negotiation. These strategies specify whatshould be negotiated given a negotiationpolicy. The negotiation protocol negotiatesattributes in order to activate a permissionrule. That is, we suppose that the accesscontrol policies contain only permissions. Weproposed an algorithm [5] to rewrite policiescontaining prohibitions and permissions into anequivalent s<strong>et</strong> of policies containing onlypermissions. Finally, a prototype wasdevelopped in order to implement and test theXeNA framework.Future WorkWe are aiming to specify the alternatives thatare used at the level of the exceptiontreatment module. Many possibilities may bestudied such as defining classes of similarityb<strong>et</strong>ween the resources. In case the accessedresource cannot be revealed, a possiblealternative may be to propose a resourcebelonging to the accessed resource's classe ofsimilarity. Furthermore, we need to specify them<strong>et</strong>rics that are used in order to chooseb<strong>et</strong>ween different negotiation's strategies.Finally, these improvements must be takeninto account at the level of the proposedprototype.References[1] T. Yu, M. Winsl<strong>et</strong>t, and K. E. Seamons.Supporting structured credentials and sensitivepolicies through interoperable strategies forautomated trust negotiation. ACM Transactionson Information and System Security (TISSEC),6(1):1–42, February 2003.[2] D. Abi Haidar, F. Cuppens, N. Cuppens-Boulahia, H. Debar. An Extended RBAC Profileof XACML. ACM Workshop on Secure WebServices (SWS), in conjunction with the 13thACM Conference on Computer andCommunications Security (CCS-13), Fairfax VA,USA, November 2006.[3] D. Abi Haidar, F. Cuppens, N. Cuppens-Boulahia, H. Debar. Access Negotiation withinXACML Architecture. Second Joint Conferenceon Security in N<strong>et</strong>works Architectures andSecurity of Information Systems (SARSSI),Annecy, France, June 2007.[4] D. Abi Haidar, F. Cuppens, N. Cuppens-Boulahia, H. Debar. Resource ClassificationBased Negotiation in Web Services. ThirdInternational Symposium on InformationAssurance and Security, 2007 (IAS 2007),Manchester, UK, August 2007.[5] N. Cuppens-Boulahia, F. Cuppens, D. AbiHaidar, H. Debar. Negotiation of Prohibition:An approach Based on Policy Rewriting. Inproceedings of the IFIP InternationalInformation Security Conference SEC'08, Milan,Italy, September <strong>2008</strong>.50 Extract of Pracom’s Annual Report <strong>2008</strong>
Security of NGN servicesResearch Staff : Ahmed Bouabdallah, Frédéric Cuppens, Nora Cuppens – Ph.D. Student: Nabil AjamKeywords : location-based service, location privacy, Parlay gateway, web serviceApplications : B2B application, NGN platform, Service composition policy, parlay gatewaysPartners & Funding : partially funded by FNADTcommands into particular signalling protocolsIntroductiondepending on the specificity of n<strong>et</strong>works.Next Generation N<strong>et</strong>work (NGN) constitutesthe convergence b<strong>et</strong>ween telecommunicationand IT infrastructures, which is a looselycoupled layered architecture. The keyevolution is the service creation in thosen<strong>et</strong>works where now third parties manage iteither by operators.This approach drastically differs from the oneused in traditional circuit n<strong>et</strong>works where thevertical integration induces a centralization ofthe computational resource, of the servicecreation process and of the underlyingbusiness model.Service providers can now access coren<strong>et</strong>work capabilities through open andstandardized interfaces, the parlay gatewaybased on APIs or through the parlay Xgateway based on web services.On the other hand, location service is one ofthe most important capabilities provided byoperator cellular n<strong>et</strong>works. We studied thearchitecture and the added nodes that allowaccuracy up to 5 m<strong>et</strong>ers in indoor and outdoorareas. It is expected that locations basedservices will be the killer application in NGN.Location information is a sensitive informationthat can imperil user integrity. We areinterested on one security issue of thoseservices delivered through Parlay X gateway,which is the privacy of end users.To secure service creation in NGN, we have tointroduce some strict constraints on the accessof third parties on operator n<strong>et</strong>works throughparlay gateways. In this way, privacy issue isinvestigated in service creation.This work is part of a Ph.D, funded by theFNADT project “Platform of securitysupervision and application to web service”,dedicated to securing service creation forParlay and Parlay X which began in March2006.RealizationWe studied Parlay gateways. Parlay and ParlayX gateways play two essential roles: (1)protect operator n<strong>et</strong>works from maliciousmanipulation of n<strong>et</strong>works, and (2) map serviceThe location-based services are presented asthe future killer application [1]. Thisapplication uses a sensitive personal data sothat protecting privacy of subscribers isrequired. To secure this application, we firststudied the n<strong>et</strong>work architectures that provideusers positioning. We then specify securityproperties and personal data to enforcesecurity. We suggested to use pseudonymitywhen location based services are used throughParlay X gateway. So, we proposed to add anew "Privacy web service" to Parlay X gatewayto act as a proxy b<strong>et</strong>ween third parties andend user that ensures the use of pseudonymsof subscribers [2].We are currently investigating how to improveprivacy web service to permit end userconfigure their privacy policy and how it canact as a compl<strong>et</strong>e r<strong>et</strong>ailer of location service.Future workWe planned in future work to formally describeend user privacy and privacy providers. Weintend to prove formally that end user privacyis ensured in services provided through ParlayX gateway. We tend to model privacy policyusing the Orbac model.We also investigate the security requirementsof composition. No standards and consensusexist. Many researchers suggest includingsecurity aspects in semantics for compositions.We aim to prove that a composed serviceobeys the security policies of each composedservice. The service creation throughcomposition is a new research field wheresecurity is not addressed. The expression of aglobal privacy policy of composed services canbe addressed in future works.References[1] 3 rd Generation Partnership Project,"Technical Report: Enhanced support for UserPrivacy in Location Service," 2002.[2] Nabil Ajam, "Privacy based access to ParlayX locations based services", ICNS, Guadeloupe,<strong>2008</strong>.Pracom’s Annual Report <strong>2008</strong> 51