We have a long history of work in the field of information security, including areas as diverse as cryptographic algorithms, security protocols, key management and accreditation. Our current research work is based around the following observations.
The trend in information systems is towards a convergence of computing and communications infrastructures. The broadest visions would see applications, systems and users seamlessly and securely connected to each other as required, with machine support and information filtering to ensure that each person has exactly the right information, at the right time to fulfil their requirements.
However, such widespread and open access to information must be controlled according to the security rules that apply to the information. In other words, the Confidentiality, Integrity and Availability of information must be maintained. This creates a potential conflict, which is particularly acute in high assurance, multilevel security environments, such as government and military networks. Traditional security measures in such environments include "need to know" access to data and physical separation of applications both of which are contrary to the goals of open access.
The work we are doing to tackle some of these issues is described below.
Security Architectures and Models for Collaborative Working
We have experience in developing security architectures and models for a wide range of applications. Two examples for collaborative working are described below.
The OBSCUREĀ® system is an efficient and secure content distribution architecture that protects data in collaborative working scenarios. OBSCUREĀ® applies protection directly to data and, by separating content distribution from authorisation, it provides flexible and fine-grained security in a way that is particularly suited to such scenarios.
The second area of work is the management of user identities and rights in collaborative working scenarios. We are developing an identity management architecture to enable the interoperable and flexible control of access to multimedia data and applications in such scenarios.
Information Assurance
There is a potential conflict between the perceived requirement for widespread and open access to information and the need to apply strong security rules to the access to such data, particularly in high assurance environments. A summary of the main issues in this area can be found in the "High Assurance Network Security" white paper.
Security Management
Policy Based Management (PBM) is a rules-driven approach that can be used to automate pre-configurable system management tasks. It is usually employed in a network management context, for activities such as network security configuration or Quality of Service provisioning. We are exploring the use of PBM as a widely applicable technique for communication system management, particularly for controlling context- or mission- specific systems and enabling the rapid deployment and dynamic use of coalition infrastructures. Much work is being done on security management in particular, as well as the use of PBM in high assurance environments.
Network Enabled Capability (NEC)
The potential for the use of integrated communications networks for sharing information within the armed forces is rapidly increasing in line with commercial developments. However, military communications systems have particular needs that are not necessarily aligned with the commercial world (examples are: higher levels of security, more robust authentication, emissions control, increased resilience and survivability). These needs translate into requirements on the components of the communications networks. In addition, there is a desire on the part of the armed services to use Commercial Off The Shelf (COTS) equipment wherever this will not compromise the performance of the system.
We have used our expertise in IP Networking, Information Security and Radio Communications to address the problems associated with the provision of secure, robust and reliable multi-media communications in a military operational environment. As part of our work on NEC, a demonstration network has been constructed to provide a simulated environment that can be customised for particular operational scenarios of interest.