In the next-generation distributed computing environment, large scale systems of systems may have a large number of roaming mobile or stationary nodes/devices/clients. These devices may form various communities of interests to carry out the intended commercial, military, or social processes. The concept of community of interests (COI) formation may represent the very foundation of next generation information assurance challenges, such as complex authorization, i.e., who gets access to what. In the military context, an example may be intelligence sharing amongst multiple agencies based on various need-to-know security credentials as well as secure operation governing policies.
Such highly dynamic environments may also be characterized by several additional security challenges. The number of nodes may be high and the number of the communities of interests that could formulate may also be high. Security management of such highly complex environments may require new and innovative solutions. A percentage of these nodes may be mobile, such as in the mobile ad-hoc network environment. They may come and go frequently. Effective secure routing and communication may need to be addressed.
The business logic that dictates how these nodes work together (e.g., community of interests formation based on necessary conditions) may be highly complicated. Furthermore, the business logic that dictates the security behaviors of fixed-nodes (infrastructure nodes) may need to be consistently enforced onto the nodes to avoid double standards. The complexity of the future business model such as virtual enterprise, collaborative engineering, and coalition warfare may not be implemented by today's limited static mobile information assurance (IA) solutions.
The future may be a very dynamic environment. The dynamics may not only come from the nodes moving around and moving in and out of communities of interests. The dynamics may also come from constant and rapid changes of business requirements at the application level, e.g., virtual enterprise contract re-negotiation, coalition warfare procedure updates, etc. All of these changes may require rapid re-configuration of security parameters in both the mobile and static environments, and these roaming nodes/devices may need to comply rapidly to conform with new high level business requirement updates. Timing may also be essential to have the ability to update the policies as well as in the distribution and propagation of updates to the nodes.
One challenge being faced today is that traditional software-oriented mobile information assurance implementation may not only expose these mobile devices/clients to the before mentioned traditional attacks, but it may also not provide an effective community of interests management framework to allow these devices to work together securely and dynamically to satisfy both mandatory access control and discretionary access control requirements of next generation human business processes.
The future may require a more comprehensive hardware/software combined technology solution that addresses not only open system interconnection (OSI) layer 6-7 application software security, but that also may utilize advanced hardware implementation to aid network/routing layer isolation and community of interests formation. To align with such trends, a hardware/software combined solution is needed that addresses critical needs in next generation distributed system security applications.