL
Situational Awareness
FBCB2
/EBC
Tactical BATTLEFIELD C2Platoon
SYSTEM
EMBEDDED BATTLE COMMAND
Internet
FBCB2
/EBC
Squad
MOBILE SUBSCRIBER EQUIPMENT
Chaps22-27
DCP: Global Command and Control System
CSE
4701
Joint Services
:
Weather
Video Teleconference
Joint Operations Planning and Execution System
Common Operational Picture
Transportation Flow Analysis
Logistics Planning Tool
Defense Message System
NATO Message System
Component Services
:
Army Battle Command System
Air Force Battle Management System
Marine Combat Operations System
Navy Command System
a.k.a
METOC
TLCF
JOPES
COP
JFAST
LOGSAFE
DMS
CRONOS
ABCS
TBMCS
TCO
JMCIS
Chaps22-28
DCP: Global Command and Control System
CSE
4701
Common Operational Picture
Common Picture
Chaps22-29
DCP Objectives for Crisis
CSE
4701
Federate Users Quickly and Dynamically
Personnel Responding to Event
Some Known in Advance, Others Dynamic
Promote On-Line/Database Interactions
Bring Together Resources without Modification
Physical Resources/Response Equipment
Information Resources – Databases and Patient
Records from Myriad of Sources
Monumental Task in Ordinary Situations
Dynamically Realize/Manage Simultaneous Crises
Event (Hurricane) causes Another (Chemical)
Conflicting Resources/Limited Personnel
Utilities Always Borrowing Workers
Chaps22-30
Health Care Coalition
Clients
CSE
4701
State Police
Informatics Infrastructure
Federal Agencies
(FEMA, FBI, CIA, etc.)
Client
UCHC
CCMC
St. Francis
EMTs in
Field
Hartford
Hospital
DPH
Hospital for
Central CT
CT EPA
Weather/
GIS
Hospital
Access
Utilities
Power, etc.
GIS State
Database
NGO/PVO (Red Cross,
CT State Police, etc.)
Clients
CT Emergency
Response DB
NGO/PVO
Resource
Chaps22-31
Combined Information Flow
CSE
4701
What is the Information Flow for Chemical Event?
Maneuver
Maneuver
Air Defense/Operations
Operations
Emergency Headquarters
Local Control Base
Medical Coordination Base
Intelligence
Logistics
Weather/GIS
Resources
GCCS - Joint/Coalition Interactions
with
Federal Agencies
Local Governments
Other States
Combined
Database
Network and Resource
Management
Utilities
Power
Water
etc.
Chaps22-32
Coalition Tracking for CT Event
CSE
4701
Common Operational Picture
For CT Events, Need GIS Maps
Weather Overlays, Location
of Resources on Maps, etc.
Common Picture
Chaps22-33
DCP: Critical Requirements
CSE
4701
Establish Roles to Information Repositories
Responders, Emergency/Medical Personnel ...
Coalitions Dynamic –Secure/Flexible Access
Transcend HIPAA, Other Constraints
Time Controllable Access to Information
Time Limits on Users and Roles
As Event Abates, Access Becomes Stricter
Value Based Constraints on Access
Multiple Events, Responders Limited Access
Difficult to Federate Users and Resources
Proprietary Databases in Different Formats
Common (Virtual) Information Repository
Chaps22-34
GCCS Shortfalls: User Roles
CSE
4701
Currently, GCCS Users have Static Profile Based on
Position/Supervisor/Clearance Level
Granularity Gives “Too Much Access”
Profile Changes are Difficult to Make - Changes Done
by System Admin. Not Security Officer
What Can User Roles Offer to GCCS?
User Roles are Valuable Since They Allow
Privileges to be Based on Responsibilities
Security Officer Controls Requirements
Support for Dynamic Changes in Privileges
Towards Least Privilege
Chaps22-35
User Roles and Coalitions
CSE
4701
Emergent Events (Chemical) Requires a Response
Some Critical Issues
Who’s in Charge?
Who is Allowed to do What?
Who can Mobilize Governmental Resources?
Roles can Help:
Role for Event Commander(s)
Roles for Event Participants/Personnel
Roles Dictate Control over Resources
For Katrina: Lack of Leadership & Defined Roles
Army Corps of Engineers Only Allowed to Repair
Levees – Not Upgrade and Change
Chaps22-36
GCCS Shortfalls: Time Controlled Access
CSE
4701
Currently, in GCCS, User Profiles are Indefinite with
Respect to Time
Longer than a Single Crisis
Difficult to Distinguish in Multiple Crises
No Time Controllable Access on Users or GCCS
Resources
What can Time Constrained Access offer GCCS?
Junior Planners - Air Movements of Equipment
Weeks before Deployment
Senior Planners - Adjustment in Air Movements
Near and During Deployment
Similar Actions are Constrained by Time Based on
Role
Chaps22-37
Time Controlled Access and Coalitions
CSE
4701
Multiple Events Require Ability to Distinguish
Between Roles Based on Time and Crisis
Occurrence of Rita (one Event) Impacted the Ongoing
Event (Katrina)
Need to Manage Simultaneous Events w.r.t. Time
Different Roles Available at Different Times for
Different Events
Role Might be “Finishing” in one Event (e.g., First
Response Role) and “Starting” in Another
Individual May Play Different Roles in Different
Event
Individual May Play Same Role with Different
Duration in Time w.r.t. its Activation
Chaps22-38
GCCS Shortfalls: Value Based Access
CSE
4701
Currently, in GCCS, Controlled Access Based on
Information Values Difficult to Achieve
Unlimited Viewing of Common Operational
Picture (COP)
Unlimited Access to Movement Information
Attempts to Constrain would have to be
Programmatic - which is Problematic!
What can Value-Based Access Offer to GCCS?
In COP
Constrain Display of Friendly and Enemy Positions
Limit Map Coordinates Displayed
Limit Tier of Display (Deployment, Weather, etc.)
Chaps22-39
Value Based Access and Coalitions
CSE
4701
In Katrina/Rita, What People can See and Do May be
Limited Based on Role
Katrina Responders Limited to Katrina Data
Rita Responders Limited to Rita Data
Some Responders (Army Corps Engineers) May
Need Both to Coordinate Activities
For Chemical Event – Same Issue to Address
Within Each Event, Information Also Limited
Some Katrina Roles (Commander, Emergency
Responders, etc.) see All Data
Other Katrina Roles Limited (Security Deployment
Plans Not Available to All)
Again – Customization is Critical
Chaps22-40
GCCS Shortfalls: Federation Needs
CSE
4701
Currently, GCCS is Difficult to Use for DCP
Difficult to Federate Users and Resources
U.S. Only system
Incompatibility in Joint and Common Contexts
Private Network (Not Multi-Level Secure)
What are Security/Federation Needs for GCCS?
Quick Admin. While Still Constraining US and
Non-US Access
Employ Middleware for Flexibility/Robustness
Security Definition/Enforcement Framework
Extend GCCS for Coalition Compatibility that
Respects Coalition and US Security Policies
Chaps22-41
Federated Resources
CSE
4701
RESOURCES
Command&Control Vehicles
Army Airborne Command & Control
System
JSTARS
Unmanned Aerial Vehicle
Satellites
Army Battle Command System
Embedded Command System
INTEL FUSION
Embedded Battle Command
AIR DEFENCE
Embedded Battle Command
FIELD ARTILLERY
Embedded Battle Command
MANEUVER CONTROL
Embedded Battle Command
Common Picture
PERSONNEL AND LOGISTICS
Embedded Battle Command
Fwd Support Element
Ammo/Fuel
Refit
ABCS
Bradley / EBC
Embedded Battle Command
Chaps22-42
Federation Needs and Coalitions
CSE
4701
Katrina
Devastated Basic Communication at All Levels
There was No Need to Federate Computing
Systems at Crisis Location with No Power, etc.
Rita
Event Known Well in Advance Didn’t Prevent
Disorganized Evacuation, Running out of Fuel
10+ Hour Highway Waits
Federation Must Coordinate Critical Resources
9/11 –Drop in Casualties was Database Problem
Multiple DBs, Bad/Inconsistent Data, etc.
Moral: If it Can go Wrong, it Will Go Wrong
Chaps22-43
Database Interoperability
CSE
4701
Federation of Resources Requires Database
Interoperability to be Addressed
Multiple DB Platforms (Oracle, Sybase, Informix)
Incompatibility of Information
Different DB Schemas that Contain Same Information
Expressed in Different Tables
Often Un-Normalized
Inconsistency of Information
Grid Coordinates with Different Meanings
True North vs. Magnetic North
Miles vs. Kilometers (US + NATO)
Integration of Heterogeneous DB has Been LongStanding Research Area - Today Leveraging XML
Chaps22-44
Database Interoperability Requirements
CSE
4701
Oracle
Legacy
Database
Systems
Sybase
AFATDS
ASAS
Format Change
Modeling
Enhanced
Structures
Application
SPECIFIC
FORMAT
VISUAL
INTERFACE
Display
Style 1
Informix
Application
SPECIFIC
FORMAT
PROCESSING
LOGIC
Intelligence
Division
Commander
MCS
Format Change
Application
SPECIFIC
FORMAT
VISUAL
INTERFACE
Application
SPECIFIC
FORMAT
PROCESSING
LOGIC
Display
Style 2
Brigade
Commander
Chaps22-45
Info Sharing/Access: Potential Pitfalls
CSE
4701
Dealing with Information at Different Levels
Syntax – Format of Information
Semantics – Meaning of Information
Pragmatics – Usage of Information
When Unifying Databases/Information Repositories,
Must Address all Three!
Data Integrity and Data Security
Correct and Consistent Values
Assurance in All Secure Accesses
Alternative Access Control Models
Issues for Federating Information Repositories
Chaps22-46
Syntactic Considerations
CSE
4701
Syntax is Structure and Format of the Information
That is Needed to Support a Coalition
Incorrect Structure or Format Could Result in Simple
Error Message to Catastrophic Event
For Sharing, Strict Formats Need to be Maintained
Health Care Data Suffers from Lack of Standards
Standards for Diagnosis (Insurance Industry)
Emerging Standards Include:
Health Level 7 (HL7)
Based on XML
Formats Non-Standard for Different Health
Organizations, Insurers, Pharmacy Networks, etc.
N*N Translations Prone to Errors!
Chaps22-47
Syntactic Considerations
CSE
4701
Syntax is Structure and Format of the Information
That is Needed to Support a Coalition
Incorrect Structure or Format Could Result in Simple
Error Message to Catastrophic Event
For Sharing, Strict Formats Need to be Maintained
In US Military, Message Formats Include
Heading and Ending Section
United States Message Text Formats (USMTF)
128 Different Message Formats
Text Body of Actual Message
Problem: Formats Non-Standard Across Different
Branches of Military and Countries
Chaps22-48
Semantics Concerns
CSE
4701
Semantics (Meaning and Interpretation)
NATO and US - Different Message Formats
Distances (Miles vs. Kilometers)
Grid Coordinates (Mils, Degrees)
Maps (Grid, True, and Magnetic North)
What Can Happen in Health Care Data?
Possible to Confuse Dosages of Medications?
Weight of Patients (Pounds vs. Kilos)?
Measurement of Vital Signs?
Dana Farber Chemo Death – Checks/Balances
What Others are Possible?
Chaps22-49
Syntactic & Semantic Considerations
CSE
4701
What’s Available to Support Information Sharing?
How do we Insure that Information can be Accurately
and Precisely Exchanged?
How do we Associate Semantics with the Information
to be Exchanged?
What Can we Do to Verify the Syntactic Exchange
and that Semantics are Maintained?
Can Information Exchange Facilitate Federation?
Can this be Handled Dynamically?
Or, Must we Statically Solve Information Sharing in
Advance?
Chaps22-50
Pragmatics Considerations
CSE
4701
Pragmatics Require that we Totally Understand
Information Usage and Information Meaning
What are the Critical Information Sources?
How will Information Flow Among Them?
What Systems Need Access to these Sources?
How will that Access be Delivered?
Who (People/Roles) will Need to See What When?
How will What a Person Sees Impact Other
Sources?
Focus on: Way that Information is Utilized and
Understood in its Specific Context
Can Medical Info be Misused even if Understood?
Chaps22-51
Pragmatics Issues
CSE
4701
Pragmatics - The Way that Information is Utilized and
Understood in its Specific Context
For Example, in GCCS
Inter-TOC
TOC-1
M-1068
M-1068
• Messaging
• VMF
• USMTF
• Situation Awareness
• BFA unique
• Files and DB Snapshots
• Unicast FTP
• Multicast FTP
• E-mail
• Global Broadcast Satellite
(GBS)
• Database Replication
Operational
Operational
Challenges
Challenges
• Autonomy
• Autonomy
• •Jump
JumpTOCs
TOCs
• Split TOCs
• Split TOCs
• Survivability
• Survivability
• •Bandwidth
Bandwidth
Contention
Contention
• Scalability
• Scalability
TOC 2/A-Cell
M-1068
M-1068
M-1068
M-1068
Intra-TOC
Intra-TOC
• ACDB DB
• ACDB DB
Synchronization
Synchronization
(RPC-based SR)
(RPC-based SR)
Tactical
WAN
Mixture of clients and
servers
M-1068
M-1068
TOC 2/B-Cell
Chaps22-52
Information Pragmatics Considerations
Pragmatics in Military-Led Coalition
CSE
4701
GBS
DSCS
Node Estimate
For CT Events, Coalition will have
Similar Complex Structure
• Many Different Systems
• Alternative Communication Paths
• Policies in Regards to Data Sharing
• Interacting Databases Under Control
(State Agencies) and External (Others)
• Infrastructure (Power, Water, etc.) Concerns
DR DR
GBS
SEN
VTel
BVTC
Info/Intel/Plans
BVTC
Mobility
BVTC
TGT/Fires
BVTC
SEN
SEN
GBS DR DR
BCV
DR
MVR BN
GBS
DR
SEN
DR
MVR BN
GBS
204FSB
DR
GBS DR DR
704MSB
LEN
Current FDD laydown has 53
autonomous Command
Post/TOCs (i.e., nodes)
GBS DR
DR
GBS
CMDR
DR
BVTC
DR
Relay
SEN
GBS
DR
TAC
1st BDE
GBS
GBS
GBS DR
BVTC
SINCGARS (FS)
EPLRS (AD)
GBS
XX
Sustainment
XXX
DR
DISCOM
DIV REAR
SINCGARS (FS)
EPLRS (AD)
GBS
299
ENG
DR
For a full Corps >200 nodes
MVR BN
GBS
4-42FA
X
SEN
GBS
DIVARTY
BVTC
SEN
XX
Division
Slice
GBS
DR
GBS
124th SIG BN
DR
HCLOS
XXX
GBS DR
SEN
GBS GBS
SINCGARS (FS)
EPLRS (AD)
BCV
BVTC
DR
MVR BN
GBS
DR
SEN
GBS DR
DR
MVR BN
GBS
4 FSB
Relay
DR
GBS DR DR
DR
DR
MVR BN
GBS
3-16FA
X
DIV CDR
DMAIN
CMDR
DR
2nd BDE
A2C2S
VTel
DR
TAC
DIV CDR
GBS
BVTC
588
ENG
GBS DR DR
DR
C2V
Theater
Injection Point
(TIP)
SEN
GBS
SINCGARS (FS)
EPLRS (AD)
HCLOS
SEN
DR DR
DR
DR DR
DR
GBS
DR
4
ENG
GBS DR
TAC
Basic Distribution Requirement
• Distribution Polices
• Automation & Notification
• User Controls
• Transport Mechanisms
• System and Process Monitors
• Security, Logs, and Archives
CMDR
BCV
GBS
SEN
404 ASB
SEN
GBS DR DR
4th BDE
BVTC
SINCGARS (FS)
EPLRS (AD)
GBS DR DR
DTAC 1
BVTC
BVTC
SINCGARS (FS)
EPLRS (AD)
DR
DR
Relay
SEN
GBS DR
1/4 AVN BN
DR
GBS
2/4 AVN BN
DR
DR
DR
GBS
Distribution Policy
DR
MVR BN
GBS
64 FSB
GBS DR DR
GBS
DR
MVR BN
GBS
XX
SEN
DR
GBS DR DR
3rd BDE
MVR BN
GBS DR DR
9-1FA
3-29FA
DR
1/10
CAV
CMDR
BCV
SEN
GBS
DR
• What • How
• When
- Prioritized
• Where - Encrypted
- Network
1/10 CAV Sqdn
Note: 3rd BDE not part of 1DD in Sep 2000.
Chaps22-53
Integrity: Confidence in Information Content
CSE
4701
Concerns: Consistency, Accuracy, Reliability
Accidental Errors – All too Prevalent
Crashes, Concurrent Access, Logical Errors
Actions:
Integrity Constraints (Correct Data Values)
GUIs (Correctly Entered Values)
Redundancy (Values are Backed Up Offsite: 9/11)
Malicious Errors - Not Totally Preventable
Individuals Seek to Interfere with Coalition
Operations During Actual Event
Actions:
Authorization, Authentication, Enforcement Policy
Concurrent Updates to Backup DBs
Chaps22-54
Security: Confidence in Information Access
CSE
4701
Assurance
Do Security Privileges for Each User Support their
Needs?
What Guarantees are Given by the Security
Infrastructure in Order to Attain:
Safety: Nothing Bad Happens During Execution
Liveness: All Good Things can Happen During
Execution
Consistency
Are the Defined Security Privileges for Each User
Internally Consistent?
Are the Defined Security Privileges for Related
Users Globally Consistent?
Chaps22-55
What are Key Security Concepts?
CSE
4701
Principal or Subject
Entity (Person/Process/etc.) to Which
Authorizations are Granted
Can be a User, User Group, Program, Client,
Protected Object (Chunk of Information)
Known Object whose Internal Structure is
Inaccessible Except by Protection System
The Unit of Protection
For Our Purposes:
Patient Record, Patient Test, etc.
Geographic Database, Weather Map, etc.
Glossary from: Saltzer and Schroeder, “The Protection of Information in
Computer Systems”, Proc. of IEEE, Vol. 63, No. 9, September 1975.
Chaps22-56
What are Key Security Concepts?
CSE
4701
Authentication
Proving you are who you are
Is the Client who S/he Says they are?
Authorization
Granting/Denying Access to Information
Revoking Access to Information
Does the Client have Permission to do what S/he
Wants?
Encryption
Establishing Communications so that No One but
Receiver Gets the Content of the Message
Symmetric and Public Key Encryption
All Three are Vital for Coalitions/Events
Chaps22-57
What are Key Security Issues?
CSE
4701
Legal and Ethical Issues
Information Must be Protected (e.g., SSN)
Information Must be Accessible (e.g., Medical
Record)
Policy Issues
Who Can See What Information When?
Applications Limits w.r.t. Data vs. Users?
Access Control Models
Govern the Way that Secure Access of Subjects to
Objects is Controlled
Ranges from User (Roles) to Data Control
Also Includes Ability to Delegate Capabilities
from One User to Another
Chaps22-58
Role Based Access Control
CSE
4701
What is Role Based Access Control (RBAC)?
Roles Provide Means for Permissions to Objects,
Resources, Based on Responsibilities
Users May have Multiple Roles Each with
Different Set of Permissions
Role-Based Security Policy Flexible in both
Management and Usage
Issues for RBAC and DCP
Who Creates the Roles?
Who Determines Permissions (Access)?
Who Assigns Users to Roles?
Are there Constraints Placed on Users Within
Those Roles?
Chaps22-59
Discretionary Access Control
CSE
4701
What is Discretionary Access Control (DAC)?
Restricts Access to Objects Based on the Identity
of Group and /or Subject
Discretion with Access Permissions Supports the
Ability to “Pass-on” Permissions
DAC and DCP
Pass on from Subject to Subject is a Problem
Information Could be Passed from Subject (Owner) to
Subject to Party Who Should be Restricted
For Example,
Local Commanders Can’t Release Information
Rely on Discretion by Foreign Disclosure Officer
Pass on of DAC Must be Carefully Controlled!
Chaps22-60
Mandatory Access Control
CSE
4701
What is Mandatory Access Control (MAC)?
Restrict Access to Information, Resources, Based
on Sensitivity Level (Classification) Classified
Information - MAC Required
If Clearance (of User) Dominates Classification,
Access is Allowed
MAC and DCP
MAC will be Present in Coalition Assets
Need to Support MAC of US and Partners
Partners have Different Levels/Labels
Need to Reconcile Levels/Labels of Coalition
Partners (which Include Past Adversaries!)
Chaps22-61
Other Issues
CSE
4701
Intrusion Detection
Not Prevention
Intrusion Types:
Trojan Horse, Data Manipulation, Snooping
Defense:
Tracking and Accountability
Survivability
Reliability and Accessibility
Defense:
Redundancy
Cryptography
Fundamental to Security
Implementation Details (key distribution)
Chaps22-62
Federating Information Repositories
CSE
4701
Must Deal with Multiple Repositories/Databases
Syntactic, Semantic and Pragmatic Differences
Integrity, Consistency, Assurance
Different Access Control Models
Overcome Physical Issues
Private Computer Networks
Repositories Behind Firewalls
Different Data Formats (Relational vs. OO)
Reconcile Legal/Business/Political Issues
What Info can be Released (HIPAA)?
Is it in “my” Interest to Release Info (Bus.)?
What is the Impact if I Don’t (Political)?
I Own Data – Why should I Share?
Chaps22-63
DCs for Clinical and Translational Science
CSE
4701
Pfizer
Bayer
UConn
Storrs
UConn
Health
Center Saint
DCF,
Francis,
DSS, etc.
CCMC, …
Info. Sharing - Joint R&D
Support T1, T2, and Clinical Research
Company and University Partnerships
Collaborative Funding Opportunities
Cohesive and Trusted Environment
Existing Systems/Databases
and New Applications
How do you Protect Commercial Interests?
Promote Research Advancement?
Free Read for Some Data/Limited for Other?
Commercialization vs. Intellectual Property?
NIH
FDA
NSF
Balancing Cooperation with Propriety
Chaps22-64
Bioinformatics: Public Policy on Security
CSE
4701
How do we Protect a Person’s DNA?
Who Owns a Person’s DNA?
Who Can Profit from Person’s DNA?
Can Person’s DNA be Used to Deny Insurance?
Employment? Etc.
How do you Define Security Limitations/Access?
What about i2b2 – Informatics for Integrating Biology
and the Bedside (see https://www.i2b2.org/)
Scalable Informatics Framework to Bridge
Clinical Research Data
Vast Data Banks for Basic Science Research
Goal: Understand Genetic Bases of Diseases
Chaps22-65
Bioinformatics: Public Policy on Security
CSE
4701
Can DNA Repositories be Anonymously Available for
Medical Research?
Do Societal Needs Trump Individual Rights?
Can DNA be Made Available Anonymously for
Medical Research?
De-identified Data Repositories
Privacy Protecting Data Mining
International Repository Might Allow Medical
Researchers Access to Large Enough Data Set for
Rare Conditions (e.g., Orphan Drug Act)
Individual Rights vs. Medical Advances
Chaps22-66
Our Three-Pronged Security Emphasis
CSE
4701
Secure Software Design
to
Design and Write Secure
Software Programs
Assurance
Consistency
Integriy
RBAC, DAC, MAC
Safety
Liveness
Secure Information
Exchange
via XML
with MAC/RBAC
Secure MAC/RBAC
Interactions via
Middleware in
Distributed Setting
Chaps22-67
Security for XML Documents
CSE
4701
Emergence of XML for
Document/Information Exchange
Incorporate RBAC/DAC/MAC
into XML for
Security of XML Content
Applicability to Standards
Based on XML
An XML Document Appears
Differently to Different Users
Based on Multiple Factors
Filter XML Document
Depending on user
Security DTDs
n Role DTD
n User DTD
n Constraint DTD
Security Officer
Generates Security
XML files for the
Application
Application
DTDs and
XML
Application
DTDs
Application
XML Files
Appl_Role.xml
Appl _User.xml
Appl_Constraint.xml
Application
User’s Role
Determines
the Scope of
Access
to Each XML
Document
Chaps22-68
Concluding Remarks
CSE
4701
Dynamic Coalitions are Vital to Deal with Events that
Require Significant Response in:
Emergency Personnel
Health Care Infrastructure/Treatment
Large Numbers of Injured
Major Issue for Coalitions:
Dealing with Collecting Patient Data from Diverse
Sources
Underinsured and Uninsured Populations may be
More Seriously Impacted
Future: Collaboration Among Public Health, UCHC,
CS&E, Health Care Providers, Insurers, …
Chaps22-69