Heterogeneous computing and heterogeneous clouds refer to emerging architectures to build a variety of processors including CPUs, GPUs, FPGAs, and more specialized processing elements into an interconnected mesh environment to provide an ideal processing capability for a variety of complex tasks and data types. The concept expands to cover edge computing enabling preprocessing, data selection, and data conditioning/labeling to enhance the overall outcome. The combination of processors will be augmented by a variety of interconnect and memory architectures and configurations leading to customizable settings and flows meeting the changing needs of data and customers. This variety of environments, tasks, and interconnects creates a new landscape that greatly varies from our standard computing infrastructure therefore reducing our expertise in identifying threats based on network, memory, and processing based on trends resulting in an unknown trust level. The goal is to build and operate a heterogeneous platform that provides dynamic resource assignments and capability elasticity to meet standard and surge needs in an environment that provides data security, isolation and attribution. Access control also becomes an essential element of the new environment.
KEYWORDS: Mobile communications, Network security, Information security, Telecommunications, Data communications, Clouds, Network architectures, Networks, Sensors
The development and implementation of the next generation wireless technology has been a key industrial goal over the last decade where many pieces of infrastructure are being incrementally built and deployed. The dream of automated homes, driverless vehicles, automated air traffic control, and intelligent cybermedicine can all be implemented with 5G and Artificial Intelligence/Machine Learning (AI/ML). Once you add AI/ML to the proposed high bandwidth, high speed, low latency network, with ubiquitous connectivity, we get a platform that can enable many safety-critical automated functions. 5G can also provide connectivity to every potential device to ensure owner knowledge of status and alerts for potential malfunctions. All this data can become weaponized in the wrong hands, so as we create more data to make life better and safer, we create vulnerabilities that can leverage the speed, and capacity of the communication system to harm users. This paper addresses the potential vulnerabilities and mitigations of ubiquitously implementing 5G to ensure secure communications and data protection.
KEYWORDS: Mobile devices, Computer security, Network security, Information security, Clouds, Mobile communications, Operating systems, Data communications, Control systems, Defense and security
Gaining the competitive advantage in today's aggressive
environment requires our corporate leaders and Warfighters
alike to be armed with up-to-date knowledge related to friendly
and opposing forces. This knowledge has to be delivered in
real-time between the core enterprise and tactical/mobile units at
the edge. The type and sensitivity of data delivered will vary
depending on users, threat level and current rules of
dissemination. This paper will describe the mobile security
management that basis access rights on positive identification of
user, authenticating the user and the edge device. Next, Access
Management is granted on a fine grain basis where each data
element is tagged with meta-data that is crypto-bound to the
data itself to ensure authenticity of contents and observance of
data sensitivity.
KEYWORDS: Information security, Software development, Clouds, Computer security, Network security, Standards development, Data modeling, Commercial off the shelf technology, Information technology, Defense and security
The new operational environment is exemplified by continuously shifting mission requirements that challenges our Information Systems to dynamically add functionality, increase throughput
and overcome threats to deliver new capabilities, quicker, with less cost, and more accuracy. It is essemntial that we engineer a flexibile design and follow an agile development process to keep up
with these rapid changes. Security considerations should continue to be architected in the initial system capability and implemented in an agile environment to ensure security of the environment, protection of contenets, control resources and authentication of users are accomplished in the new Information Technology
systems. Today's systems are being tasked to ingest process and analyze dramatically different, high volume data sets than they were originally designed to handle while they have to interact with
multiple new systems that were unaccounted for at design time. Agile development of modular systems based on commercial standards has
proven to be the best way to achieve these dynamic requirements and continuously meet the everchaning security threats and providing the
required service levels.
KEYWORDS: Clouds, Computer security, Information security, Data centers, Network security, Information technology, Internet, Control systems, Data storage, Data communications
The stakeholder's security concerns over data in the clouds
(Voice, Video and Text) are a real concern to DoD, the IC and
private sector. This is primarily due to the lack of physical
isolation of data when migrating to shared infrastructure
platforms. The security concerns are related to privacy and
regulatory compliance required in many industries (healthcare,
financial, law enforcement, DoD, etc) and the corporate
knowledge databases. The new paradigm depends on the
service provider to ensure that the customer's information is
continuously monitored and is kept available, secure, access
controlled and isolated from potential adversaries.
We are in an environment of continuously changing mission requirements and therefore our Information Systems
must adapt to accomplish new tasks, quicker, in a more proficient manner. Agility is the only way we will be able to
keep up with this change. But there are subtleties that must be considered as we adopt various agile methods:
secure, protect, control and authenticate are all elements needed to posture our Information Technology systems to
counteract the real and perceived threats in today's environment. Many systems have been tasked to ingest process
and analyze different data sets than they were originally designed for and they have to interact with multiple new
systems that were unaccounted for at design time. Leveraging the tenets of security, we have devised a new
framework that takes agility into a new realm where the product will built to work in a service-based environment
but is developed using agile processes. Even though these two criteria promise to hone the development effort, they
actually contradict each other in philosophy where Services require stable interfaces, while Agile focuses on being
flexible and tolerate changes up to much later stages of development. This framework is focused on enabling a
successful product development that capitalizes on both philosophies.
The traditional way of approaching the management and enforcement of information systems Policy in enterprise
environments is to manually translate laws and regulations into a form that can be interpreted and enforced by enterprise
devices. In other words we create system commands for routers, bridges, and firewalls to force data transfers and system
access to comply with the current policies and approved rules in order to control access and protect private, sensitive,
and classified information. As operational needs and threat levels change, the rules are modified to accommodate the
required response. It then falls on System Administrators to manually change the configuration of the devices they
manage to adapt their operations accordingly. As our user communities continue to rely more heavily on mission
information, and the enterprise systems and networks that provide it, our enterprise needs to progress to more automated
techniques that enable authorized managers to dynamically update and manage policies in digital formats. Automated
management of access rules that control privileges for accessing secure information and enterprise resources, enabled by
Digital Policy and other Enterprise Security Management (ESM) capabilities provides the means for system
administrators to dynamically respond to changing user needs, threat postures and other environmental factors.
With the increased popularity of virtual environments and advent of cloud enterprise services, IA management concepts
need to be reexamined. Traditional ESM solutions may be subjected to new classes of threats as physical control of the
assets that implement those services are relinquished to virtual environments. Additional operational factors such as
invoking critical processing, controlling access to information during processing, ensuring adequate protection of
transactions within virtual environments and executing ESM provisions are also affected. The paper describes the
relationships among relevant ESM enterprise services as they impact the ability to share and protect enterprise
information. Central to this is the ability to adopt and manage digital policies within the enterprise environment. It
describes the management functions that have to be supported, and the challenges that have to be addressed to ensure an
effective implementation. Since the adoption of cloud services is becoming an important consideration for the evolution
of enterprise architectures, the paper also explores the implications of shifting from traditional to virtual enterprise
environments.
KEYWORDS: Clouds, Computer security, Data modeling, Information security, Information technology, Data processing, Data storage, Network security, Defense and security, Data centers
The new corporate approach to efficient processing and storage is migrating from in-house service-center services to the newly
coined approach of Cloud Computing. This approach advocates thin clients and providing services by the service provider
over time-shared resources. The concept is not new, however the implementation approach presents a strategic shift in the
way organizations provision and manage their IT resources. The requirements on some of the data sets targeted to be run on
the cloud vary depending on the data type, originator, user, and confidentiality level. Additionally, the systems that fuse such
data would have to deal with the classifying the product and clearing the computing resources prior to allowing new
application to be executed. This indicates that we could end up with a multi-level security system that needs to follow specific
rules and can send the output to a protected network and systems in order not to have data spill or contaminated resources.
The paper discusses these requirements and potential impact on the cloud architecture. Additionally, the paper discusses the
unexpected advantages of the cloud framework providing a sophisticated environment for information sharing and data
mining.
This paper analyzes secure data sharing outside its security domain with services, agencies, coalition partners and
state/local authorities. There is a high demand for multiple levels of secure data at the tactical edge; however the threat
level at that point is elevated compared to the enterprise environment. This paper investigates the requirements,
technologies and risk mitigation techniques for securely sharing information with the tactical warfighter while protecting
the data and the information systems from intruders and malware. The new CD Systems need to eliminate the stovepipe
architectures and open the doors to share information across traditional and non-traditional domain boundaries.
KEYWORDS: Information security, Computer security, Clouds, Control systems, Network security, Homeland security, Data communications, Information assurance, Data processing, Telecommunications
Securing the DoD information network is a tremendous task due to its size, access locations and the amount of
network intrusion attempts on a daily basis. This analysis investigates methods/architecture options to deliver
capabilities for secure information sharing environment. Crypto-binding and intelligent access controls are basic
requirements for secure information sharing in a net-centric environment. We introduce many of the new technology
components to secure the enterprise. The cooperative mission requirements lead to developing automatic data
discovery and data stewards granting access to Cross Domain (CD) data repositories or live streaming data. Multiple
architecture models are investigated to determine best-of-breed approaches including SOA and Private/Public
Clouds.
KEYWORDS: Computer security, Network security, Information security, Cadmium sulfide, Control systems, Information assurance, Networks, Defense and security, Data conversion, Network architectures
The current approach of enabling real-time information sharing between the warfighters, homeland protectors and
allied/coalition forces is done mainly via custom solutions. There is a need for new standards that allow a common
service to provide automated processes to check and cleanse data and convert it to interoperable format before sending it
to the next domain. There is also a need to ensure that there is sufficient security for data and authenticate the source and
confidence in the contents. This paper investigates the requirements and architectures for the Enterprise Cross Domain
Solutions and presents the current needs, technologies and gaps.
KEYWORDS: Data centers, Data modeling, Information assurance, Information technology, Data storage, Defense and security, Web services, Decision support systems, Information security, Environmental management
As DoD moves towards an Enterprise approach to IT, CIOs have been lauding SOA as the solution. It is clear that SOA
addresses many challenges that face the DoD from information sharing to the fiscal issues of maintaining an IT
infrastructure. As SOA is applied to more complex tasks and as we move IT out to the tactical edge there is an increased
need to ensure access to the right information, in the right place at the right time. This paper explores the various
methodologies of data services that are making SOA an accessible reality DoD.
KEYWORDS: Information assurance, Nanolithography, Network architectures, Defense and security, Information security, Network security, Video, Control systems, Telecommunications, Computer architecture
The Global Information Grid (GIG) is a collection of systems, programs and initiatives aimed at building a secure
network and set of information capabilities modeled after the Internet. The GIG is expected to facilitate DoD's
transformation by allowing warfighters, policy makers and support personnel to engage in rapid decision making. The
roadmap is designed to take advantage of converged services of voice, data, video, and imagery over common data links.
The vision is to have commanders identify threats more effectively, make informed decisions, and respond with greater
precision and lethality. The information advantage gained through the GIG and network-centric warfare (NCW) allows
a warfighting force to achieve dramatically improved information positions, in the form of common operational pictures
that provide the basis for shared situational awareness and knowledge, and a resulting increase in combat power.
The GIG Precedence and Preemption (P&P) requirements stem from the need to utilize scarce resources at critical times
in the most effective way in support of national security, the intelligence community and the war-fighter. Information
Assurance (IA) enables all information and data to be available end-to-end to support any mission without delay in
accordance to the sensitivity of the task. Together, P&P and IA ensure data availability integrity, authentication,
confidentiality, and non-repudiation.
This study addresses and analyzes the QoS and P & P requirements and architecture for the GIG. Threat scenarios are
presented and used to evaluate the reference architectures. The goal of the study is to assess the Information Assurance
concerns associated with implementing Precedence and Preemption within the GIG and to guarantee an acceptable
minimum level of security and protection for DoD networks.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.