Design and implementation of multilevel security subsystem based on XACML and WEB services


Controlled sharing of confidential information in military environment, especially as a part of joint and coalition forces, is an important mean to achieve the network-centricity goals. During last few years a technology for building the Service-Oriented Architecture has been developed. The Service-Oriented Architecture maps the concept of distributed service-oriented processing. It is a good application framework for integration of heterogeneous military systems. However, these systems could process the confidential data divided onto hierarchical classification levels. We can rise up the question: can Service-Oriented Architecture serve as a middleware layer to integrate such systems? The paper presents selected cases of information systems cooperation in systems federation.

We developed the functional mechanisms according to XACML architecture and we proposed necessary attributes for users and data, what enabled to control information exchange and to authorize users to access sensitive information resources. The developed MLS implementations were tested in terms of interoperability in the consortium and domestic test environment. In June 2012, both the implementations services were successfully tested in an international test environment during testing of interoperability with foreign partners (Germany) and NC3A agency in the NATO Secret network during CWIX 2012 exercises.