Make your Systems Work Together

Using HLA Object Models for the Analysis of Cross Domain Security Policies

ABSTRACT: Across defence, training equipment, data and scenarios are likely to have different classification levels. Thus it is sometimes necessary for training to be carried out using a federation of participating systems
running at different classification levels, but without compromising security rules. This is usually done using guards and filters to limit the data that may be released from the higher security domain to the lower security
domain. In some cases, limiting the data may negatively impact the training and make it impossible to meet all the training goals. When following the process from design to security accreditation it is crucial to understand
how to meet security requirements while also understanding the impact this will have on the training.


This paper suggests an approach based on a description of the data exchange using the object models of the High Level Architecture. One type of object model is the Federation Object Model (FOM). It specifies the type and format of any data exchanged in the federation. This includes descriptions of objects (such as aircraft, soldiers and weapons) and interactions (such as orders, fire and detonation). Another type of object model is the Simulation Object Model (SOM). This is used to describe which objects and interactions are published (produced) and subscribed (consumed) by any one simulation system. The proposed method uses the SOMs to analyse the data flow within and between the different security domains.


It allows the user to suggest different security policies. It then provides an automatic analysis that can be used to analyse the effect from both training and security perspective. This analysis can be performed for standard
FOMs, like RPR FOM and NATO NETN FOM as well as extensions of these and project specific FOMs.


The proposed method can be used as a basis for a dialog between accreditors and developers of training federations. This can help to avoid security issues, to understand the impact of training goals and also to detect any technical issues that may be introduced by the presence of a guard.

Authors: Björn Möller, Stella Croom-Johnson, Åsa Falkenjack, Kester Hughes
Publication: Proceedings of 2015 Fall Simulation Interoperability Workshop, 15F-SIW-038, Simulation Interoperability Standards Organization, September 2015.

Download the full paper (pdf)