Secure Access Management for Secure Operational Networks (SAMSON) – Concept of Operations (CONOPS)

PDF

Authors
  1. Charlebois, D.
  2. Carruthers, B.
  3. Henderson, G.
  4. Simmelink, D.
Corporate Authors
Defence Research and Development Canada, Ottawa Research Centre, Ottawa ON (CAN)
Abstract
The Secure Access Management for Secure Operational Networks (SAMSON) project demonstrated data-centric information protection on an existing unmodified operational network. The integration of access management technologies and protection mechanisms allows for the hosting of multi-caveated information on a single network. Adopting a SAMSON data-centric security model results in an improved security posture, and provides enhanced auditing and information sharing with minimal impact to the operator. This report documents the Concept of Operations (CONOPS) for how the data-centric SAMSON capability would be used on an existing system-high Secret (Level II) network. This CONOPS defines new roles to: 1) Set up in an existing infrastructure; 2) Maintain the capability during the deployed lifecycle; and 3) Support end user / client activities at the desktop endpoint. An operational scenario is described, which was used to exercise the various components of SAMSON in an operational environment. The final demonstration with a SAMSON capability fully integrated into a military exercise was held at the Coalition Attack Guidance Experiment (CAGE) in November 2012. SAMSON: 1) Was installed in the existing CAGE network; 2) Used the roles outlined in this document; 3) Used by Canadian Armed Forces (CAF) operators during this exercise; and 4) Provided Canadian Eyes Only (CEO) information protection in the exercise.

Il y a un résumé en français ici.

Keywords
SAMSON;CONOPS;data centric;Secure Access Management;PBAC;ABAC;SAMPOC
Report Number
DRDC-RDDC-2016-R158 — Scientific Report
Date of publication
01 Jul 2016
Number of Pages
54
DSTKIM No
CA043389
CANDIS No
804697
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: