Efficient security policy reconciliation in tactical service oriented architectures

Abstract

Tactical mobile ad-hoc networks are likely to suffer from highly restricted link capacity and intermittent connectivity loss, but must provide secure access to services. The conditions under which services may be accessed and which security requirements must be maintained will vary dynamically, and local policies will hence change on a per-node basis even when starting from a common baseline such as when nodes obtain new information. In this paper we describe a mechanism allowing structured security policies to incorporate such local changes but to efficiently reconcile across tactical SOA networks, allowing the derivation of policy decisions as precomputed Horn clauses or directly reasoning over a description logic fragment. This mechanism minimises the communication overhead compared to earlier work whilst maintaining policy integrity, thereby allowing security policies to adapt to resource and network constraints and other local knowledge such as node compromises and blacklisting.