Need-to-know vs. need-to-share: the net-centric dilemma

Abstract

In Net-centric operations the timely flow of the correct information to the mission partners is fundamental for the success of the endeavor. Yet, as we strive to work in multi-agencies and multi-national coalitions it is important to control the flow of information. This is the information assurance net-centric dilemma. How to speed the flow of information while keeping the necessary access boundaries? Current multi-level security and role base access strategies and their derivatives control the flow of data, but fail to implement higher levels of information policy. We propose an architecture capable of supporting the solution of the Net-Centric dilemma. This architecture, distributed and scalable, is compatible with Air Force's Metadata Environment initiative (MDE). In the proposed architecture the metadata tagged data items are used to construct a semantic map of how the information items are associated. Using this map, policy can be applied to information items. Provided the policy is logically based, reasoners can be used to identify not only if the person soliciting the data item has rights to receive it but also what kind of information can be derived from this data based on information retrieved previously. The full architecture includes the determination of which information can be relayed or not at any given time, as well as all the required mechanisms for enforcement including identification of potential intentional fraudulent actions. The proposed architecture is extensible and does not require any specific policy language or reasoner to be effective. Multiple approaches can be simultaneously present in the system.