DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

More documents

Recommendations

Info

RealizationFigure 1 shows a classification we havedefined in Polux of the various requirements asecurity policy may contain. We are currentlydefining an integrated formalism to specifythese different requirements in a uniqueframework.A new version of MotOrBAC has been writtenin pure java and relies on the OrBAC java API.The OrBAC java API uses the Jena library torepresent the OrBAC policy through an RDFgraph and uses the Jena inference engine. TheOrBAC java API has been created to allowdeveloppers to integrate the OrBAC securitymodel into their applications.Our work on MotOrBAC also focuses on theproblem of policy deployment. Actually we areworking on policy translation mechanisms tointegrate into MotOrBAC the possibility totranslate parts of a concrete policy inferedfrom an abstract OrBAC policy into variouslanguages used to configure security softwares(iptables for instance).Figure 1: Security policy structureThe approach suggested in the POLUX projectis to define this framework as an extension ofthe OrBAC model [1]. For a system to bedeveloped, OrBAC describes the permissions orprohibitions for people to any of the resourcesof the system (it may apply to configure afirewall as well as to define who can access agiven service or database). These rules specifypermissions or prohibitions that apply only tospecific circumstances, called contexts [2].OrBAC also provides means to specify thedifferent security policies applicable to thevarious parts of an organization (suborganizations).At the end of this specificationprocess, the security policy specifies whatshould be permitted or prohibitied in thesystem, in function of contexts, roles, activitiesand views.An administration model for the OrBAC model,called AdOrBAC [3] has also been defined anda support tool called MotOrBAC has beenimplemented and is available as an opensource software. MotOrBAC [4] is an opensource tool which can be used to write securitypolicies expressed using the OrBAC model. Itprovides functionalities to edit a policy, todetect and solve the potential policy conflictsand to simulate the policy.ConclusionWe plan to further develop the OrBAC model,especially to specify information flowrequirements, usage control requirements andreaction requirements. The MotOrBAC tool kitwill be extended to support the specification ofthese different requirements.References[1] A. Abou El Kalam, R. El Baida, P. Balbiani,S. Benferhat, F. Cuppens, Y. Deswarte, A.Miège, C. Saurel and G. Trouessin.Organization Based Access Control. IEEE 4thInternational Workshop on Policies forDistributed Systems and Networks (Policy2003), Lake Come, Italy, June 2003.[2] F. Cuppens and A. Miège. Modelingcontexts in the Or-BAC model . 19th AnnualComputer Security Applications Conference,Las Vegas, December 2003.[3] F. Cuppens et A. Miège. AdministrationModel for Or-BAC. International Journal ofComputer Systems Science and Engineering(CSSE), 19(4), Mai 2004.[4] F. Cuppens, N. Cuppens-Boulahia et C.Coma. MotOrBAC : un outil d’administration etde simulation de politiques de sécurité. SAR-SSI. Seignosse, France, Juin 2006.34 Extract of Pracom’s Annual Report 2008
Security Testing: criteria, fault models and test generationResearch Staff : Yves Le Traon – Ph.D. Students : Tejeddine MouelhiKeywords : Security testing, security flaws, mutation analysis, test generation, security policyApplications : Information System SecurityPartners & Funding : : Tejeddine Mouelhi’s PhD thesis is co-advised with Benoit Baudry (INRIA-Rennes Bretagne Atlantique)IntroductionWhile important efforts are dedicated tosystem functional testing, very few worksstudy how to test specifically securitymechanisms implementing a security policy. Inthis thesis, we study how to adapt testingtechniques to test such security mechanisms.The testing techniques that have proven theireffectiveness in the field of functional testingare adapted in order to be applied to testsecurity mechanisms.RealizationWe applied mutation analysis to the context oftesting security policies [1]. The objective is tomake test cases efficient enough to revealerroneous implementations of a security policy.We adapted mutation analysis – which consistsof seeding security faults in the system –andproposed a fault model specific to accesscontrol security policies.Any security policy is strongly connected tosystem functionality: testing functions includesexercising many security mechanisms.However, testing functionality does not intendat putting to the test security aspects. Weproposed thus two strategies for producingsecurity policy test cases [2], depending if theyare built in complement of existing functionaltest cases or independently from them. Wealso proposed test selection criteria to producetests from a security policy. To quantify theeffectiveness of a set of test cases to detectsecurity policy flaws, we used mutationanalysis on three empirical studies. The overallapproach has been applied to OrBAC accesscontrol policies using the associated Motorbactool (http://www.orbac.org/).In collaboration with Alexander Pretschner,during its sabbatical at TELECOM Bretagne, webegan to study the test generation issue byproposing a new model-based approach thatuses combinatorial testing [3]. Test cases aregenerated using pair-wise testing and wecompare them to several random testgeneration. Mixed-feeling results show that wemust still study this problem.In the same collaboration, we also studied howto use security tests to detect hidden securitymechanisms in legacy systems [4]. In fact, ifaccess control policy decision points are notneatly separated from the business logic of asystem, the evolution of a security policy likelyleads to the necessity of changing the system’scode base. This is often the case with legacysystems. We analyzed the notion of flexibilitywhich is related to the presence of hidden andimplicit security mechanisms in the businesslogic. This first work suggested the use of atest-driven methodology to detect such hiddenmechanisms, and drive the incrementalevolution of a security policy.ConclusionAs a future work, we will focus on using metamodelsto offer a complete framework toproduce, in a generic way, a tool for mutationanalysis of interoperable security policies (firstresults in [5]). We will also study and proposenew approaches to automatically generatesecurity tests targeting the implementation ofsecurity policies.References[1] Mouelhi Tejeddine, Le Traon Yves, BaudryBenoit: Mutation analysis for security testsqualification. Mutation'07, third workshop onmutation analysist, September 10-11, CumberlandLodge, Windsor, UK, 2007.[2] Le Traon Yves, Mouelhi Tejeddine, BaudryBenoit: Testing security policies : going beyondfunctional testing. ISSRE'07: The 18th IEEEInternational Symposium on Software ReliabilityEngineering, November 5-9, Trollhätan, Sweden,2007.[3] Mouelhi Tejeddine, Le Traon Yves, PretschnerAlexander: Model-Based Tests for Access ControlPolicies. ICST 2008 : First IEEE InternationalConference on Software, Testing, Verification andValidation, April 9-11, Lillehammer, Norway, 2008.[4] Mouelhi Tejeddine, Le Traon Yves, PretschnerAlexander, Baudry Benoit: Test-Driven Assessmentof Access Control in Legacy Applications. ICST2008 : First IEEE International Conference onSoftware, Testing, Verification and Validation(ICST), April 9-11, Lillehammer, Norway, 2008.[5] Mouelhi Tejeddine, Fleurey Franck, BaudryBenoit: A Generic Metamodel For Security PoliciesMutation, SecTest 08: 1st International ICSTworkshop on Security Testing, April 9, Lillehammer,Norway, 2008.Rapport d’activités Pracom 2005-2006 - Department of Networks Security Multimedia - page n°35
Page 2 and 3:
Présentation générale...........
Page 4 and 5:
Activités d’enseignementLe dépa
Page 6 and 7:
Activités de rechercheLe départem
Page 8 and 9:
Notre implication dans les organism
Page 10 and 11: le cadre du projet NextTV4all où l
Page 12 and 13: cloisonnement par domaine tels qu
Page 14 and 15: - le GIS ITS (Intelligent Transport
Page 16 and 17: Twente aux Pays Bas, Université de
Page 18 and 19: Liste des doctorants présents en 2
Page 20 and 21: Annexe 2 : liste des publicationsAr
Page 22 and 23: COMA-BREBEL Céline, CUPPENS Nora,
Page 24 and 25: PHAN LE Cam Tu, CUPPENS Frédéric,
Page 26 and 27: Annexe 3 : description détaillée
Page 28 and 29: Access Control ....................
Page 30 and 31: schemes specifically suitable for l
Page 32 and 33: An easy-to-use solution for IPv6 co
Page 34 and 35: Loss Synchronization and Router Buf
Page 36 and 37: Sensor NetworksRandom Walk Techniqu
Page 38 and 39: Suppressing Neighbor Discovery in W
Page 40 and 41: Media and NetworksIP-based transmis
Page 42 and 43: One of the most difficult aspects o
Page 44 and 45: Another direction is the associatio
Page 46 and 47: classes. In our simple study case,
Page 48 and 49: Management of Multiple Access Netwo
Page 50 and 51: Adaptation of Multimedia Flows in a
Page 52 and 53: Optimized mobility management in he
Page 54 and 55: ecause it offers a generic framewor
Page 56 and 57: Future workOur next step is to fina
Page 58 and 59: Security Analysis and ValidationAna
Page 62 and 63: Policy AdministrationResearch Staff
Page 64 and 65: execution in a distributed manner.
Page 66 and 67: Intrusion DetectionDetection and co
Page 68 and 69: eported alerts have to be managed b
Page 70 and 71: inside the corresponding detection
Page 72 and 73: function has a limitation that it d
Page 74 and 75: 1) Normal Node behavior simulation:
Page 76 and 77: negotiation. These strategies speci
Page 78 and 79: A Fast Adaptative Secure Technology
Page 80 and 81: estricted to the organization to wh
Page 82 and 83: ights and external identities, and
Page 84 and 85: Peer 2 peerP2PIm@gesResearch Staff
Page 86 and 87: Managing a Peer-to-Peer Storage Sys
Page 88 and 89: Applications of networks to transpo
Page 90 and 91: Adaptive Application Support in Mob
Page 92 and 93: Wireless Mesh NetworksResearch Staf
Page 94 and 95: TestbedsA showroom for practical IP
Page 96 and 97: egistrar and proxies, video streami
show all

DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

Create successful ePaper yourself

Delete template?

Save as template?