Département Réseau, Sécurité et Multimédia Rapport d'Activités 2008

ights and external identities, and Onion PolicyAdministration Model (OPA) [5], a new modelfor super-distribution which provides acomplete traceability of the contentdistribution. The Applicability of the (E)DRMmodels to Governmental Organizations willalso be a direction of future work.References[1] P. Bieber et F. Cuppens. A Logical View ofSecure Dependencies. Journal of ComputerSecurity, 1(1), IOS press, 1992.[2] P. Bieber et F. Cuppens. SecureDependencies with Dynamic LevelAssignements. 5 th IEEE Computer SecurityFoundations Workshop, Franconia, 1992.[3] A. Sabelfeld and D. Sands. Dimensions andPrinciples of Declassification. In 18 th IEEEWorkshop on Computer Security Foundations,June 20 - 22, 2005.[4] T. Sans, F. Cuppens and N. Cuppens-Boulahia. FORM: A Federated RightsExpression Model for Open DRM Frameworks.ASIAN'06. Tokyo, Japan. December 2006.[5] T. Sans, F. Cuppens and N. Cuppens-Boulahia. OPA: Onion Policy AdministrationModel - Another approach to manage rights inDRM. IFIP/SEC. May 2007.Dynamic access and usage control in pervasive environmentsResearch Staff : Frédéric Cuppens, Nora Cuppens-Boulahia – Ph.D. Student: Yehia El RakaibyKeywords : Usage Control, Dynamic Access ControlApplications : Security of ubiquitous computing and pervasive environmentPartners & Funding : partially funded Conseil Régional de BretagneIntroductionOver the previous several years, the world haswitnessed an important evolution in theexchange of digital information due toadvances in networks and communication.Networks localization and presence servicesand the increase in the computing capabilitiesof the different electronic devices made way tohighly intelligent context-aware applications.Capturing security requirements of suchapplications in a policy-based securityframework represent an interesting challenge.One of those new security requirements isusage control. Usage control refers to thecontrols over data after it is released to somethird party. It is undeniable that usage controlin today's digital environment is of utmostimportance and is needed in many applicationssuch as: DRM applications, P2P, availabilityrequirements, etc. Essentially, usage controldefine requirements that must be met before,while or after the use of some resource.Examples of possible usage controls are "theuser must keep watching an advertisementwindow while watching the video" or "Withinthirty days after the use of the resource, theuser must pay for the use of the service".Among previous works on usage control are[1, 2].Salient features of future applications are mostlikely to include context-awareness andinteractivity between the different serviceactors. Therefore it seems reasonable toassume that for a policy-based system toadequately meet those requirements, it mustenable the expression of some sort of dynamiccontextual security rules such as “from 9AM to18PM, if any of my family members requestsaccess to my files, I would like to be contactedto authorize the access”. One may justly saythat traditional access control systems relyingon MAC, DAC or RBAC policies are too rigid forthe expression of such security policies. Othermore recent policy-based systems whoseexpressivity is arguably better suited for theexpression of such policies are [3, 4, 5].In this thesis, we have focused our attentionon the study of the different security56 Pracom’s Annual Report 2008