Satellite clusters require secure sharing of computing resources among applications with different security requirements while preventing unauthorized information flow. This work is innovative because it adapts multi-level security concepts to the publish-subscribe communication paradigm, enabling secure interactions without requiring applications to understand low-level security mechanics. The approach maintains system openness while enforcing strict information partitioning.
This technical report addresses challenges of establishing secure interactions across distributed applications in satellite clusters. The work presents Secure Transport (ST) mechanism using Multi-Level Security (MLS) policies to enforce information partitioning between applications with different security classifications. The approach extends OpenDDS middleware to support secure publish-subscribe interactions.
Secure Transport successfully enforces MLS policies in a satellite cluster environment enabling secure communication between applications with different security labels. The mechanism prevents unauthorized information flows while permitting legitimate communication between applications with compatible security labels. Testing demonstrates feasibility of secure interactions without manual security policy management.
@inproceedings{Pradhan2014,
author = {Pradhan}, S. and {Emfinger}, W. and Dubey, Abhishek and {Otte}, W. R. and {Balasubramanian}, D. and {Gokhale}, A. and {Karsai}, G. and {Coglio}, A.},
booktitle = {2014 IEEE International Conference on Space Mission Challenges for Information Technology},
title = {Establishing Secure Interactions across Distributed Applications in Satellite Clusters},
year = {2014},
month = {sep},
pages = {67-74},
abstract = {Recent developments in small satellites have led to an increasing interest in building satellite clusters as open systems that provide a "cluster-as-a-service" in space. Since applications with different security classification levels must be supported in these open systems, the system must provide strict information partitioning such that only applications with matching security classifications interact with each other. The anonymous publish/subscribe communication pattern is a powerful interaction abstraction that has enjoyed great success in previous space software architectures, such as NASA's Core Flight Executive. However, the difficulty is that existing solutions that support anonymous publish/subscribe communication, such as the OMG Data Distribution Service (DDS), do not support information partitioning based on security classifications, which is a key requirement for some systems. This paper makes two contributions to address these limitations. First, we present a transport mechanism called Secure Transport that uses a lattice of labels to represent security classifications and enforces Multi-Level Security (MLS) policies to ensure strict information partitioning. Second, we present a novel discovery service that allows us to use an existing DDS implementation with our custom transport mechanism to realize a publish/subscribe middleware with information partitioning based on security classifications of applications. We also include an evaluation of our solution in the context of a use case scenario.},
category = {conference},
contribution = {lead},
doi = {10.1109/SMC-IT.2014.17},
file = {:Pradhan2014-Establishing_Secure_Interactions_across_Distributed_Applications_in_Satellite_Clusters.pdf:PDF},
issn = {null},
keywords = {distributed systems, security, multi-level security, publish-subscribe, satellite systems, information flow control},
tag = {platform},
month_numeric = {9}
}