Information Sharing for Military Stabilization and Reconstruction Operations
1 / 28

Assured Information Sharing - PowerPoint PPT Presentation

  • Uploaded on

Information Sharing for Military Stabilization and Reconstruction Operations Prof. Bhavani Thuraisingham Prof. Latifur Khan Prof. Murat Kantarcioglu The University of Texas at Dallas [email protected] April 2009. Assured Information Sharing.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Assured Information Sharing' - bonita

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Information Sharing for Military Stabilization and Reconstruction OperationsProf. Bhavani Thuraisingham Prof. Latifur KhanProf. Murat KantarciogluThe University of Texas at [email protected] 2009

Assured information sharing
Assured Information Sharing Reconstruction Operations

  • Daniel Wolfe (formerly of the NSA) defined assured information sharing (AIS) as a framework that “provides the ability to dynamically and securely share information at multiple classification levels among U.S., allied and coalition forces.”

  • The DoD’s vision for AIS is to “deliver the power of information to ensure mission success through an agile enterprise with freedom of maneuverability across the information environment”

  • 9/11 Commission report has stated that we need to migrate from a need-to-know to a need-to-share paradigm

  • Our objective is to help achieve this vision by defining an AIS lifecycle and developing a framework to realize it.

Architecture 2005 2008
Architecture: 2005-2008 Reconstruction Operations

Data/Policy for Coalition









Data/Policy for

Data/Policy for

Agency A

Agency C


Data/Policy for

Trustworthy Partners

Semi-Trustworthy Partners

Untrustworthy Partners

Agency B

Our approach
Our Approach Reconstruction Operations

  • Integrate the Medicaid claims data and mine the data; next enforce policies and determine how much information has been lost (Trustworthy partners); Prototype system; Application of Semantic web technologies

  • Apply game theory and probing to extract information from semi-trustworthy partners

  • Conduct information operations (defensive and offensive) and determine the actions of an untrustworthy partner.

  • Data Mining applied for trustworthy, semi-trustworthy and untrustworthy partners

  • Trust for Peer to Peer Networks (Infrastructure security)

Policy enforcement prototype dr mamoun awad postdoc and students
Policy Enforcement Prototype Reconstruction OperationsDr. Mamoun Awad (postdoc) and students


Architectural elements of the prototype
Architectural Elements Reconstruction Operationsof the Prototype

  • Policy Enforcement Point (PEP):

  • Enforces policies on requests sent by the Web Service.

  • Translates this request into an XACML request; sends it to the PDP.

  • Policy Decision Point (PDP):

  • Makes decisions regarding the request made by the web service.

  • Conveys the XACML request to the PEP.

    Policy Files:

  • Policy Files are written in XACML policy language. Policy Files specify rules for “Targets”. Each target is composed of 3 components: Subject, Resource and Action; each target is identified uniquely by its components taken together. The XACML request generated by the PEP contains the target. The PDP’s decision making capability lies in matching the target in the request file with the target in the policy file. These policy files are supplied by the owner of the databases (Entities in the coalition).


  • The entities participating in the coalition provide access to their databases.

Beyond xml security why do we need rdf owl security
Beyond XML Security Reconstruction OperationsWhy do we need RDF, OWL Security?

  • Why do we need RDF and OWL?

    • More expressive as well as reasoning power than XML

    • Inferencing capabilities

  • Policies can be expressed in RDF and OWL

  • Need to secure RDF and OWL documents

  • Inference and Privacy problems can be better handled with RDF and OWL

  • Some early research on RDF security with Elena Ferrari and Barbara Carminati (2003-4)

  • More recently joint work with UMBC, UTSA, MIT (SACMAT 2008)

Confidentiality privacy and trust cpt
Confidentiality, Privacy and Trust CPT Reconstruction Operations

  • Trust

    • Trust is established between say a web site and a user based on credentials or reputations.

  • Privacy

    • When a user logs into a website to make say a purchase, the web site will specify that its privacy policies are. The user will then determine whether he/she wants to enter personal information.

    • That is, if the web site will give out say the user’s address to a third party, then the user can decide whether to enter this information.

    • However before the user enters the information, the user has to decide whether he trusts the web site.

    • This can be based on the credential and reputation.

    • if the user trusts the web site, then the user can enter his private information if he is satisfied with the policies. If not, he can choose not to enter the information.

  • Confidentiality

    • Here the user is requesting information from the web site;

    • the web site checks its confidentiality policies and decides what information to release to the user.

    • The web set can also check the trust it has on the user and decide whether to give the information to the user.

Semantic web based policy engine
Semantic web-based Policy Engine Reconstruction Operations

Interface to the Semantic Web


By UTDallas

Inference Engine/

Rules Processor






Web Pages,


Semantic web


Policy engine approach i
Policy Engine – Approach I Reconstruction Operations

Interface to the Semantic Web


By UTDallas

Inference Engine/

Rules Processor

e.g., Pellet






RDF Documents

Policy engine approach ii
Policy Engine: Approach II Reconstruction Operations

Interface to the Semantic Web


By UTDallas

Inference Engine/

Rules Processor

e.g., RDF Reasoner





Oracle RDF Data Manager

RDF Documents

Distributed information exchange ryan layfield murat kantarcioglu bhavani thuraisingham
Distributed Information Exchange Reconstruction Operations(Ryan Layfield, Murat Kantarcioglu, Bhavani Thuraisingham)

  • Multiple, sovereign parties wish to cooperate

    • Each carries pieces of a larger information puzzle

    • Can only succeed at their tasks when cooperating

    • Have little reason to trust or be honest with each other

    • Cannot agree on single impartial governing agent

    • No one party has significant clout over the rest

    • No party innately has perfect knowledge of opponent actions

      • Verification of information incurs a cost

      • Faking information is a possibility

  • Current modern example: Bit Torrent

    • Assumes information is verifiable

    • Enforces punishment however through a centralized server

Defensive operations detecting malicious executables using data mining
Defensive Operations Reconstruction Operations: Detecting Malicious Executables using Data Mining

  • What are malicious executables?

    • Harm computer systems

    • Virus, Exploit, Denial of Service (DoS), Flooder, Sniffer, Spoofer, Trojan etc.

    • Exploits software vulnerability on a victim

    • May remotely infect other victims

    • Incurs great loss. Example: Code Red epidemic cost $2.6 Billion

  • Malicious code detection: Traditional approach

    • Signature based

    • Requires signatures to be generated by human experts

    • So, not effective against “zero day” attacks

Offensive operation overview kevin hamlen mehedy masud latifur khan bhavani thuraisingham
Offensive Operation: Overview Reconstruction OperationsKevin Hamlen, Mehedy Masud, Latifur Khan, Bhavani Thuraisingham

  • Goal

    • To hack/attack other person’s computer and steal sensitive information

    • Without having been detected

  • Idea

    • Propagate malware (worm/spyware etc.) through network

    • Apply obfuscation so that malware detectors fail to detect the malware

  • Assumption

    • The attacker has the malware detector (valid assumption because anti-virus software are public)

Research transitioned into ais muri afosr umbc purdue utd uiuc utsa uofmi 2008 2013
Research Transitioned into Reconstruction OperationsAIS MURI – AFOSRUMBC-Purdue-UTD-UIUC-UTSA-UofMI2008-2013

  • (1) Develop a Assured Information Sharing Lifecycle (AISL)

  • (2) a framework based on a secure semantic event-based service oriented architecture to realize the life cycle

  • (3) novel policy languages, reasoning engines, negotiation strategies, and security infrastructures

  • (4) techniques to exploit social networks to enhance AISL

  • (5) techniques for federated information integration, discovery and quality validation

  • (6) techniques for incentivized assured information sharing.

  • Unfunded Partners: Kings College Univ of London and Univ of Insurbria (Steve Barker, Barbara Carminati, Elena Ferrari)

Military stabilization and reconstruction operations saro
Military Stabilization and Reconstruction Operations (SARO) Reconstruction Operations

  • According to a GAO Report published in October 2007 “DOD has taken several positive steps to improve its ability to conduct stability operations but faces challenges in developing capabilities and measures of effectiveness, integrating the contributions of non-DOD agencies into military contingency plans, and incorporating lessons learned from past operations into future plans.

  • These challenges, if not addressed, may hinder DOD’s ability to fully coordinate and integrate stabilization and reconstruction activities with other agencies or to develop the full range of capabilities those operations may require.”

  • Around the same time, the Center for Technology and National Security Policy at NDU and the Naval Postgraduate School identified some key technologies crucial for the military stabilization and reconstruction processes in Iraq and Afghanistan.

Military stabilization and reconstruction operations saro2
Military Stabilization and Reconstruction Operations (SARO) Reconstruction Operations

  • Four concurrent tasks have to carry out in parallel (NDU Study). They are the following:

  • (i) Security: Ensure that those who attempt to destroy the emergency of a new society are suppressed. This will include identifying that are the trouble makers or terrorists and destroy their capabilities.

  • (ii) Law and order: Military and police skills are combined to ensure that there are no malicious efforts to disturb peace.

  • (iii) Repair infrastructure: Utilize the expertise of engineers and geographers both from allied countries and local people and build the infrastructure.

  • (iv) Establish an interim government effectively: Understand the cultures of the local people, their religious beliefs and their political connections and establish a government.

  • Dr. Karen Guttieri states that Human Terrain is a crucial aspect and we need hyperlinks to People, Places, Things and Events to answer questions such as * Which people are where? Where are their centers and boundaries? Who are their leaders Who is who in the zoo? What are their issues and needs? What is the news and reporting? Essentially the human domain associations builds relationships between the who, what, where, when and why (5W)

Military stabilization and reconstruction operations saro3
Military Stabilization and Reconstruction Operations (SARO) Reconstruction Operations

  • NDU Study states that there are several unique challenges for SARO and elaborates as follows:

  • “The nature of S&R operations also demands a wider focus for ISR.

  • In addition to a continuing need for enemy information (e.g., early detection of an insurgency), S&R operations require a broad range of essential information that is not emphasized in combat operations.

  • A broader, more specific set of information needs must be specified in the Commander’s Critical Information Requirements (CCIR) portfolio. CCIR about areas to be stabilized include the nature of pre-conflict policing and crime, influential social networks, religious groups, and political affiliations, financial and economic systems as well as key institutions and how they work are other critical elements of information.

  • Mapping these systems for specific urban areas will be tedious though much data is already resident in disparate databases.”

Saro lifecycle sarol
SARO Lifecycle (SAROL) Reconstruction Operations

  • SAROL consists of three major phases

    • (1) information and relationship discovery and acquisition,

    • (2) information and relationship modeling and integration and

    • (3) information and relationship exploitation.

  • During the discovery and acquisition phase commanders and key people will discover the information and relationships based on those advertised as well as those obtained through inference.

  • During the modeling and integration phase the information and the relationship have to be modeled, additional information and relationships inferred as well as the information and relationships integrated.

  • During the exploitation phase the commanders and those with authority will exploit the information, make decisions and take effective actions

Saro lifecycle sarol1
SARO Lifecycle (SAROL) Reconstruction Operations

Our design of sarol via tgs sw
Our Design of SAROL via TGS-SW Reconstruction Operations

  • We are designing SAROL (Stabilization and Reconstruction Operations Lifecycle). SAROL will consist of multiple phases and will discover relationships and information, model and integrate the relationships and information, as well as exploit the relationships and information for decision support.

  • The system that implements SAROL will utilize geosocial semantic web technologies, a novel semantic web that we are designing.

  • The basic infrastructure that glues together the various phases of SAROL will be based on the SOA paradigm.

  • We are utilizing the technologies that we have developed in social networking and geospatial semantic web to develop temporal geosocial semantic web technologies for SAROL.

  • It should be noted that in our initial design we are focusing on the basic concepts for SAROL will involve the development of TGS-SW.

  • This includes capturing the social relationships and mapping them to the geolocations.

  • In our advanced design we will include some advanced techniques such as knowledge discovery, and risk based trust management for the information and relationships.

Our design of sarol via tgs sw1
Our Design of SAROL via TGS-SW Reconstruction Operations

Our design of sarol via tgs sw2
Our Design of SAROL via TGS-SW Reconstruction Operations

Our design of sarol via tgs sw3
Our Design of SAROL via TGS-SW Reconstruction Operations

Incentives for information sharing
Incentives for Information Sharing Reconstruction Operations

  • Incentive based information sharing is a major component of the SARO system.

  • We are working on building mechanisms to give incentives to individuals/organizations for information sharing.

  • Once such mechanisms are built, we can use concepts from the theory of contracts (e.g., Laffont and Martifort 2001) to determine appropriate rewards such as ranking or, in the case of certain partners, monetary benefits.

  • Currently, we are exploring how to leverage secure distributed audit logs to rank individual organizations between trustworthy partners.

  • To handle situations where it is not possible to carry out auditing, we are developing game theoretic strategies for extracting information from the partners. The impact of behavioral approaches to sharing are also currently considered.

  • Finally we are conducting studies based on economic theories and integrate relevant results into incentivized assured information sharing as well as collaboration.

Status and directions
Status and Directions Reconstruction Operations

  • We are designing a temporal geospatial social semantic web that can be utilized by military personnel, decision makers, and local/government personnel to reconstruct after a major combat operation.

  • We essentially develop a lifecycle for SARO. We are utilizing the technologies we have developed including geospatial semantic web and social network system as well as building new technologies to develop SAROL.

  • There are several areas that need to be included in our research.

    • Security and privacy: We need to develop appropriate policies for SAROL. These policies may include confidentiality policies, privacy policies and trust policies.

    • Only certain geospatial as well as social relationships may be visible to certain parties. Privacy of the individuals involved have to be protected.

    • Different parties may place different levels of trust on each other.

    • Handling dynamic situations where some parties may be trustworthy at one time and may be less trustworthy at another time.