free website builder

Technical Papers

NOTE: Each document been created in Adobe Acrobat 8.0, and is best viewed using Acrobat Reader 8.0 or later. If you do not have Acrobat 8.0, you can download a free copy from the Adobe Web site: http://www.adobe.com/products/acrobat/readermain.html


Secure Data Service (SDS)
Operational Concept 

This document outlines an operating concept for the implementation, operation and maintenance of an
Information Sharing and Safeguarding (ISS) solution that can be securely deployed to multiple data and
security domains and operating environments (e.g., on-Premises, Deployed Platform, Cloud and Hybrid).
The solution delivers Data-as-a-Service (DaaS), including: 

1. Data Centric Security;
2. Policy-Driven Data-Centric services for:             
     a. Data Processing (parsing, transformation and marshalling) of          received messages;         
     b. Selective provision of data and information elements in          accordance with the recipients’ needs and authorisations, e.g.:     
             i. Packaging (aggregation, transformation, labelling and                       redaction) of data for release;    
            ii. Formatting and routing of information based on each                 recipient’s information sharing agreement;

     c. Automated labelling of data and information elements, and                  messages; and     
     d. Runtime administration of solution configurations and policies;          and
3. Integration interfaces for:
     a. The users own security services;
     b. The users own cryptographic services;
     c. The users own system, information and security management          services; and
     d. The users own trusted logging system.

The solution is defined and implemented to enable users to securely deploy sensitive information to mission environments or to exploit the cloud (e.g., IaaS, and PaaS).

This document is written from the perspective of military usage or deployment. There is nothing inherently military in the Secure Data Service (SDS) architecture, design or implementation that precludes
its use in any public or private sector solution. The SDS represents an alternate configuration of services defined in an open international specification issued by the Object Management Group’s (OMG) Information Exchange Framework Reference Architecture (IEF-RA; Reference H) and their alignment to conventional Cyber Security approaches and services.

Secure Data Service (SDS) Operational Concept Document 


Data Centric Security
For  System to System 
Information Sharing and Safeguarding
Policy Development

Many modern information management capabilities (/information system) capture, process, analyse, present and share information and intelligence in ways that never involve humans. As organizations
migrate to Software-as-a-Services (SaaS), or Commercial-off-the-Shelf (COTS) solutions, the little knowledge about their data and information, and how it is shared and safeguarded is being further
eroded. Data breaches are becoming more, not less common. New more innovative solutions are needed for organizations to better use, share and safeguard their information and enable decision-makers to trust the information and/or intelligence they are relying on
to make strategic, operational and tactical decisions.

This document is written from the perspective of military usage or deployment. However, there is nothing inherently military in the Object Management Group’s Information Exchange Framework Reference Architecture (Reference A), or any potential design or implementation. All of the concepts can be easily extended to any public or private sector solution. The modelling concepts underpinning the Object Management Group’s Information Exchange Packaging Policy Vocabulary (IEPPV) and how they may be
applied to sharing and safeguarding can be applied on many information domains using a variety of data and information management technologies.

The IEPPV is focussed on the sharing of information between systems, applications and devices that
produce data and information elements in real-time and at machine speeds, that contain sensitive (e.g.,
private, confidential, legally-significant or classified), including but not limited to:

     • Information of Things (IOT) devices;
     • Environmental sensors;
     • Situational, operational, or cyber awareness applications;
     • Operational, business or national intelligence systems;
     • Case management systems;
     • Data lakes;
     • Analytic systems;
     • Personnel or Human Resources systems;
     • Government program support or delivery systems; and
     • Banking and financial systems.

The key concept for the IEPPV was the separation of ISS policy from the software (e.g., APIs) that
adjudicates and enforces it. This single concept provides organizations with the ability to, for example:

1. Develop and retain institutional memory;
2. Review and audit the development and deployment of ISS policies;
3. Enable the continuous and rapid development, testing and deployment of ISS capability;
4. Define, implement and deliver secure Data-as-a-Service (sDaaS) where data is captured once and
used for many purposes; and
5. Enhance the auditability of data and information environments.

Data Centric Security For System to System
Information Sharing and Safeguarding
Policy Development




Common Object Interoperability Layer (COIL)

COIL is an ASMG developed toolkit for the implementation of a policy (architecture /rules / metadata) driven information interoperability with integrated information protection (filters, guards and tag/label processing). COIL delivers the core capabilities described by the Object Management Group' (OMG) Shared Operational Picture Exchange Services (SOPES) and Information Exchange Framework (IEF) initiative. COIL generalizes and implements the SOPES/IEF concepts in a manner that enables controlled release-ability of semantically complete data between commercial, public, military and security application environments. COIL provides a programmable, distributable policy enforcement service that enforces agency specified release specifications using community defined semantics and reusable data patterns. COIL's use of standard UML Class diagrams, and a modeling profile integrated into the OMG SOPES IEDM and UPDM 2.0 standard. COIL features include the ability to:

• To aggregate structured data to form community defined semantics;
• To de-aggregate data sets into structured sub-elements;
• To integrate or marshal data elements into community defined data patterns (semantics);
• To filter data based on domain values (e.g., category codes, tags, labels, ranges, other);
• To guard data based on information patterns, simple or complex, including multiple domain values and filters;
• To manage the release of information (semantics) based on their association to:     
                          • Information exchange Requirements (IER),
                          • Information Exchange Agreements (IEA),
                          • Service Level Agreements (SLA), or
                          • Communities of Interest (CoI);

• To marshal data to service an application program interface (API) that connects to user selected data store technologies;

• To marshal data to service an application program interface (API) that channels data to user selected distribution technologies and protocols;

• To trigger the aggregation and release of information, with or without user intervention, providing event triggered global update of information to each participant to an IER, IEA, SLA and/or CoI.

   • Common Object Interoperability Layer and OMG SOPES     
   • Common Object Interoperability Layer Overview
   • Common Object Interoperability Layer Policy Models Overview
   • Common Object Interoperability Layer Policy Lifecycle
   • SOPES IEDM Overview
   • Modeling Communities of Interests/Practice (New - Sept 2010)    • Modeling Information Semantics
   • Modeling reusable Data Patterns (Transactionals)
   • Modeling a Data Transformations
   • Integrating COIL into Middleware Solutions
   • Integrating COIL into a User application
   • COIL as a Data Service
   • COIL Application Program Interface (API)
   • COIL/SOPES Interoperability Demonstration Presentation
   • COIL Open Source Community being developed




Information Assurance



Information Protection is practice of managing risks related to the use, processing, storage, release and transmission of information or data and the systems and processes used for those purposes. ASMG focuses practices and tools focus on the enforcement of policies related to preparation of datasets (business Objects) and controlled release of information. ASMG focuses on architecture drive strategies, practices and tools that yield the data needed to support security assessment, certification and accreditation of information interoperability solutions.

    • 2007 OMG Presentation on Tag and Label Processing
    • Modeling a Static Security Filter as a COIL Policy
    • Modeling a Dynamic Security as a COIL Policy
    • Modeling a Semantic Guard Filter as a COIL Policy
    • Modeling Information Protection into Contracts

Architecture Driven Modernization

Architecture driven modernization as a process of using architecture as the foundation for evolving existing software assets for the purpose of:

  • Software improvement;
  • Modifications;
  • Interoperability;
  • Refactoring;
  • Restructuring;
  • Reuse;
  • Porting;
  • Translation into another language;
  • Enterprise application integration;
  • Service-oriented architecture; and
  • Migration (via Model Driven Architecture (MDA))

Architecture Driven Modernization starts where existing practices fail to deliver against business objectives. ADM enables:

  • The capture and retention of institutional knowledge
  • Increasing the fidelity of modernization plans (cost and schedule)

ADM offerings are described in:

  • ASMG and TSRI Team to Address Information System Modernization
  • Architecture Driven Information System Modernization

Shared Operational Picture Exchange Services (SOPES)

ASMG has been actively involved in in the development of the SOPES IEDM Specification; scheduled for Adoption by the OMG in the Fall or 2010). The specification is currently subject to the final votes of the Domain Technology Committee.

THE SOPES IEDM is The SOPES IEDM specification formalizes a platform independent set of data patterns for the construction, parsing and processing of JC3IEDM semantics for situational awareness and collaborative planning. The data patterns apply directly to a set of transactions for the MIP Joint Consultation, Command and Control Information Exchange Data Model (JC3IEDM: version 3.1 c ratified December 2007). The specification provides this set of data patterns as building blocks for the exchange of information that is applicable to a wide range of operational communities, including:

First Responders (e.g., Police, Fire Department and Emergency Medical Personnel);

Government Agencies (Federal, Provincial/State, and Municipal);
Non-Governmental Organizations (NGOs);
Other Government Department (OGD);
Private Volunteer Organizations (PVOs);
Para-military and security agencies; and
Military (Joint, land, maritime, air, space and coalition).

The SOPES IEDM Specification was adopted as a formal Specification by the OMG at the September 2010 Technical Meeting. The Version 1 Document us undergoing final formatting and will be available shortly. However, there are no technical changes from the Beta 2 standard posted below and at the OMG site at: http://www.omg.org/spec/SOPES/1.0/.

Additional information on the SOPES effort can be found in the following documents:

SOPES Overview Presentation
SOPES IEDM Specification V1.0

From the Directors of ASMG, special thanks to ASMG personnel who actively supported the development and testing of the SOPES IEDM V1.0: Simon Brameld, Michael Wiwchar.

2008 OMG Presentation on SOPES
September 2008 SOPES Status Report
SOPES Overview June 09
2010 OMG Presentation SOPES Overview
2010 SOPES Modeling Profile Overview (Annex A)
SOPES IEDM V1 Main Body (PDF)
SOPES IEDM V1 Enterprise Architect File (ZIP)
SOPES IEDM V1 Annexes (ZIP)
SOPES Profile integrated into UPDM
SOPES Profile Demonstration using the LC2IEDM

Information Exchange Framework (IEF)

The primary objective of Information Exchange Framework (IEF) is to provide a policy and architecture driven approach to delivering flexible and adaptive information sharing and safeguarding. The goal of the standards efforts is to separate the policies, rules and constraints from the systems and applications used to enforce them. In doing so, the IEF standards will provide the opportunity update policies, rules and constraints during operations without the requirement for software upgrades. The IEF Approach enables: interactive development and injection of policies, rules and constraints during operations; and the adjustment of policies, rules and constraints in accordance with prescribed operating procedures that change in accordance to operational context.

The IEF approach will provide the ability for government, military and private sector organizations to specify the policies, rules and constraint governing both information sharing and safeguarding tied aligned to their information, technical and network architectures. This alignment will be accomplished by integrating the IEF vocabularies and profile within the UML Profile for DoDAF and MODAF.

Increasingly, public, private and military organizations are required collaborate in the delivery of operational outcomes. This imposes a broad set of requirements for organizations to dynamically expose their information to selected partners, while providing adequate protections for sensitive, private, confidential or legally significant information. For this to occur, agencies will require processes and tool that accurately describe the rules of information exchange in a manner that enable the resulting systems to be certified and accredited for use.

The IEF Information Exchange Policy Vocabulary (IEPV) RFP seeking to provide a policy (specification) Vocabulary for the definition the rules governing the aggregation, tagging and labeling, protection, release and exchange of information between parties to a information sharing agreement. The intent is to define an open policy Vocabulary that can be implemented in multiple policy languages (e.g., XACML, SAML and Ponder) or modeling and architecture languages (e.g., UML and UPDM). These languages can be ingested (or transformed into a form that can be ingested), executed and enforced by software applications and services.

The Information Exchange Policy-based Packaging Service (IEPPS) is first in a series of services that comply to this separation of policy from the enforcement application. It seeks to specify a policy (or architecture) based service that applies executable policies, rules and constraints to the aggregation of data elements with the appropriate filters, tagging, and transformations that enables the selective sharing of semantically complete information between collaborating organizations. This service will enable increased fidelity in an organization's ability enforce security and privacy policy; applying the appropriate redaction (tear-lines) to assure that the recipient only receives the information they are authorized to receive.

The operational need for information is subject to change based on operational context: Escalation of the event; Combination of multiple events; Location; Combination of partner agencies; or changes in threat-levels. This requires the ability for operators to modify information exchange policies during the course of and operation while assuring that information security, protection and privacy policies continue to be enforced. The Information Exchange Policy Management Service will provide operators/users with this capability.

More on these topics will be provided in the coming months.

picture


Resourcing, scheduling and configuration of these efforts will be discussed at the OMG Technical Meeting in Reston VA - 18-22 March 2013

Submission of the IE Packaging Policy Vocabulary (IEPPV) has been submitted for consideration of the Architecture Board at the March 2013 Technical Meeting in Reston VA.

Information Exchange Policy Vocabulary (IEPV) RFP(Mar 2011)

ASMG's IEPV Initial Submission (February 2012)

From the Directors of ASMG, special thanks to ASMG personnel who actively supported the development and testing of the SOPES IEDM V1.0: Simon Brameld, Michael Wiwchar.

Information Exchange Policy-based Packaging Service RFP(IEPPS) (Dec 2011)

IEF discussion model (initial Draft)

IEF Overview September 2010

IEF Presentation IEPPV Final Submission

Information Sharing and Safeguarding Lightning Talk at WIS3

IEF Presentation at WIS3

IEF-IEPPV Tutorial

Information Exchange Packaging Policy Vocabulary (IEPPV) Beta 2 (formal 2014-09-37)

Policy Driven Approach to ISS for Structured Messaging

Example Policy Model for Structured Messaging (IEPPV Example)

DC Information Session Presentation 1 (Mike Abramson)

DC Information Session Presentation 1 (Dr. Daniel Charlebois DRDC/CSS)

IEF Reference Architecture (Initial Draft)

Comments from the community are welcome. Send comment to (abramson@asmg-ltd.com)

NIEM, ISE and OMG

One of the outcomes from a NIEM-PMO/PM-ISE/OMG workshop held in Washington on 18th October 2010 and held in Washington DC, was an action to engage with this broad NIEM community of practice and open standards groups to exchange ideas pertaining to operational/business/technical needs and capabilities. The stated goal included:

1. The identification specific areas for ISE and NIEM enabling standards for tools supporting:

a. Information Exchange Package Documentation (IEPD)
- NIEM Profile for UML;
b. Business Scenario development;
c. NIEM and ISE Eco-system; and
d. Applications for Model Driven Architecture.

2. Inform the NIEM/ISE community about applicable standards and standards related activities that are being undertaken by the OMG membership:

a. UML Profile for DODAF and MODAF;
b. Information Exchange Framework (IEF);

- Information Exchange Police Vocabulary (IEPV)
- Information Exchange Policy Enforcement Service (IEPES)

c. Model Drive Architecture; and
d. IEPD Standardization (@ OASIS).

3. The identification of gaps and priorities for standards development.

4. The identification of opportunities for standardization and commercial products.

The next session was held on March 24th 2011 as part of the quarterly OMG Technical Committee meeting. The meeting resulting the release of an RFP to develop the NIEM Profile for UML in June of 2011.

The next workshops are schedules for December 5th 2011in Washington DC and the OMC TCM on December 12th to 16th 2011 in Santa Clara CA.

Additional Background Information:
• NIEM Homepage
• Information Sharing Environment Homepage
• Workshop 1 Out brief
• Workshop 2 information

Unified Profile for DODAF and MODAF (UPDM)

ASMG is a proud member of the Object Management Group (OMG) UPDM initiative to develop a modeling standard that supports both the USA Department of Defense Architecture Framework (DoDAF) and the UK Ministry of Defence Architecture Framework (MODAF). The modeling standard is called the Unified Profile for DoDAF and MODAF (UPDM). The UPDM Group was setup to:

• Significantly enhance the quality, productivity, and effectiveness associated with enterprise and system of systems architecture modeling

• Promote architecture model reuse and maintainability
• Improve tool interoperability and communications between stakeholders
• Reduce training impacts due to different tool implementations and semantics
• Improve the integration between system of systems modeling and system modeling to support post acquisition life cycle design modeling

The UPDM Group consists of many companies distributed around the world. You can see a list of these companies in the member section on this web site.

TOGAF-DODAF-UPDM Mapping
Department of Defence Architecture Framework (DODAF)
Ministry of Defence Architecture Framework (MODAF)
NATO Architecture Framework (NAF)
Public Security Architecture Framework (PSAF)
Department of National Defence Architecture Framework (DNDAF)
Unified Profile for DODAF and MODAF (UPDM)
UPDM Group
International Defence Enterprise Architecture Specification Group (IDEAS)
Common Object Interoperability Layer and UPDM (Coming soon)



Emergency Management System Interoperability Framework (EMSIF)

The Emergency Management System Interoperability Framework (EMSIF) was a PSTP project Sponsored by Public Safety Canada, funded under a PSTP contract by Defence Research by Development Canada (DRDC) Centre for Security Sciences (CSS) and executed and delivered by ASMG Ltd. Other participating agencies included DND, TBS, CSEC, DRDC Atlantic, DRDC Ottawa, RCMP, et al

EMSIF Poster March 2010
EMSIF Vision (DRAFT - for community comment)
EMSIF Overview(DRAFT - for community comment)
EMSIF Overview Presentation

Posters / Brochures

EMSIF Poster March 2010

Products and Services

Common Object Interoperability Layer (COIL) Toolkit
COIL Demo Video
Other Services

General Information

• 2010 OMG C4I Roadmap

OMG GRID

Regulatory Compliance and Policy Management Programs are no longer the sole province of finance and legal communities. Reporting for compliance has assures that quality information is now the life blood of the modern enterprise. The constant expansion of regulations to assure the quality of financial reports and the strict management of access to personal and confidential data is a huge challenge in both the public and private domains. These regulation are challenging even the most effective data and information management programs.

The Information Management (IM) and Information Technology (IT) departments have been forced to assume a central role in this new environment. While the General Counsel and CFO still govern the practice, IM/IT are responsible for the gathering, integrating and reporting to an increasingly stringent set of requirements. As more organizations adopt a risk-based approach to management, issues related to compliance and the ramifications of failure become central management concerns. The Global Regulatory Information Database (GRIDTM) is an open database of rules, regulations, standards, and government guidance documents that require IT action, and a survey of the regulatory climate around the world.

• 2010 OMG GRID Overview
• 2010 OMG GRID Presentation

AFFILIATIONS

alternatetext


ASMG is proud to be a member of the OMG, and actively participates in setting trusted information exchange approaches and standards by participating in the work of various committees and working groups. The Object Management Group (OMG) is an international, open membership, not-for-profit computer industry standards consortium. OMG member companies write, adopt, and maintain its standards following a mature, open process. OMG's standards implement the Model Driven Architecture™ (MDA™), maximizing ROI through a full-lifecycle approach to enterprise integration that covers multiple operating systems, programming languages, middleware and networking infrastructures, and software development environments. OMG's standards include: UML™ (Unified Modeling Language™ ); CORBA® (Common Object Request Broker Architecture); CWM™ (Common Warehouse Metamodel); and industry-specific standards for dozens of vertical markets. All OMG standards may be downloaded without charge at www.omg.org, which also provides additional information about OMG and its activities. For information on joining the OMG or other questions, please contact OMG by email at info@omg.org, by phone at +1-781-444 0404, or by fax at +1-781-444 0320.

ASMG Participation in OMG Task Forces:

• C4I DTF - Co-Chair
• Unified Profile for DODAF and MODAF Version 2 WG
• Emergency, Crisis, Major Event Management (ECMEM) SIG - Co-Chair
•  Information Exchange Framework (IEF) Working Group
• Finance DTF

UPDM is an Object Management Group (OMG) initiative to develop a modeling standard that supports both the USA Department of Defense Architecture Framework (DoDAF) and the UK Ministry of Defence Architecture Framework (MODAF). The modeling standard is called the Unified Profile for DoDAF and MODAF (UPDM). The UPDM Group was setup to:

• Significantly enhance the quality, productivity, and effectiveness associated with enterprise and system of systems architecture modeling
• Promote architecture model reuse and maintainability
• Improve tool interoperability and communications between stakeholders
• Reduce training impacts due to different tool implementations and semantics
• Improve the integration between system of systems modeling and system modeling to support post acquisition life cycle design modeling

The UPDM Group consists of many companies distributed around the world. You can see a list of these companies in the member section on this web site.

alternatetext

Sparx Systems provides award winning UML 2.1 powered, team-based modeling environment embraces the full product development lifecycle, with high-performance visual tools for business modeling, systems engineering, enterprise architecture, requirements management, software design, code generation, testing and much more. A full life cycle tool to integrate your team and bring your shared vision to life. . For more information visit: Sparxsystems Website

alternatetext

The Voyant Group, LLC is an international consulting company providing strategic consulting, education and hands-on mentoring assistance to Global 1000 corporations leveraging model-driven approaches throughout their enterprise. Voyant provides professional consulting, mentoring and educational services concentrating on a visionary, yet pragmatic, application of Model Driven Architecture™ (MDA) to address increasingly complete business and technology needs, including business process management and enterprise architecture. For more information visit the Voyant Group Website: http://www.thevoyantgroup.com.

AFFILIATIONS

alternatetext


The Software Revolution, Inc. (TSRI) provides automated legacy computer system modernization services to both government and industry. Our low-cost and low-risk services are derived from a highly advanced artificial intelligence-based software re-engineering toolset called JANUS Studio™. TSRI offers many services, but the four most unique are our ability to: (1) automatically transform, not just transliterate, a software application written in a 3GL legacy language into modern, platform-independent and true object-oriented target languages, such as C++, C#, Java, or J2EE; (2) re-factor the transformed code to improve that code's structure, performance and maintainability; (3) generate full UML documentation for both the "As Is" as well as "To Be" systems; and (4) transform monolithic legacy systems into a multi-tiered web-based applications. For more information visit: TSRI Website

alternatetext

Adaptive provides a web based and industry standards compliant Enterprise Knowledge Repository and related "Adaptations" to support Enterprise Architecture for large organizations and governments around the world and to address specific management challenges such as Business Process Management and IT Portfolio Management. Adaptive's technology enables organizations to understand and align critical enterprise assets and capabilities with objectives and strategies, and to reduce the time, cost and risk of adapting to continuous environmental change. For more information visit: Adaptive Website


alternatetext


Artisan® Software Tools is the world’s largest independent supplier of industrial-grade, collaborative modeling tools for complex, mission-critical systems and software. Artisan has delivered a stable, robust working environment to thousands of users across an extensive range of complex applications in demanding sectors including military, aerospace and defense, automotive, transportation, telecommunications, electronics and medical. For more information visit: Artisansoftware Website


alternatetext

ATEGO is the leading independent supplier of industrial-grade, collaborative development tools for engineering complex, mission- and safety-critical architectures, systems, software and hardware. Atego delivers a stable, robust working environment to thousands of users across an extensive range of complex applications in demanding engineering sectors such as aerospace, defense, automotive, transportation, telecommunications, electronics, and medical. Atego delivers the highly reliable, real-time embedded virtual machine solution (Aonix PERC®) for running Java™ programs deployed today and has the largest number of certified Ada applications (Aonix ObjectAda®) at the highest level of criticality. Atego’s standards-based tool suite, Artisan Studio®, provides comprehensive support for the leading industry standards, including OMG SysML, UML and Architectural Frameworks. Atego Workbench™ provides a fully integrated, collaborative engineering framework for the trouble-free deployment and maintenance of best-in-class tools for mission and safety-critical systems and software development. For more information visit: ATEGO Website








© Copyright ASMG LTD. 2022 - All Rights Reserved