Christopher Williams

A Cognitive Policy Framework for Next-Generation Distributed Federated Systems: Concepts and Research Directions

Next-generation collaborative activities and missions will be carried out by autonomous groups of devices with a large variety of cognitive capabilities. These devices will have to operate in environments characterized by uncertainty, insecurity (both physical and cyber), and instability. In such environments, communications may be fragmented. Proper policy-based management of such autonomous device groups is thus critical. However current policy management systems have many limitations, including lack of flexibility. In this paper, we articulate novel architectural approaches addressing the requirements for the effective management of autonomous groups of devices and discuss the notion of generative policies - a novel paradigm that enhances the flexibility of policy-based approaches to management. In this paper, we also survey types of policy that are essential for managing device groups. Even though many such policy types exist in conventional settings, their use in our context poses novel challenges that we articulate in the paper. We also introduce a research roadmap discussing several research directions towards the development of a cognitive and flexible policy-based approach to the management of autonomous groups of devices for collaborative missions. Finally, as our proposed policy paradigm is data-intensive, we discuss the problem of supplying the data required for policy decisions in environments characterized by mobility, uncertainly, and fragmented communications.

Provenance-Based Analytics Services for Access Control Policies

Successful collaborations require information and resource sharing and thus adequate access control policy management systems that control sharing among the collaborating entities. Such management systems need to be flexible in order to adapt to different environments and thus be able to support access control policy evolution. However, when dealing with large sets of evolving policies it is critical that policies meet certain policy quality requirements. Specifically, policies of interest must be up-to-date, complete, free of inconsistencies, relevant. In this paper, we propose an approach to analyze policies in order to determine whether policies meet such requirements. Our approach is based on the use of provenance techniques that collect comprehensive data about actions executed by users in the context of workflows, that is, sets of tasks executed according to some ordering by users. Provenance data are used by services that support various types of analysis to determine whether the policies of interest verify the quality requirements.

Re-framing “the AMN”: A case study eliciting and modelling a System of Systems using the Afghan Mission Network

The term System of Systems (SoS) is often used to classify an arrangement of independent and interdependent systems delivering unique capabilities. There appear to be many examples of SoSs, but the term has become a source of confusion. While many approaches have been proposed for engineering SoSs, there are few illustrative examples demonstrating their initial classification and resulting SoS structure. This paper presents an approach for framing a candidate SoS using the Afghan Mission Network defined as an Acknowledged SoS, and presents issues associated with SoSs stakeholders, human factors and interoperability considerations resulting from such an approach.

From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems

Framing Internet of Things (IoT) applications as a System of Systems (SoS) can help us make sense of complexity associated with interoperability and emergence. However, assessing the risk of SoSs is a challenge due to the independence of component systems, and their differing degrees of control and emergence. This paper presents three components for SoS risk assessment that integrate with existing risk assessment approaches: Human System Integration (HSI), Interoperability identification and analysis, and Emergent behaviour evaluation and control measures. We demonstrate the application of these components by assessing a pervasive SoS: a SmartPowerchair.

The Challenge of Access Control Policies Quality

Access Control policies allow one to control data sharing among multiple subjects. For high assurance data security, it is critical that such policies be fit for their purpose. In this paper we introduce the notion of “policy quality” and elaborate on its many dimensions, such as consistency, completeness, and minimality. We introduce a framework supporting the analysis of policies with respect to the introduced quality dimensions and elaborate on research challenges, including policy analysis for large-scale distributed systems, assessment of policy correctness, and analysis of policies expressed in richer policy models.

The generative policy approach for dynamic collaboration in coalition environments

Coalition operations of the future will see an increased use of autonomous vehicles, mules and UAVs in different kinds of contexts. Because of the scalability and dynamicity of operations at the tactical edge, such vehicles along with the supporting infrastructure at base-camps and other forward operating bases would need to support an increased degree of autonomy. In this paper, we look at one specific scenario where a surveillance mission needs to be performed sharing resources borrowed from multiple coalition partners. In such an environment, experts who can define security and other types of policies for devices are hard to find. One way to address this problem is to use generative policies – an approach where the devices generate policies for their operations themselves without requiring human involvement as the configuration of the system changes. We show how access control policies can be created automatically by the different devices involved in the mission, with only high-level guidance provided by humans. The generative policy architecture can enable rapid reconfiguration of security policies needed to address dynamic changes from features such as auto-scaling. It can also support improved security in coalition contexts by enabling the solutions to use approaches like moving target defense. In this paper, we would discuss a general architecture which allows the generative policy approach to be used in many different situations, a simulation implementation of the architecture and lessons learnt from the implementation of the simulation.

System design considerations for risk perception

The perception of risk is a driver for security analysts decision making. However, security analysts may have conflicting views of a risk based on personal, system and environmental factors. This difference in perception and opinion, may impact effective decision making. In this paper, we propose a model that highlights areas contributing to the perception of risk in a socio-technical environment and their implication to system design. We validate the model through the use of a hypothetical scenario, which is grounded in both the literature and empirical data.

Improving Security in Coalition Tactical Environments Using an SDN Approach

Coalition tactical environments are composed of different networks of two or more organizations coming together to perform a short-term tactical operation with a well-defined mission. Cybersecurity is an important consideration in coalition operation. It is a complex challenge due to the need for operational effectiveness coupled with limited trust relationships that exist among different coalition partners. New emerging paradigms in networking, such as software-defined networking (SDN), provide a mechanism to deal more effectively with the security challenges in a coalition environment. In this chapter, we provide an overview of tactical coalition environments and discuss how to utilize the principles of SDN to improve security and cyber situational awareness in them. The chapter also provides an approach for cybersecurity awareness using the observe, orient, decide, and act (OODA) paradigm and explores how OODA-based security can be augmented by means of SDN. As part of this discussion, we also discuss how SDN approaches can help in improving the security and operations of non-coalition tactical networks.