High assurance information exchange based on publish-subscribe and ABAC methods

Abstract

The presented effort employs a combination of publish-subscribe distribution and ABAC (Attribute Based Access Control) methods to control the information exchange between security domains. It follows strictly the "separation of duty" principle so a message router only has infrastructure duties while the identity management entity deals with management of authorizations and security policies. The presented work also implements a novel model for message protection and subject authorization. One characteristic of the resulting transfer protocol is that an external bump-on-the-wire device can verify the integrity of the messages and that the security policies are observed. This device can be carefully constructed for the purpose of high assurance and offer fail-safe mechanism in case the message router is malfunctioning or compromised.