Asher Sinclair

QoS enabled dissemination of managed information objects in a publish-subscribe-query information broker

Net-centric information spaces have become a necessary concept to support information exchange for tactical warfighting missions using a publish-subscribe-query paradigm. To support dynamic, mission-critical and time-critical operations, information spaces require quality of service (QoS)-enabled dissemination (QED) of information. This paper describes the results of research we are conducting to provide QED information exchange in tactical environments. We have developed a prototype QoS-enabled publish-subscribe-query information broker that provides timely delivery of information needed by tactical warfighters in mobile scenarios with time-critical emergent targets. This broker enables tailoring and prioritizing of information based on mission needs and responds rapidly to priority shifts and unfolding situations. This paper describes the QED architecture, prototype implementation, testing infrastructure, and empirical evaluations we have conducted based on our prototype.

Integrated information and network management for end-to-end Quality of Service

Publish-subscribe-based Information Management (IM) services provide a key enabling technology for net-centric operations. This paper describes technology for Quality of Service (QoS) and Internet-Protocol-based Airborne Networking features for IM services. Enhancing IM services with airborne networking features improves effectiveness in combined tactical and enterprise networks with mobile airborne and ground-based embedded platforms interacting with enterprise systems in command and control operations.

Quality of Service in us air force information management systems

Warfighters in todays asymmetric engagements need access to mission-critical information no matter when and where it becomes available. Information Management Services (IMSs) based on publish-subscribe-query services have emerged as an important enabler of tactical information dominance in combined tactical and enterprise military situations. IMSs support information brokering and dissemination between decoupled information producers and consumers, for both future (publish-subscribe) and historical (publish-archive-query) information. To support operations in dynamic environments, IMSs require Quality of Service (QoS) capabilities to ensure prioritized delivery of mission-critical information, to mediate conflicting demands for information brokering and dissemination resources in constrained situations, and to adapt IMS operations to changing missions, roles, and priorities. This paper describes a set of QoS management services, QoS Enabled Dissemination (QED), that provide policy driven, dynamic, aggregate QoS management across the users of IMSs. The paper describes the QED prototype implementation and experimental results illustrating the improvement of QED over a non-QoS enabled IMS baseline.

Dynamic Policy-Driven Quality of Service in Service-Oriented Information Management Systems

SOA middleware has emerged as a powerful and popular distributed computing paradigm because of its high‐level abstractions for composing systems and encapsulating platform‐level details and complexities. Control of some details encapsulated by SOA middleware is necessary, however, to provide managed QoS for SOA systems that require predictable performance and behavior. This paper presents a policy‐driven approach for managing QoS in SOA systems called QoS enabled dissemination (QED). QED includes services for: (1) specifying and enforcing the QoS preferences of individual clients; (2) mediating and aggregating QoS management on behalf of competing users; and (3) shaping information exchange to improve real‐time performance. We describe QEDs QoS services and mechanisms in the context of managing QoS for a set of Publish‐Subscribe‐Query information management services. These services provide a representative case study in which CPU and network bottlenecks can occur, client QoS preferences can conflict, and system‐level QoS requirements are based on higher level, aggregate end‐to‐end goals. We also discuss the design of several key QoS services and describe how QEDs policy‐driven approach bridges users to the underlying middleware and enables QoS control based on rich and meaningful context descriptions, including users, data types, client preferences, and information characteristics. In addition, we present experimental results that quantify the improved control, differentiation, and client‐level QoS enabled by QED. Copyright

An End-to-End Security Auditing Approach for Service Oriented Architectures

Service-Oriented Architecture (SOA) is becoming a major paradigm for distributed application development in the recent explosion of Internet services and cloud computing. However, SOA introduces new security challenges not present in the single-hop client-server architectures due to the involvement of multiple service providers in a service request. The interactions of independent service domains in SOA could violate service policies or SLAs. In addition, users in SOA systems have no control on what happens in the chain of service invocations. Although the establishment of trust across all involved partners is required as a prerequisite to ensure secure interactions, still a new end-to-end security auditing mechanism is needed to verify the actual service invocations and its conformance to the expected service orchestration. In this paper, we provide an efficient solution for end-to-end security auditing in SOA. The proposed security architecture introduces two new components called taint analysis and trust broker in addition to taking advantages of WS-Security and WS-Trust standards. The interaction of these components maintains session auditing and dynamic trust among services. This solution is transparent to the services, which allows auditing of legacy services without modification. Moreover, we have implemented a prototype of the proposed approach and verified its effectiveness in a LAN setting and the Amazon EC2 cloud computing infrastructure.

A dynamic and policy-controlled approach to federating information systems

Timely access to relevant data and information is critical to successful mission execution in network centric warfare. Often, the data required to support a mission is not always resident within a single system, but is distributed among multiple systems that must be dynamically interconnected to support the data and information needs. While proprietary and stove-piped information systems have slowly given way to standardized information management architectures (such as the Joint Battlespace Infosphere (JBI) architecture developed by the US Air Force Research Laboratory), each independent organization and/or mission is normally associated with a separate instance of a managed information space that operates in an independent manner. This is necessary given the different stakeholders and administrative domains responsible for the information. However, the demands for coordination and cooperation require interoperability and information exchange between these independently operating information spaces. This paper describes a federated approach to interconnecting multiple information spaces to enable data interchange. We propose a set of interfaces to facilitate dynamic, runtime discovery and federation of information spaces. We also integrate with the KAoS policy and domain services framework to realize policy-based control over the federation and exchange of information. Our approach allows clients to transparently perform publish, subscribe, and query operations across all the federated information spaces. We have integrated with three existing JBI implementations – Apollo from the Air Force Research Laboratory, Mercury from General Dynamics and AIMS from Northrop Grumman. Most recently, we have integrated with Phoenix, a fully SoA (Service-oriented Architecture) based approach to information management.

Evaluating QoS-enabled information management services in a Navy operational context

Information Management (IM) services support the discovery, brokering, and dissemination of mission-critical information based on the informations content and characteristics. IM services support the dissemination of future information (through subscriptions) and past information (through queries) regardless of its source. To be useful across enterprise and tactical environments, IM services need mission-driven Quality of Service (QoS) features as part of their core functionality. We have developed QoS management features, QoS Enabled Dissemination (QED), that extend an Air Force Research Laboratory (AFRL) developed set of IM services, Phoenix. This paper describes the results of a joint services experiment evaluating QED and Phoenix in a US Navy scenario involving multiple ships connected by a Disconnected, Intermittent, Limited (DIL) satellite network. Experiments evaluate QED and Phoenixs ability to (1) provide IM in the Wide Area Network (WAN) context of the satellite communications, which includes long latencies and background traffic not under QED control; (2) control and utilize active-precedence and queue management features provided by the WAN; (3) handle severe network overload, network disruptions, and dynamic changes in policies; and (4) successfully enforce deadlines and information replacement policies.

Extending Net-Centricity to Coalition Operations

To bring the advantages of network-centric warfare to coalition warfighting, we must significantly improve our ability to quickly share critical information while still satisfying security requirements. Here, the authors explore a services-based approach to such information management.

Enabling information management systems in tactical network environments

Net-Centric Information Management (IM) and sharing in tactical environments promises to revolutionize forward command and control capabilities by providing ubiquitous shared situational awareness to the warfighter. This vision can be realized by leveraging the tactical and Mobile Ad hoc Networks (MANET) which provide the underlying communications infrastructure, but, significant technical challenges remain. Enabling information management in these highly dynamic environments will require multiple support services and protocols which are affected by, and highly dependent on, the underlying capabilities and dynamics of the tactical network infrastructure. In this paper we investigate, discuss, and evaluate the effects of realistic tactical and mobile communications network environments on mission-critical information management systems. We motivate our discussion by introducing the Advanced Information Management System (AIMS) which is targeted for deployment in tactical sensor systems. We present some operational requirements for AIMS and highlight how critical IM support services such as discovery, transport, federation, and Quality of Service (QoS) management are necessary to meet these requirements. Our goal is to provide a qualitative analysis of the impact of underlying assumptions of availability and performance of some of the critical services supporting tactical information management. We will also propose and describe a number of technologies and capabilities that have been developed to address these challenges, providing alternative approaches for transport, service discovery, and federation services for tactical networks.

Cooperative red teaming of a prototype surivable service-oriented system

An increasing number of military systems are being developed using service orientation. Some of the features that make service orientation appealing, like loose coupling, dynamism and composition-oriented system construction, make securing service-based systems more complicated. We have been developing technologies for Advanced Protected Services (APS) to improve the resilience and survival of services under cyber attack. These technologies introduce a layer to absorb, contain, and adapt to cyber attacks before attacks reach critical services. This paper describes an evaluation of these advanced protection technologies using cooperative red teaming. In cooperative red teaming, an independent red team launches attacks on a protected enclave in order to evaluate the efficacy and efficiency of the protection technologies, but the red team is provided full knowledge of the system under test and its protections, and is given escalating levels of access to the system. The red team also operates within agreed upon rules of engagement designed to focus their effort on useful evaluation results. Apart from presenting the evaluation results, we also discuss cooperative red teaming as an effective means of evaluating cyber security.