Information Technology Reference
In-Depth Information
Table 1.
High level requirements of ISS-ENT and ISS-BP in SWIM Security Services
ID Requirement
Opt.
RE1 Manage keys and identities of system entities (human, software, devices,...)
RE2 Support Single Sign-On (SSO)
RE3 Support a robust Identity and Key Management Infrastructure (IKMI)
that can be scaled up to large number of applications and users.
RE4 Intrusion detection and response
RB1 Less cross-program dependencies for External Boundary Protection System
RB2 More robust and scalable common security solution
RB3 Simpler operation of External Boundary Protection System
RB4 Support overall security assessment
The Opt(ional) column determines whether a requirement is compulsory or not at current design
time. Due to evolution, optional requirements may turn to be compulsory, and current compulsory
ones may no longer be needed in the future.
In addition, we discuss current limits of our work, but not the approach, as
well as our plan to address them (
§
6). Finally, we review related works (
§
7) and
§
conclude the paper(
8).
2 Case Study
Throughout this work, to give a clearer understanding of the proposed approach
we draw examples taken from the design architecture of SWIM [23, 7] in ATM.
SWIM provides a secure, overarching, net-centric data network, and intro-
duces a Service-Oriented Architecture (SOA) paradigm for airspace manage-
ment. The United States FAA [7] has proposed a logical architecture of SWIM
which consists of several function blocks, among which we choose to consider the
Security Services block. At high level analysis of Security Services, there are five
security areas:
i)
Enterprise Information Security System (ISS-ENT),
ii)
Bound-
ary Protection ISS (ISS-BP),
iii)
SWIM Core ISS,
iv)
National Air Space (NAS)
End System ISS, and
v)
Registry control. To avoid a detailed discussion on the
architecture of SWIM Secure Services, which are not main topic of this work,
while providing enough information for illustrating our work we refine our scope
of interest on two areas: ISS-ENT and ISS-BP.
-
ISS-ENT includes security requirements that are provided as part of an
underlying IT/ISS infrastructure used by systems throughout the NAS.
-
ISS-BP includes requirements with regard to control connections and in-
formation exchanges between internal NAS and external entities. These re-
quirements refer to both network layer control. (
e.g.,
VPNs, firewalls) and
application layer control.
Table 1 lists high level requirements of ISS-ENT and ISS-BP. For convenience,
each requirement has a corresponding identifier: two characters for the security
area (RE - stands for ISS-ENT requirements, RB - stands for ISS-BP ones),
