Abstract
Today’s Cross Domain Communication (CDC) infrastructure largely consists of guards built to vendor specifications. Such an infrastructure often fails to provide adequate protections for CDC workflows involving Service Oriented Architectures. Focusing on the transport layer and oblivious to the context of the information exchanges, the guards often rely on rudimentary filtering techniques that require frequent human intervention to adjudicate messages. In this paper, we present a set of key requirements and design principles for a Service Oriented Cross Domain Security Infrastructure in form of a CDC Reference Architecture, featuring domain-associated guards as active workflow participants. This reference architecture will provide the foundation for the development of protocols and ontologies enabling runtime coordination among CDC elements, leading to more secure, effective, and interoperable CDC solutions.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
Swamy, N., Hicks, M.: Verified Enforcement of Security Policies for Cross-Domain Information Flows, http://www.cs.umd.edu/~mwh/papers/selinks-cpa.pdf
Irvine, C.E., et al.: MYSEA: the Monterey security architecture. In: Proc. of the Workshop on Scalable Trusted Computing (ACM STC), Conference on Computer and Communications Security (CCS), pp. 39–48. Association for Computing Machinery (ACM), Chicago (2009)
Atighetchi, M., et al.: XDDS: A Salable Guard-Agnostic Cross Domain Discovery Service, http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA532504
W3C, Web Services Architecture, W3C Working Group Note (February 11, 2004)
Shader, M.: Cross-Domain Application Architecture: The Need for an End-to-End Approach (2012), http://yellowhouseassociates.net/download/YHA_CDAA_WP.pdf
Fielding, R.: Architectural styles and the design of network-based software architectures. Diss. University of California, Irvine (2000)
Intelligence Community and Department of Defense Content Discovery and Retrieval Integrated Project Team. IC/DoD Content Discovery and Retrieval Reference Architecture (February 2011)
OASIS, Universal Description, Discovery and Integration v3.0.2, OASIS Standard (February 2005)
Kim, A., Luo, J., Kang, M.: Security ontology for annotating resources. In: Meersman, R. (ed.) OTM 2005. LNCS, vol. 3761, pp. 1483–1499. Springer, Heidelberg (2005)
Denker, G., Kagal, L., Finin, T.: Security in the Semantic Web using OWL. Information Security Technical Report 10(1), 51–58 (2005)
Blanco, C., et al.: A Systematic Review and Comparison of Security Ontologies, ares. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 813–820 (2008)
OASIS, Web Services Security: SOAP Message Security 1.1, OASIS Standard (February 2006)
Object Management Group (OMG), Business Process Model and Notation (BPMN) Version 2.0, OMG Standard (January 2011)
OASIS, Web Services Business Process Execution Language 2.0, OASIS Standard (April 2007)
Object Management Group (OMG), Model Driven Architecture ®, http://www.omg.org/mda/
W3C, Web Services Description Language (WSDL) 1.1, W3C Note (March 15, 2001)
Mundie, D.A., McIntire, D.M.: The MAL: A Malware Analysis Lexicon. CERT® Program - Carnegie Mellon University. Technical (2013)
The MITRE Corporation, Science of Cyber-Security, The MITRE Corporation. Technical (2010)
Zhu, W.: Semantic Mediation Bus: An Ontology-based Runtime Infrastructure for Service Interoperability. In: 2012 IEEE 16th International Enterprise Distributed Object Computing Conference Workshops (EDOCW), September 10-14, pp. 140–145 (2012)
W3C, Web Services Addressing 1.0 – Core, W3C Recommendation (May 9, 2006)
Harrington, D., Presuhn, R., Wijnen, B.: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks. Internet Engineering Task Force RFC (December 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhu, W., Vizenor, L., Srinivasan, A. (2014). Towards a Reference Architecture for Service-Oriented Cross Domain Security Infrastructures. In: Fortino, G., Di Fatta, G., Li, W., Ochoa, S., Cuzzocrea, A., Pathan, M. (eds) Internet and Distributed Computing Systems. IDCS 2014. Lecture Notes in Computer Science, vol 8729. Springer, Cham. https://doi.org/10.1007/978-3-319-11692-1_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-11692-1_24
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11691-4
Online ISBN: 978-3-319-11692-1
eBook Packages: Computer ScienceComputer Science (R0)