In the next-generation distributed computing environment, large scale system of systems may have a large number of roaming mobile nodes/devices. These devices may form various community of interests to carry out the intended commercial, military, or social processes. The concept of community of interest formation may represent the very foundation of next generation information assurance challenges, such as complex authorization, i.e. who gets access to what. In the military context, an example may be intelligence sharing amongst multiple agencies based on various need-to-know security credentials as well as secure operation governing policies.
Such highly dynamic mobile environments may also be characterized by several additional security challenges. The number of mobile nodes may be high and the number of the communities of interests that could formulate may also be high. Security management of such highly complex environments may require new and innovative solutions. A large percentage of these nodes may be mobile—such as in the mobile ad-hoc network environment. They may come and go frequently. Effective secure routing and communication may need to be addressed.
The business logic that dictates how these nodes work together (e.g. community of interest formation based on necessary conditions) may be highly complicated. Furthermore, the business logic that dictates the security behaviors of fix-nodes (infrastructure nodes) may need to be consistently enforced onto the mobile nodes to avoid double standards. The complexity of the future business model such as virtual enterprise, collaborative engineering, and coalition warfare may not be implemented by today's limited static mobile information assurance solutions.
The future may be a very dynamic environment. The dynamics may not only come from the nodes moving around and moving in and out of community of interests. The dynamics may also come from constant and rapid changes of business requirements at the application level—e.g. virtual enterprise contract re-negotiation, coalition warfare procedure updates, etc. All these changes may require rapid re-configuration of security parameters in both the mobile and static environments, and these roaming nodes/devices may need to comply rapidly to conform with new high level business requirement updates. Timing may also be essential to have the ability to update the policies as well as in the distribution and propagation of updates to the mobile nodes.
One challenge we are facing today is that traditional software-oriented mobile information assurance implementation may not only expose these mobile devices/clients to the before mentioned traditional attacks, but it may also not provide an effective community of interest management framework to allow these devices to work together securely and dynamically to satisfy both mandatory access control and discretionary access control requirements of next generation human business processes.
The future may require a more comprehensive hardware/software combined technology solution that addresses not only open system interconnection (OSI) layer 6-7 application software security, but which also may utilize advanced hardware implementation to aid network/routing layer isolation and community of interest formation. To align with such trends, a hardware/software combined solution is needed which addresses critical needs in next generation distributed system security applications.