DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

More documents

Recommendations

Info

negotiation. These strategies specify whatshould be negotiated given a negotiationpolicy. The negotiation protocol negotiatesattributes in order to activate a permissionrule. That is, we suppose that the accesscontrol policies contain only permissions. Weproposed an algorithm [5] to rewrite policiescontaining prohibitions and permissions into anequivalent set of policies containing onlypermissions. Finally, a prototype wasdevelopped in order to implement and test theXeNA framework.Future WorkWe are aiming to specify the alternatives thatare used at the level of the exceptiontreatment module. Many possibilities may bestudied such as defining classes of similaritybetween the resources. In case the accessedresource cannot be revealed, a possiblealternative may be to propose a resourcebelonging to the accessed resource's classe ofsimilarity. Furthermore, we need to specify themetrics that are used in order to choosebetween different negotiation's strategies.Finally, these improvements must be takeninto account at the level of the proposedprototype.References[1] T. Yu, M. Winslett, and K. E. Seamons.Supporting structured credentials and sensitivepolicies through interoperable strategies forautomated trust negotiation. ACM Transactionson Information and System Security (TISSEC),6(1):1–42, February 2003.[2] D. Abi Haidar, F. Cuppens, N. Cuppens-Boulahia, H. Debar. An Extended RBAC Profileof XACML. ACM Workshop on Secure WebServices (SWS), in conjunction with the 13thACM Conference on Computer andCommunications Security (CCS-13), Fairfax VA,USA, November 2006.[3] D. Abi Haidar, F. Cuppens, N. Cuppens-Boulahia, H. Debar. Access Negotiation withinXACML Architecture. Second Joint Conferenceon Security in Networks Architectures andSecurity of Information Systems (SARSSI),Annecy, France, June 2007.[4] D. Abi Haidar, F. Cuppens, N. Cuppens-Boulahia, H. Debar. Resource ClassificationBased Negotiation in Web Services. ThirdInternational Symposium on InformationAssurance and Security, 2007 (IAS 2007),Manchester, UK, August 2007.[5] N. Cuppens-Boulahia, F. Cuppens, D. AbiHaidar, H. Debar. Negotiation of Prohibition:An approach Based on Policy Rewriting. Inproceedings of the IFIP InternationalInformation Security Conference SEC'08, Milan,Italy, September 2008.50 Extract of Pracom’s Annual Report 2008
Security of NGN servicesResearch Staff : Ahmed Bouabdallah, Frédéric Cuppens, Nora Cuppens – Ph.D. Student: Nabil AjamKeywords : location-based service, location privacy, Parlay gateway, web serviceApplications : B2B application, NGN platform, Service composition policy, parlay gatewaysPartners & Funding : partially funded by FNADTcommands into particular signalling protocolsIntroductiondepending on the specificity of networks.Next Generation Network (NGN) constitutesthe convergence between telecommunicationand IT infrastructures, which is a looselycoupled layered architecture. The keyevolution is the service creation in thosenetworks where now third parties manage iteither by operators.This approach drastically differs from the oneused in traditional circuit networks where thevertical integration induces a centralization ofthe computational resource, of the servicecreation process and of the underlyingbusiness model.Service providers can now access corenetwork capabilities through open andstandardized interfaces, the parlay gatewaybased on APIs or through the parlay Xgateway based on web services.On the other hand, location service is one ofthe most important capabilities provided byoperator cellular networks. We studied thearchitecture and the added nodes that allowaccuracy up to 5 meters in indoor and outdoorareas. It is expected that locations basedservices will be the killer application in NGN.Location information is a sensitive informationthat can imperil user integrity. We areinterested on one security issue of thoseservices delivered through Parlay X gateway,which is the privacy of end users.To secure service creation in NGN, we have tointroduce some strict constraints on the accessof third parties on operator networks throughparlay gateways. In this way, privacy issue isinvestigated in service creation.This work is part of a Ph.D, funded by theFNADT project “Platform of securitysupervision and application to web service”,dedicated to securing service creation forParlay and Parlay X which began in March2006.RealizationWe studied Parlay gateways. Parlay and ParlayX gateways play two essential roles: (1)protect operator networks from maliciousmanipulation of networks, and (2) map serviceThe location-based services are presented asthe future killer application [1]. Thisapplication uses a sensitive personal data sothat protecting privacy of subscribers isrequired. To secure this application, we firststudied the network architectures that provideusers positioning. We then specify securityproperties and personal data to enforcesecurity. We suggested to use pseudonymitywhen location based services are used throughParlay X gateway. So, we proposed to add anew "Privacy web service" to Parlay X gatewayto act as a proxy between third parties andend user that ensures the use of pseudonymsof subscribers [2].We are currently investigating how to improveprivacy web service to permit end userconfigure their privacy policy and how it canact as a complete retailer of location service.Future workWe planned in future work to formally describeend user privacy and privacy providers. Weintend to prove formally that end user privacyis ensured in services provided through ParlayX gateway. We tend to model privacy policyusing the Orbac model.We also investigate the security requirementsof composition. No standards and consensusexist. Many researchers suggest includingsecurity aspects in semantics for compositions.We aim to prove that a composed serviceobeys the security policies of each composedservice. The service creation throughcomposition is a new research field wheresecurity is not addressed. The expression of aglobal privacy policy of composed services canbe addressed in future works.References[1] 3 rd Generation Partnership Project,"Technical Report: Enhanced support for UserPrivacy in Location Service," 2002.[2] Nabil Ajam, "Privacy based access to ParlayX locations based services", ICNS, Guadeloupe,2008.Pracom’s Annual Report 2008 51
Page 2 and 3:
Présentation générale...........
Page 4 and 5:
Activités d’enseignementLe dépa
Page 6 and 7:
Activités de rechercheLe départem
Page 8 and 9:
Notre implication dans les organism
Page 10 and 11:
le cadre du projet NextTV4all où l
Page 12 and 13:
cloisonnement par domaine tels qu
Page 14 and 15:
- le GIS ITS (Intelligent Transport
Page 16 and 17:
Twente aux Pays Bas, Université de
Page 18 and 19:
Liste des doctorants présents en 2
Page 20 and 21:
Annexe 2 : liste des publicationsAr
Page 22 and 23:
COMA-BREBEL Céline, CUPPENS Nora,
Page 24 and 25:
PHAN LE Cam Tu, CUPPENS Frédéric,
Page 26 and 27: Annexe 3 : description détaillée
Page 28 and 29: Access Control ....................
Page 30 and 31: schemes specifically suitable for l
Page 32 and 33: An easy-to-use solution for IPv6 co
Page 34 and 35: Loss Synchronization and Router Buf
Page 36 and 37: Sensor NetworksRandom Walk Techniqu
Page 38 and 39: Suppressing Neighbor Discovery in W
Page 40 and 41: Media and NetworksIP-based transmis
Page 42 and 43: One of the most difficult aspects o
Page 44 and 45: Another direction is the associatio
Page 46 and 47: classes. In our simple study case,
Page 48 and 49: Management of Multiple Access Netwo
Page 50 and 51: Adaptation of Multimedia Flows in a
Page 52 and 53: Optimized mobility management in he
Page 54 and 55: ecause it offers a generic framewor
Page 56 and 57: Future workOur next step is to fina
Page 58 and 59: Security Analysis and ValidationAna
Page 60 and 61: RealizationFigure 1 shows a classif
Page 62 and 63: Policy AdministrationResearch Staff
Page 64 and 65: execution in a distributed manner.
Page 66 and 67: Intrusion DetectionDetection and co
Page 68 and 69: eported alerts have to be managed b
Page 70 and 71: inside the corresponding detection
Page 72 and 73: function has a limitation that it d
Page 74 and 75: 1) Normal Node behavior simulation:
Page 78 and 79: A Fast Adaptative Secure Technology
Page 80 and 81: estricted to the organization to wh
Page 82 and 83: ights and external identities, and
Page 84 and 85: Peer 2 peerP2PIm@gesResearch Staff
Page 86 and 87: Managing a Peer-to-Peer Storage Sys
Page 88 and 89: Applications of networks to transpo
Page 90 and 91: Adaptive Application Support in Mob
Page 92 and 93: Wireless Mesh NetworksResearch Staf
Page 94 and 95: TestbedsA showroom for practical IP
Page 96 and 97: egistrar and proxies, video streami
show all

DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

Create successful ePaper yourself

Delete template?

Save as template?