research-article

SAFE: Secure and Big Data-Adaptive Framework for Efficient Cross-Domain Communication

Authors:

Avinash Srinivasan,

Wen ZhuAuthors Info & Claims

PSBD '14: Proceedings of the First International Workshop on Privacy and Secuirty of Big Data

Pages 19 - 28

https://doi.org/10.1145/2663715.2669612

Published: 07 November 2014 Publication History

Abstract

Today's Cross Domain Communication (CDC) infrastructure primarily consists of vendor-specific guard products that have little inter-domain coordination at runtime. Unaware of the context and the semantics of the CDC message that is being processed, the guard heavily relies on rudimentary filtering techniques. Consequently, the information domains are rendered vulnerable to an array of attacks, and countering these attacks often necessitates time-consuming human intervention to adjudicate messages in order to meet the desired security and privacy requirements of the communicating domains. Subsequently, this causes significant performance bottlenecks. In this paper, we present a set of key requirements and design principles for a service oriented CDC security infrastructure in form of a CDC Reference Architecture, featuring Domain Associated Guards (DOGs) as active work ow participants. Our proposed framework, SAFE, is secure and adaptable. SAFE also provide the foundation for the development of protocols and ontologies enabling run-time coordination among CDC elements. This enables more flexible, interoperable, and efficient CDC designs to serve mission needs, specifically among critical infrastructure domains as well as domains with significantly differing security and privacy vocabulary. To the best of our knowledge, SAFE is the first effort to employ DOG for secure CDC, unlike existing solutions with link-associated guards. Because of the DOG approach, SAFE overcomes the scalability problems encountered by exiting solutions.

References

[1]

Guard (Information Security): http://en.wikipedia.org/wiki/Guard (information security).

[2]

N. Swamy and M. Hicks. "Verified Enforcement of Security Policies for Cross-Domain Information Flows", http://www.cs.umd.edu/mwh/papers/selinks-cpa.pdf.

[3]

C. E. Irvine, et al. "MYSEA: the Monterey security architecture," Proc. of the Workshop on Scalable Trusted Computing (ACM STC), CCS, Chicago, Illinois, November 2009, pp. 39--48.

Digital Library

[4]

M. Atighetchi, et. al, "XDDS: A Salable Guard-Agnostic Cross Domain Discovery Service", http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA532504

[5]

M. Shader. "Cross-Domain Application Architecture: The Need for an End-to-End Approach". 2012.

[6]

W3C, "XSL Transformations (XSLT)Version 1.0", 3C Recommendation, 16 November 1999.

[7]

W3C, "Web Services Addressing 1.0 { Core" W3C Recommendation 9 May 2006.

[8]

R. Fielding. "Architectural styles and the design of network-based software architectures." University of California, Irvine, 2000.

[9]

"W3C Semantic Web Activity". World Wide Web Consortium (W3C). November 7, 2011. Retrieved November 26, 2011.

[10]

T. Berners-Lee, J. Hendler, and O. Lassila (May 17, 2001). "The Semantic Web". Scientific American Magazine. Retrieved March 26, 2008.

[11]

G. Denker, L. Kagal, and T. Finin, Security in the Semantic Web using OWL. Information Security Technical Report, 2005. 10(1): p. 51--58.

Digital Library

[12]

http://www.daml.org/services/owl-s/security.html

[13]

http://www.ida.liu.se/ iislab/projects/secont/

[14]

http://securityontology.sba-research.org

[15]

R. E. Smith. "Constructing a High Assurance Mail Guard". In the Proceedings of 17th National Computer Security Conference, NCSC, October 13, 1994.

[16]

C. Maney. "Security Issues When Data Traverses Information Domains: Do Guards Effectively Address the Problem?". SANS InfoSec Reading Room, May 2004.

[17]

D. Harrington, R. Presuhn, B. Wijnen. "An Architecture for Describing SNMP Management Frameworks", IETF RFC, Dec. 2002.

Digital Library

[18]

W3C, "Web Services Addressing 1.0 - Core". W3C Recommendation, 9 May 2006.

[19]

J. Farrell (IBM) and Holger Lausen (DERI Innsbruck) - ed. "Semantic Annotations for WSDL and XML Schema", W3C Recommendation, 28 Aug. 2007.

[20]

W. Zhu, L. Vizenor, and A. Srinivasan. "Towards a Service-Oriented Cross Domain Security Infrastructure". To appear in The 7th International Conference on Internet and Distributed Computing Systems (IDCS 2014) (short paper), Sep. 22--24, 2014, Calabria, Italy.

[21]

W. Zhu. "Semantic Mediation Bus: An Ontology-based Runtime Infrastructure for Service Interoperability." In IEEE 16th International Enterprise Distributed Object Computing Conference Workshops (EDOCW), pp.140,145, 10--14 Sept. 2012.

Digital Library

[22]

D. A. Mundie and D. M. McIntire. "The MAL: A Malware Analysis Lexicon," CERT Program { Carnegie Mellon University, Technical 2013.

[23]

The MITRE Corporation, "Science of Cyber-Security," The MITRE Corporation, Technical 2010.

[24]

R. Metcalfe. "Metcalfe's law". http://en.wikipedia.org/

[25]

T. D. Nguyen, C. E. Irvine, M. A. Gondree, and J. Khosalim. "Towards a Cross-Domain MapReduce Framework." In IEEE Military Communications Conference, MILCOM 2013, pp. 1436--1441, Nov. 2013.

[26]

D. Meiron, S. Cazares, P. Dimotakis, F. Dyson, D. Eardley, S. Keller-McNulty, D. Long, F. Perkins, W. Press, R. Schwitters, C. Stubbs, J. Tonry, and P. Weinberger. "Data analysis challenges," JASON, Tech. Rep. JSR-08--142, Dec. 2008.

[27]

T. D. Nguyen, C. E. Irvine, and J. Khosalim. "A Multilevel Secure MapReduce Framework for Cross-Domain Information Sharing in the Cloud." In Ground System Architectures Workshop March 18--21, 2013.

[28]

D. Russell. "Real-Time, Cross-Domain Data Management for Big Data Analytics Systems". Big Data Innovation Summit, Santa Clara, April 2014.

[29]

"Universal Description, Discovery and Integration v3.0.2", OASIS Standard, Feb 2005.

[30]

"Web Services Security: SOAP Message Security 1.1", OASIS Standard Specification, 1 February 2006.

[31]

Object Management Group (OMG), "Business Process Model and Notation (BPMN) Version 2.0", OMG Standard, January 2011.

[32]

"Web Services Business Process Execution Language Version 2.0" OASIS Standard, 11 April 2007.

[33]

Object Management Group (OMG), "Model Driven Architecture", http://www.omg.org/mda/

[34]

Intelligence Community and Department of Defense Content Discovery and Retrieval Integrated Project Team. "IC/DoD Content Discovery and Retrieval Reference Architecture", February 2011.

[35]

Raytheon, "Trusted Gateway Systems." https://www.trustedcs.com/products/

Cited By

Aguilera LJacobson D(2021)DECA: DoD Enterprise Cloud Architecture Concept for Cloud-Based Cross Domain SolutionsProceedings of the 2021 4th Artificial Intelligence and Cloud Computing Conference10.1145/3508259.3508283(165-171)Online publication date: 17-Dec-2021
https://dl.acm.org/doi/10.1145/3508259.3508283
Cuzzocrea ALi JWang XGarofalakis MSoboroff ISuel TWang M(2014)PSBD 2014Proceedings of the 23rd ACM International Conference on Conference on Information and Knowledge Management10.1145/2661829.2663544(2100-2101)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2661829.2663544

Index Terms

SAFE: Secure and Big Data-Adaptive Framework for Efficient Cross-Domain Communication
1. Networks
  1. Network protocols
2. Security and privacy

Recommendations

Internet of Things security

The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the IoT ...
Emerging Security Threats and Countermeasures in IoT
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

IoT (Internet of Things) diversifies the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level. As sensitive and private ...
Secure Protocol for Resource-Constrained IoT Device Authentication

Wireless sensor networks (WSNs) are crucial components of internet of things (IoT) and have been deployed in numerous fields such as battlefield surveillance. The exploitation of broadcasts in WSNs renders these networks susceptible to numerous ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PSBD '14: Proceedings of the First International Workshop on Privacy and Secuirty of Big Data

November 2014

54 pages

ISBN:9781450315838

DOI:10.1145/2663715

Program Chair:
Alfredo Cuzzocrea
ICAR-CNR and University of Calabria, Italy

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CIKM '14

Sponsor:

CIKM '14: 2014 ACM Conference on Information and Knowledge Management

November 7, 2014

Shanghai, China

Acceptance Rates

PSBD '14 Paper Acceptance Rate 5 of 12 submissions, 42%;

Overall Acceptance Rate 5 of 12 submissions, 42%

Upcoming Conference

CIKM '25

Sponsor:
sigir
sigir

The 34th ACM International Conference on Information and Knowledge Management

November 10 - 14, 2025

Seoul , Republic of Korea

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
256
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Aguilera LJacobson D(2021)DECA: DoD Enterprise Cloud Architecture Concept for Cloud-Based Cross Domain SolutionsProceedings of the 2021 4th Artificial Intelligence and Cloud Computing Conference10.1145/3508259.3508283(165-171)Online publication date: 17-Dec-2021
https://dl.acm.org/doi/10.1145/3508259.3508283
Cuzzocrea ALi JWang XGarofalakis MSoboroff ISuel TWang M(2014)PSBD 2014Proceedings of the 23rd ACM International Conference on Conference on Information and Knowledge Management10.1145/2661829.2663544(2100-2101)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2661829.2663544

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten