1. Field
The present invention relates generally to providing access control to multiple communities of interest, and more specifically to dynamically control access to multiple communities of interest on a single user workstation.
2. Background
Systems exist that contain an end user workstation computing architecture using commercial off the shelf (“COTS”) components to enable that end user workstation to meet varying levels of information assurance requirements. Such systems utilize typical COTS hardware and software that can be coupled with a host operating system, virtual machine monitor, virtual network hubs, network encryptors, and filtering routers to allow multiple machine environments to run simultaneously and to access multiple networks from the same physical machine. One goal of such systems is to remove the security functionality from the control of the operating system and applications of the end user workstation. In doing so, security functions are layered within the systems and are isolated from user operating systems and application software. Similarly, protection from rudimentary network attacks is provided by router technology. Additionally, various processing instantiations have been incorporated to operate a user workstation and provide increased assurance levels, including through techniques that can provide failure detection.
Certain drawbacks, however, exist in such systems. Typically, an end user workstation implementing such technology contains static domains. A static domain means a network domain with which communication cannot occur unless the client computer is preloaded with the necessary software and credentials, and the software and credentials are not easily changed (added to or removed from) to reflect mission need. As a result, if access to a domain is needed and the proper client partition for that domain does not exist on the end user workstation, the user cannot use that platform. In addition, the static nature of the client partitions requires that each partition must be separately and individually updated. Furthermore, such systems have a local login process that requires all users to have an account on all machines that they expect to use and the communications between the client running on the end user workstation and the associated session server are not protected. On the server side, the session server represents an expensive single point of failure if it experiences a problem or is compromised. Additionally, each domain requires a separate login by the end user workstation.
Additional drawbacks exist with such systems. For example, static domains continue to exist on end user workstations, each partition still needs to be separately and individually updated, and each domain requires a separate login by the user of end user workstation. Generally, as evidenced by current systems used to deploy multi domain workstations (including, for example, CMWs and NetTop systems), management of such individually configured systems does not scale and such systems do not provide the dynamics necessary for a changing environment.
Also, current federated identification and authentication (I&A) systems that are used to provide a single sign on (SSO) capability require that the consumer and producers of the authentication token be able to communicate to validate the generated temporal credentials. In numerous deployments such token-based mechanisms will not operate properly, including, for example, a coalition environment (which could involve multiple nations or multiple armed services) or other similar situations. In these deployments the domains are prohibited by policy from inter communication (since they store highly sensitive information) to ensure that the systems in the domains can not be attacked using the communications channel for the authentication mechanism required for the validation.
Additionally, although current virtual machine based technology provides a mechanism to emulate the operation of multiple different types of computers on a single computer workstation, in a heterogeneous system (e.g., a coalition environment), this capability does not provide acceptable methods for keeping the images that make up the virtual machine patched and updated with other required changes. In certain systems, a virtual machine image can be booted from a central storage area where the image can be administratively updated once. This image, however, then must be distributed to the members of the environment. Such a technique does not meet the needs of various environments where such distribution would be unworkable (e.g., in a battlefield or other coalition environment, or where a platform has limited bandwidth).
Consequently, a need exists in the art for a system that dynamically provides communities of interest on a COTS platform with central management and the ability for a user to log on only once (also known as “single sign on” or “SSO”). Such a system would be useful in numerous contexts, including in distressed communications environments with low bandwidth (e.g., in a battlefield context).