Département Réseau, Sécurité et Multimédia Rapport d'Activités 2008
Département Réseau, Sécurité et Multimédia Rapport d'Activités 2008 Département Réseau, Sécurité et Multimédia Rapport d'Activités 2008
estricted to the organization to which the ruleapplies.We claim that many works for the securityinteroperability do not establish a clearseparation between (1) the definition of thesecurity policy to be applied in this context, (2)how it is expressed, (3) how it is administeredand (4) how it can be managed. Our O2Oapproach gives a response to each of theseissues.In the O2O approach, interoperability policiesare always defined by the VPO parentorganization and administered by a VPO. Inthis way, the VPO controls all the externalaccesses to the resources of the parentorganization that is involved in aninteroperation. Other issues are discussed inthe published papers [1, 2]. In particular, themanagement of interoperability securitypolicies is based on the concept of sphere ofauthority: each organization defines andmanages its interoperability policies that arewithin its sphere of authority. At each moment,a VPO is within the sphere of authority of theorganization which provides the access to itsresources. An organization A is in the sphere ofauthority of another organization B if thesecurity policy that applies to A is defined andadministrated by B. Furthermore, O2O isflexible because it offers centralized,decentralized and hybrid management.To share understandable knowledge requiredto derive the permitted accesses and usages ofthe information during the interoperabilitysessions, we suggest context ontology to becombined with the OrBAC model and showhow it can be used to ease the security rulesdefinition and derivation during aninteroperability session [3].For this purpose, mapping between contextontologies has been defined [4]. This mappingis based on detection of compatibility relationsbetween ontologies and context revisionoperators. Context revision operators are usedto adapt the mapping between security rulesso that each organization involved in theinteroperation can always enforce its securitypolicy. This approach provides a framework todefine interoperability security policies assuggested in the O2O model. Collaborativeactivities in a P2P environment are used as anexample to illustrate our approach.ConclusionThis is only a short overview of the mainprinciples of the O2O approach. We arecurrently implementing our context ontologyand mapping relations in MotOrBAC [5] suchthat the interoperability is acces control modelindependent. So, two organizations caninteroperate although they do not apply bothan organisation access control. Other issuesare discussed in the referenced papers below.In particular, the collaboration of severalorganizations in a VPO may lead to creation ofnew objects. Clearly, these new objects do notbelong to any of the members of the VPO.Managing accesses to new resources createdin a VPO is an issue we are currentlyinvestigating.References[1] F. Cuppens, N. Cuppens-Boulahia and C.Coma. O2O: Managing Security PolicyInteroperability with Virtual PrivateOrganizations. In 13th Annual Workshop of HPOpen-View University Association (HP-OVUA),May 2006.[2] F. Cuppens, N. Cuppens-Boulahia and C.Coma. O2O: Virtual Private Organizations toManage Security Policy Interoperability. InSecond International Conference onInformation Systems Security (ICISS'06),December 2006.[3] C. Coma, N. Cuppens-Boulahia and F.Cuppens. A context ontology based approachfor secure interoperability. In 14th AnnualWorkshop of HP Software UniversityAssociation (HP-SUA) 2007, July 2007.[4] C. Coma, N. Cuppens-Boulahia and F.Cuppens. Context Ontology for SecureInteroperability. Third International Conferenceon Availability, Reliability and Security (AReS2007). Barcelona, Spain. March 2007.[5] F. Cuppens, N. Cuppens-Boulahia et C.Coma. MotOrBAC : un outil d’administration etde simulation de politiques de sécurité.SARSSI. Seignosse, France, Juin 2006.54 Pracom’s Annual Report 2008
Information flow control in organizationResearch Staff : Frédéric Cuppens, Nor a Cuppens-Boulahia – Ph.D. Student: JulienThomasKeywords : DRM, declassification, information flow controlApplications : Multi level security, Secure content managementPartners & Funding : funded by a French DGA (Direction Générale de l'armement) grant.IntroductionProtection of sensitive data to ensureconfidentiality, integrity and availability is animportant issue for governmental organizationssuch as the French MoD. Solutions mustguarantee the enforcement of security policies(such as the multi level security) establishedby these organizations to manage sensitiveinformation. The notion of traceability is alsoan important challenge and even more whensensitive data have to flow through securitylevels (declassification).In this context, TELECOM Bretagne has beenworking for several year on information flowcontrol models for multi-level security policies[1] and management of dynamic classificationof data [2].We are currently investigating applicability ofDRM techniques for managing sensitive data.This work is part of a thesis whose mainobjectives are to formalize how informationflow control may be addressed by DRMtechniques and develop relevant use cases forthese techniques.RealizationWe start the research work by a state of theart of the different domains bound to thethesis subject.Non interferenceSince Non Interference is the most frequentlyused model to deal with information flowcontrol the main variations of non interference(Generalized non Interference, Intransitive NonInterference, Abstract Non Interference) havebeen studied.Several extensions of non interference to dealwith secure declassification of sensitiveinformation have also been recently suggested.The notions of Who? What? Where? When? [3]are the main dimensions to analyze thesedifferent declassification proposals. Though thestate of the art is quite debatable, it definesthe main requirements of a declassificationbased model.DRM techniquesWe have performed an overview of main DRMproposals, MPEG-REL, OMA-DRM,LicenseScript. These approaches are mostlyused to protect commercial content withcopyright (audio or video contents).More recently, it has also been suggested touse DRM techniques in enterprises to protecttheir sensitive data. Thus, existing EDRM(Enterprise DRM) solutions have been listedand several categories have been defined.Among the Open Source platforms, weinvestigate AXMEDIS (supported by anEuropean Consortium) and OpenIPMP (OpenSource project supported by Open MobileAlliance) which are two interesting solutionsRegarding applicability of DRM in Frenchgovernmental organizations, we notice thatseveral referential have been published. Weespecially investigate the RGI (RéférentielGénéral d'Interopérabilité) and the RGS(Référentiel Général de Sécurité) with PRIS(politique de référencement intersectoriel desécurité). These referentials define the Frenchgovernment models, which are compliant withRFCs and Open Source solutions.Future WorkFrom a theoretical point of view, thespecification of declassification properties willbe one of our major concern. Regarding DRM,we will work on the comparison of existingDRM models and the analyzes of citedplatforms. We shall also investigate theapplicability of the Federated Rights ExpressionModel (FORM) [4], which allows a contentprovider to decide to trust external renderingPracom’s Annual Report 2008 55
- Page 30 and 31: schemes specifically suitable for l
- Page 32 and 33: An easy-to-use solution for IPv6 co
- Page 34 and 35: Loss Synchronization and Router Buf
- Page 36 and 37: Sensor NetworksRandom Walk Techniqu
- Page 38 and 39: Suppressing Neighbor Discovery in W
- Page 40 and 41: Media and NetworksIP-based transmis
- Page 42 and 43: One of the most difficult aspects o
- Page 44 and 45: Another direction is the associatio
- Page 46 and 47: classes. In our simple study case,
- Page 48 and 49: Management of Multiple Access Netwo
- Page 50 and 51: Adaptation of Multimedia Flows in a
- Page 52 and 53: Optimized mobility management in he
- Page 54 and 55: ecause it offers a generic framewor
- Page 56 and 57: Future workOur next step is to fina
- Page 58 and 59: Security Analysis and ValidationAna
- Page 60 and 61: RealizationFigure 1 shows a classif
- Page 62 and 63: Policy AdministrationResearch Staff
- Page 64 and 65: execution in a distributed manner.
- Page 66 and 67: Intrusion DetectionDetection and co
- Page 68 and 69: eported alerts have to be managed b
- Page 70 and 71: inside the corresponding detection
- Page 72 and 73: function has a limitation that it d
- Page 74 and 75: 1) Normal Node behavior simulation:
- Page 76 and 77: negotiation. These strategies speci
- Page 78 and 79: A Fast Adaptative Secure Technology
- Page 82 and 83: ights and external identities, and
- Page 84 and 85: Peer 2 peerP2PIm@gesResearch Staff
- Page 86 and 87: Managing a Peer-to-Peer Storage Sys
- Page 88 and 89: Applications of networks to transpo
- Page 90 and 91: Adaptive Application Support in Mob
- Page 92 and 93: Wireless Mesh NetworksResearch Staf
- Page 94 and 95: TestbedsA showroom for practical IP
- Page 96 and 97: egistrar and proxies, video streami
Information flow control in organizationResearch Staff : Frédéric Cuppens, Nor a Cuppens-Boulahia – Ph.D. Student: JulienThomasKeywords : DRM, declassification, information flow controlApplications : Multi level security, Secure content managementPartners & Funding : funded by a French DGA (Direction Générale de l'armement) grant.IntroductionProtection of sensitive data to ensureconfidentiality, integrity and availability is animportant issue for governmental organizationssuch as the French MoD. Solutions mustguarantee the enforcement of security policies(such as the multi level security) establishedby these organizations to manage sensitiveinformation. The notion of traceability is alsoan important challenge and even more whensensitive data have to flow through securitylevels (declassification).In this context, TELECOM Br<strong>et</strong>agne has beenworking for several year on information flowcontrol models for multi-level security policies[1] and management of dynamic classificationof data [2].We are currently investigating applicability ofDRM techniques for managing sensitive data.This work is part of a thesis whose mainobjectives are to formalize how informationflow control may be addressed by DRMtechniques and develop relevant use cases forthese techniques.RealizationWe start the research work by a state of theart of the different domains bound to th<strong>et</strong>hesis subject.Non interferenceSince Non Interference is the most frequentlyused model to deal with information flowcontrol the main variations of non interference(Generalized non Interference, Intransitive NonInterference, Abstract Non Interference) havebeen studied.Several extensions of non interference to dealwith secure declassification of sensitiveinformation have also been recently suggested.The notions of Who? What? Where? When? [3]are the main dimensions to analyze thesedifferent declassification proposals. Though thestate of the art is quite debatable, it definesthe main requirements of a declassificationbased model.DRM techniquesWe have performed an overview of main DRMproposals, MPEG-REL, OMA-DRM,LicenseScript. These approaches are mostlyused to protect commercial content withcopyright (audio or video contents).More recently, it has also been suggested touse DRM techniques in enterprises to protecttheir sensitive data. Thus, existing EDRM(Enterprise DRM) solutions have been listedand several categories have been defined.Among the Open Source platforms, weinvestigate AXMEDIS (supported by anEuropean Consortium) and OpenIPMP (OpenSource project supported by Open MobileAlliance) which are two interesting solutionsRegarding applicability of DRM in Frenchgovernmental organizations, we notice thatseveral referential have been published. Weespecially investigate the RGI (RéférentielGénéral d'Interopérabilité) and the RGS(Référentiel Général de Sécurité) with PRIS(politique de référencement intersectoriel desécurité). These referentials define the Frenchgovernment models, which are compliant withRFCs and Open Source solutions.Future WorkFrom a theor<strong>et</strong>ical point of view, thespecification of declassification properties willbe one of our major concern. Regarding DRM,we will work on the comparison of existingDRM models and the analyzes of citedplatforms. We shall also investigate theapplicability of the Federated Rights ExpressionModel (FORM) [4], which allows a contentprovider to decide to trust external renderingPracom’s Annual Report <strong>2008</strong> 55
Change language