MultiDomain Dissemination using XML Schema and XML Signature

1
Multi-Domain Disseminationusing XML Schemaand
XML Signature
Clive Carpi Science Applications International
Corporation (703) 676-4926 clive.c.carpi_at_saic.com
2
Topics

• Todays multi-domain production and dissemination
  process in the Intelligence Community
• New focus on quicker sharing of information and
  secondary release
• Future XML-based approach
• Conclusions

3
The Need

• Share relevant intelligence with appropriate
  authorities as quickly as possible

We propose that information be shared
horizontally, across new networks that transcend
individual agencies. The 9/11 Commission
Report, p. 418
4
The Need, continued

• Since before 9/11, the U.S. Intelligence
  Community has been striving to improve
  dissemination of intelligence
• Many cross-organization groups are at work
  defining metadata and applying technologies to
  enhance discovery and expedite processing
• Presidential, Congressional, DCI and DoD
  directives are in place that mandate better
  sharing
• Executive Order 13356, among others, requires
  that standards be adoptednowto facilitate
  dissemination of intelligence across security
  domains

5
The Need, continued

• The objective is to get intelligence data and
  analysis, both raw and processed, into the hands
  of organizations that need and can use it as
  expeditiously as possible.

Speed the development of smart summarization
tools to support enhanced generation of tearlines
and de-sensitized versions of intelligence, by
2004, for a variety of partners... The DCIs
Strategic Direction II paper
6
The US Intelligence Community

• collects,
• processes,
• exploits, and
• disseminates
• intelligenceproduct

7
Dissemination of Intelligence

• Dissemination is to audiences with different
  degrees of clearance and need to know
• national command authorities
• other IC organizations
• military commands
• homeland security organizations
• selected allied governments
• military coalitions
• Dissemination is specified by a set of controls
  recorded in the document

8
Multiple Security Domains
IntelligenceCommunity TOP SECRET
9
Todays Multi-Domain Process

• Analyst writes a report in a top secret
  environment
• Report is readied for HTML or PDF posting
• Report is adapted as many times as there are
  domain outputs needed
• Military commands
• Close allies
• Homeland security
• Documents hosted on appropriate network servers

10
Secondary Release is an Objective
SECRET
UNCLASSIFIED
TOP SECRET
11
Process-Oriented Problems

• Additional effort to convert different versions
  to different output formats
• Bottlenecks cause information to be disseminated
  slowly
• More stringent requirement for human reviewers to
  review more versions and outputs

12
Functional-Oriented Problems

• Multiple documents to manage that can appear to
  be very different, but in reality are very
  related
• No binding of changes across different versions,
  so tracking changes that impact all versions is
  impossible

13
What Compels Change?

• Everyone continues to deal with pain of
  multi-domain production and dissemination
• In todays new up-tempo, sharing-dependent
  operations
• Being asked to share more openly
• to a broader audience
• including state and local authorities and first
  responders

14
Prior Technical Attempts

• Organizations have tried using various XML
  approaches to automate filtering of content to
  produce variants
• using document structure to segregate sections
  that can be released from those that cannot
• filtering individual titles, paragraphs, list
  items, and tables based on classification and
  dissemination controls

15
Prior Technical Attempts, continued

• These have not generally been satisfactory or are
  error prone
• Automated removal of individual document parts
• can leave incoherent documents
• the leftovers have lost some of their context
• Need for variant-unique resource metadata largely
  overlooked
• No automated resource metadata generatorsyet!
• Overall content of document can change in the
  releasing process
• Mention of a country or source removed
• Points of contact removed or made anonymous
• Overall security marking changes

16
Proposed Objective Solution

• Provide a longer-term approach to tearline markup
  that
• incorporates all required metadata,
• clearly delimits tearline information, and
• supports digitally-signed tearlines
• all in one package

17
Enter XML

• XML provides the technology
• XML hierarchy can clearly delimit each domain
  variant
• Descriptive metadata, including security
  markings, can be defined for each variant
• XML digital signatures can authenticate the
  releasability of each variant and ensure
  integrity of the data
• Markup based processing logic
• Non-repudiation
• Information assurance
• Security network domain filtering

18
Enter XML, continued

• XML (data labeling and self-description) can
  enable partial or complete automation of
  instructions for traffic review and controlled
  release
• Strict use of XML Schema (explicit data typing
  and no mixed content) for validating XML pushes
  data into highly structured category
• XSLT can be used for secondary validation and
  sanitization
• Certification of XML schemas, XSL, authority
  files and business logic incorporated into domain
  interface systems is possible

19
Multi-domain Document

• Recommended solution a multi-domain document
• An outer wrapper element, named
  MultiDomainDocument, contains
• security info
• one or more complete variant structures with
  embedded signatures, and
• an optional set of digital signatures for signing
  of the whole composite document or parts thereof

20
Security Information

• Element Security specifies applicable
  parameters such as
• classification
• compartmented info control programs
• special access programs
• dissemination controls

21
Domain Variant

• Each variant includes security info,
  authority-list IDs, a document of any type, and
  a digital signature list
• Each variant document is complete, with its own
  tailored resource metadata

22
Payload Documents
23
Digital Signatures

• Whats in the SignatureList element?
• Digital signature object(s) defined by the W3C
  and IETF
• A signature can be embedded in the variant
  document or be outside of it
• Our solution puts the signature within so that it
  travels with the variant

24
Digital Signatures, continued

• An attribute of Reference specifies the variant
  that is signed by fragment identifier

25
Concept of Operation

• Originating organization creates product with as
  few restrictions as possible, and creates one or
  more variants for broader dissemination
• Releasing authority approves dissemination
  controls, and signs each domain variant

26
Concept, continued
27
Policy/CONOPS Questions

• Availability of releasable variants
• Always create all variants?
• EO 13356 says yes!
• Production will take longer unless this can be
  automated
• Provide all variants on all allowed domains?
• For each domain, only provide domain-specific
  variant and require consumer to come back to
  producer for lower-domain variant when needed,
  or
• Provide all variants to consumers so they can
  further disseminate more rapidly

28
Validation at Domain Boundaries

• Accredited software tools
• perform tests as required
• validate releasers signature
• strip off releasers signature and re-sign with a
  certificate appropriate to the new domain

29
Conclusions

• Todays multi-domain dissemination processes are
  complicated and error prone
• XMLs single source, multiple output capabilities
  are perfectly suited to solve multi-domain
  dissemination
• Addition of trusted solutions (OS, guards, PKI,
  digital signatures) with XML awareness will make
  multi-domain dissemination more automated in near
  future

30
(No Transcript)