DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

More documents

Recommendations

Info

ights and external identities, and Onion PolicyAdministration Model (OPA) [5], a new modelfor super-distribution which provides acomplete traceability of the contentdistribution. The Applicability of the (E)DRMmodels to Governmental Organizations willalso be a direction of future work.References[1] P. Bieber et F. Cuppens. A Logical View ofSecure Dependencies. Journal of ComputerSecurity, 1(1), IOS press, 1992.[2] P. Bieber et F. Cuppens. SecureDependencies with Dynamic LevelAssignements. 5 th IEEE Computer SecurityFoundations Workshop, Franconia, 1992.[3] A. Sabelfeld and D. Sands. Dimensions andPrinciples of Declassification. In 18 th IEEEWorkshop on Computer Security Foundations,June 20 - 22, 2005.[4] T. Sans, F. Cuppens and N. Cuppens-Boulahia. FORM: A Federated RightsExpression Model for Open DRM Frameworks.ASIAN'06. Tokyo, Japan. December 2006.[5] T. Sans, F. Cuppens and N. Cuppens-Boulahia. OPA: Onion Policy AdministrationModel - Another approach to manage rights inDRM. IFIP/SEC. May 2007.Dynamic access and usage control in pervasive environmentsResearch Staff : Frédéric Cuppens, Nora Cuppens-Boulahia – Ph.D. Student: Yehia El RakaibyKeywords : Usage Control, Dynamic Access ControlApplications : Security of ubiquitous computing and pervasive environmentPartners & Funding : partially funded Conseil Régional de BretagneIntroductionOver the previous several years, the world haswitnessed an important evolution in theexchange of digital information due toadvances in networks and communication.Networks localization and presence servicesand the increase in the computing capabilitiesof the different electronic devices made way tohighly intelligent context-aware applications.Capturing security requirements of suchapplications in a policy-based securityframework represent an interesting challenge.One of those new security requirements isusage control. Usage control refers to thecontrols over data after it is released to somethird party. It is undeniable that usage controlin today's digital environment is of utmostimportance and is needed in many applicationssuch as: DRM applications, P2P, availabilityrequirements, etc. Essentially, usage controldefine requirements that must be met before,while or after the use of some resource.Examples of possible usage controls are "theuser must keep watching an advertisementwindow while watching the video" or "Withinthirty days after the use of the resource, theuser must pay for the use of the service".Among previous works on usage control are[1, 2].Salient features of future applications are mostlikely to include context-awareness andinteractivity between the different serviceactors. Therefore it seems reasonable toassume that for a policy-based system toadequately meet those requirements, it mustenable the expression of some sort of dynamiccontextual security rules such as “from 9AM to18PM, if any of my family members requestsaccess to my files, I would like to be contactedto authorize the access”. One may justly saythat traditional access control systems relyingon MAC, DAC or RBAC policies are too rigid forthe expression of such security policies. Othermore recent policy-based systems whoseexpressivity is arguably better suited for theexpression of such policies are [3, 4, 5].In this thesis, we have focused our attentionon the study of the different security56 Pracom’s Annual Report 2008
equirements in pervasive environments. Inparticular, we studied the best means for theexpression of usage control and dynamicaccess control within an integrated singlesecurity framework.RealizationWe have first analyzed the securityrequirements of future applications, namelyusage and dynamic access control, and studiedthe current policy-based security frameworks.We aim to develop an intuitive language withformal semantics for the representation ofdynamic security requirements and provideoperational formal interpretation of thedeveloped language. From our analysis of thenature of dynamic access control and usagecontrol, the notion of obligations appeared tobe fundamental (the same conclusion wasreached by previous works on usage control[1, 2]). Therefore, we have worked on thespecification of an obligation controller for theinterpretation of the dynamic part of ourpolicy. In order to give formal operationalsemantics to the controller, we have studiedthe well established ECA paradigm from activedatabases and identified how active rules canadequately provide the controller clear formaloperational semantics. Our final goal was tointegrate the obligation controller with acontext-aware access controller in a singlesecurity framework.Future workFuture work consists of the finalization of ourapproach in order to have a single policybasedsecurity framework which encompassestraditional access control, dynamic accesscontrol and usage control.References[1] J. Park and R. Sandhu. The UCON ABCusage control model. ACM Trans. InformationSystems Security, 2004.[2] M. Hilty, A. Pretschner, D. Basin, C.Schaefer and T. Walter. A Policy Language forDistributed Usage Control. ESORICS, 2007.[3] A. Abou El Kalam, R. El Baida, P. Balbiani,S. Benferhat, F. Cuppens, Y. Deswarte, A.Miege, C. Saurel and G. Trouessin.Organization based access control. Policy,2003.[4] F. Cuppens, N. Cuppens-Boulahia and T.Sans. Nomad: A Security Model with NonAtomic Actions and Deadlines. 18th IEEECSFW, Aix-en-Provence, France, Juin 2005.[5] L. Kagal, T. Fini and A. Joshi. A policylanguage for a pervasive computingenvironment. Policy, 2003.Pracom’s Annual Report 2008 57
Page 2 and 3:
Présentation générale...........
Page 4 and 5:
Activités d’enseignementLe dépa
Page 6 and 7:
Activités de rechercheLe départem
Page 8 and 9:
Notre implication dans les organism
Page 10 and 11:
le cadre du projet NextTV4all où l
Page 12 and 13:
cloisonnement par domaine tels qu
Page 14 and 15:
- le GIS ITS (Intelligent Transport
Page 16 and 17:
Twente aux Pays Bas, Université de
Page 18 and 19:
Liste des doctorants présents en 2
Page 20 and 21:
Annexe 2 : liste des publicationsAr
Page 22 and 23:
COMA-BREBEL Céline, CUPPENS Nora,
Page 24 and 25:
PHAN LE Cam Tu, CUPPENS Frédéric,
Page 26 and 27:
Annexe 3 : description détaillée
Page 28 and 29:
Access Control ....................
Page 30 and 31:
schemes specifically suitable for l
Page 32 and 33: An easy-to-use solution for IPv6 co
Page 34 and 35: Loss Synchronization and Router Buf
Page 36 and 37: Sensor NetworksRandom Walk Techniqu
Page 38 and 39: Suppressing Neighbor Discovery in W
Page 40 and 41: Media and NetworksIP-based transmis
Page 42 and 43: One of the most difficult aspects o
Page 44 and 45: Another direction is the associatio
Page 46 and 47: classes. In our simple study case,
Page 48 and 49: Management of Multiple Access Netwo
Page 50 and 51: Adaptation of Multimedia Flows in a
Page 52 and 53: Optimized mobility management in he
Page 54 and 55: ecause it offers a generic framewor
Page 56 and 57: Future workOur next step is to fina
Page 58 and 59: Security Analysis and ValidationAna
Page 60 and 61: RealizationFigure 1 shows a classif
Page 62 and 63: Policy AdministrationResearch Staff
Page 64 and 65: execution in a distributed manner.
Page 66 and 67: Intrusion DetectionDetection and co
Page 68 and 69: eported alerts have to be managed b
Page 70 and 71: inside the corresponding detection
Page 72 and 73: function has a limitation that it d
Page 74 and 75: 1) Normal Node behavior simulation:
Page 76 and 77: negotiation. These strategies speci
Page 78 and 79: A Fast Adaptative Secure Technology
Page 80 and 81: estricted to the organization to wh
Page 84 and 85: Peer 2 peerP2PIm@gesResearch Staff
Page 86 and 87: Managing a Peer-to-Peer Storage Sys
Page 88 and 89: Applications of networks to transpo
Page 90 and 91: Adaptive Application Support in Mob
Page 92 and 93: Wireless Mesh NetworksResearch Staf
Page 94 and 95: TestbedsA showroom for practical IP
Page 96 and 97: egistrar and proxies, video streami
show all

DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?