DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

More documents

Recommendations

Info

estricted to the organization to which the ruleapplies.We claim that many works for the securityinteroperability do not establish a clearseparation between (1) the definition of thesecurity policy to be applied in this context, (2)how it is expressed, (3) how it is administeredand (4) how it can be managed. Our O2Oapproach gives a response to each of theseissues.In the O2O approach, interoperability policiesare always defined by the VPO parentorganization and administered by a VPO. Inthis way, the VPO controls all the externalaccesses to the resources of the parentorganization that is involved in aninteroperation. Other issues are discussed inthe published papers [1, 2]. In particular, themanagement of interoperability securitypolicies is based on the concept of sphere ofauthority: each organization defines andmanages its interoperability policies that arewithin its sphere of authority. At each moment,a VPO is within the sphere of authority of theorganization which provides the access to itsresources. An organization A is in the sphere ofauthority of another organization B if thesecurity policy that applies to A is defined andadministrated by B. Furthermore, O2O isflexible because it offers centralized,decentralized and hybrid management.To share understandable knowledge requiredto derive the permitted accesses and usages ofthe information during the interoperabilitysessions, we suggest context ontology to becombined with the OrBAC model and showhow it can be used to ease the security rulesdefinition and derivation during aninteroperability session [3].For this purpose, mapping between contextontologies has been defined [4]. This mappingis based on detection of compatibility relationsbetween ontologies and context revisionoperators. Context revision operators are usedto adapt the mapping between security rulesso that each organization involved in theinteroperation can always enforce its securitypolicy. This approach provides a framework todefine interoperability security policies assuggested in the O2O model. Collaborativeactivities in a P2P environment are used as anexample to illustrate our approach.ConclusionThis is only a short overview of the mainprinciples of the O2O approach. We arecurrently implementing our context ontologyand mapping relations in MotOrBAC [5] suchthat the interoperability is acces control modelindependent. So, two organizations caninteroperate although they do not apply bothan organisation access control. Other issuesare discussed in the referenced papers below.In particular, the collaboration of severalorganizations in a VPO may lead to creation ofnew objects. Clearly, these new objects do notbelong to any of the members of the VPO.Managing accesses to new resources createdin a VPO is an issue we are currentlyinvestigating.References[1] F. Cuppens, N. Cuppens-Boulahia and C.Coma. O2O: Managing Security PolicyInteroperability with Virtual PrivateOrganizations. In 13th Annual Workshop of HPOpen-View University Association (HP-OVUA),May 2006.[2] F. Cuppens, N. Cuppens-Boulahia and C.Coma. O2O: Virtual Private Organizations toManage Security Policy Interoperability. InSecond International Conference onInformation Systems Security (ICISS'06),December 2006.[3] C. Coma, N. Cuppens-Boulahia and F.Cuppens. A context ontology based approachfor secure interoperability. In 14th AnnualWorkshop of HP Software UniversityAssociation (HP-SUA) 2007, July 2007.[4] C. Coma, N. Cuppens-Boulahia and F.Cuppens. Context Ontology for SecureInteroperability. Third International Conferenceon Availability, Reliability and Security (AReS2007). Barcelona, Spain. March 2007.[5] F. Cuppens, N. Cuppens-Boulahia et C.Coma. MotOrBAC : un outil d’administration etde simulation de politiques de sécurité.SARSSI. Seignosse, France, Juin 2006.54 Pracom’s Annual Report 2008
Information flow control in organizationResearch Staff : Frédéric Cuppens, Nor a Cuppens-Boulahia – Ph.D. Student: JulienThomasKeywords : DRM, declassification, information flow controlApplications : Multi level security, Secure content managementPartners & Funding : funded by a French DGA (Direction Générale de l'armement) grant.IntroductionProtection of sensitive data to ensureconfidentiality, integrity and availability is animportant issue for governmental organizationssuch as the French MoD. Solutions mustguarantee the enforcement of security policies(such as the multi level security) establishedby these organizations to manage sensitiveinformation. The notion of traceability is alsoan important challenge and even more whensensitive data have to flow through securitylevels (declassification).In this context, TELECOM Bretagne has beenworking for several year on information flowcontrol models for multi-level security policies[1] and management of dynamic classificationof data [2].We are currently investigating applicability ofDRM techniques for managing sensitive data.This work is part of a thesis whose mainobjectives are to formalize how informationflow control may be addressed by DRMtechniques and develop relevant use cases forthese techniques.RealizationWe start the research work by a state of theart of the different domains bound to thethesis subject.Non interferenceSince Non Interference is the most frequentlyused model to deal with information flowcontrol the main variations of non interference(Generalized non Interference, Intransitive NonInterference, Abstract Non Interference) havebeen studied.Several extensions of non interference to dealwith secure declassification of sensitiveinformation have also been recently suggested.The notions of Who? What? Where? When? [3]are the main dimensions to analyze thesedifferent declassification proposals. Though thestate of the art is quite debatable, it definesthe main requirements of a declassificationbased model.DRM techniquesWe have performed an overview of main DRMproposals, MPEG-REL, OMA-DRM,LicenseScript. These approaches are mostlyused to protect commercial content withcopyright (audio or video contents).More recently, it has also been suggested touse DRM techniques in enterprises to protecttheir sensitive data. Thus, existing EDRM(Enterprise DRM) solutions have been listedand several categories have been defined.Among the Open Source platforms, weinvestigate AXMEDIS (supported by anEuropean Consortium) and OpenIPMP (OpenSource project supported by Open MobileAlliance) which are two interesting solutionsRegarding applicability of DRM in Frenchgovernmental organizations, we notice thatseveral referential have been published. Weespecially investigate the RGI (RéférentielGénéral d'Interopérabilité) and the RGS(Référentiel Général de Sécurité) with PRIS(politique de référencement intersectoriel desécurité). These referentials define the Frenchgovernment models, which are compliant withRFCs and Open Source solutions.Future WorkFrom a theoretical point of view, thespecification of declassification properties willbe one of our major concern. Regarding DRM,we will work on the comparison of existingDRM models and the analyzes of citedplatforms. We shall also investigate theapplicability of the Federated Rights ExpressionModel (FORM) [4], which allows a contentprovider to decide to trust external renderingPracom’s Annual Report 2008 55
Page 2 and 3:
Présentation générale...........
Page 4 and 5:
Activités d’enseignementLe dépa
Page 6 and 7:
Activités de rechercheLe départem
Page 8 and 9:
Notre implication dans les organism
Page 10 and 11:
le cadre du projet NextTV4all où l
Page 12 and 13:
cloisonnement par domaine tels qu
Page 14 and 15:
- le GIS ITS (Intelligent Transport
Page 16 and 17:
Twente aux Pays Bas, Université de
Page 18 and 19:
Liste des doctorants présents en 2
Page 20 and 21:
Annexe 2 : liste des publicationsAr
Page 22 and 23:
COMA-BREBEL Céline, CUPPENS Nora,
Page 24 and 25:
PHAN LE Cam Tu, CUPPENS Frédéric,
Page 26 and 27:
Annexe 3 : description détaillée
Page 28 and 29:
Access Control ....................
Page 30 and 31: schemes specifically suitable for l
Page 32 and 33: An easy-to-use solution for IPv6 co
Page 34 and 35: Loss Synchronization and Router Buf
Page 36 and 37: Sensor NetworksRandom Walk Techniqu
Page 38 and 39: Suppressing Neighbor Discovery in W
Page 40 and 41: Media and NetworksIP-based transmis
Page 42 and 43: One of the most difficult aspects o
Page 44 and 45: Another direction is the associatio
Page 46 and 47: classes. In our simple study case,
Page 48 and 49: Management of Multiple Access Netwo
Page 50 and 51: Adaptation of Multimedia Flows in a
Page 52 and 53: Optimized mobility management in he
Page 54 and 55: ecause it offers a generic framewor
Page 56 and 57: Future workOur next step is to fina
Page 58 and 59: Security Analysis and ValidationAna
Page 60 and 61: RealizationFigure 1 shows a classif
Page 62 and 63: Policy AdministrationResearch Staff
Page 64 and 65: execution in a distributed manner.
Page 66 and 67: Intrusion DetectionDetection and co
Page 68 and 69: eported alerts have to be managed b
Page 70 and 71: inside the corresponding detection
Page 72 and 73: function has a limitation that it d
Page 74 and 75: 1) Normal Node behavior simulation:
Page 76 and 77: negotiation. These strategies speci
Page 78 and 79: A Fast Adaptative Secure Technology
Page 82 and 83: ights and external identities, and
Page 84 and 85: Peer 2 peerP2PIm@gesResearch Staff
Page 86 and 87: Managing a Peer-to-Peer Storage Sys
Page 88 and 89: Applications of networks to transpo
Page 90 and 91: Adaptive Application Support in Mob
Page 92 and 93: Wireless Mesh NetworksResearch Staf
Page 94 and 95: TestbedsA showroom for practical IP
Page 96 and 97: egistrar and proxies, video streami
show all

DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?