François Barrère

A Formal Approach for the Evaluation of Network Security Mechanisms Based on RBAC Policies

Security policy models allow reasoning about security goals achievements. When security mechanisms are implemented, it is difficult to formally validate the security properties against the security goals especially in a network environment. To assess the implemented security properties, one should consider details regarding the network topology, the forwarding as well as filtering and transform engines. In this paper, we present a Colored Petri Net based tool which allows to describe graphically a given network topology, the network security mechanisms and the security goals required. The tool computes the different functionalities to set up the security properties and formally validates the solution using the dead state of the generated reachability graph analysis. Different security properties such as confidentiality and availability can be studied.

Implementation of a Formal Security Policy Refinement Process in WBEM Architecture

Security mechanisms enforcement consists in configuring devices with the aim that they cooperate and guarantee the defined security goals. In the network context, this task is complex due to the number, the nature, and the interdependencies of the devices to consider.In previous papers, we have proposed a formal framework that focuses on network security information management refinement. The framework includes three abstraction levels: the network security objectives, the network security tactics, and the network security device configurations. The information models of each abstraction level (consistency, correctness and feasibility) are formally specified and analyzed.In this paper we present the integration of this formal refinement process in the WBEM initiative in order to provide a management infrastructure that guarantees the validity of the deployed security configurations.

Dynamic creation of inter-organizational grid virtual organizations

The grid has emerged as a platform that enables inter-organizational Internet-based collaborations in a sharing space called virtual organization (VO). Building a VO, in an open environment as the Internet, necessitates an access control policy to authorize, control and forbid activities in order to achieve the different partners mutual benefits. Our goal being the dynamic VO creation is then associated with the automated generation of access control policy in a multiple access stakeholders environment. We proposed in recent works OrBAC-based (organization based access control model) Virtual Organization model which we believe to be the corner stone in the VO creation automated process. In this paper we propose a methodology to dynamically build OrBAC-based VO and we show how our model is integrated in the creation process. The different methodology steps are explained along with the associated related works which serve for implementing our model. Finally we show an example of the model in work

Access control model for inter-organizational grid virtual organizations

The grid has emerged as a platform that enables to put in place an inter-organizational shared space known as Virtual Organization. The Virtual Organization (VO) encompasses users and resources supplied by the different partners for achieving the VO’s creation goal. Though many works offer solutions to manage a VO, the dynamic, on the fly creation of virtual organizations is still a challenge. Dynamic creation of VOs is associated with the automated generation of access control policy to trace its boundaries, specify the different partners’ rights within it and assure its management during its life time. In this paper, we propose an OrBAC (Organization Based Access Control model) based Virtual Organization model which serves as a corner stone in the VO creation automated process. OrBAC framework specifies the users’ access permissions/interdiction to the VO resources, where its administration model AdOrBAC flexibly models the multi-stakeholder administration in the Grid.

The X.509 trust model needs a technical and legal expert

The X.509 trust model is based on three entities: the certification authority (CA), the certificate holder and the relying party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. It guarantees to the RP the correctness of the certificate information. This trust model is based on hypothesis that RPs have a predefined trust relation with a CA and that the trust level in CA can be determined by reading and analyzing a set of technical and legal documents. The X.509 trust model is so complex to RPs because an RP must realize this task for each and every CA chosen by the certificate holders. We introduce a new role of technical and legal expert into the X.509 trust model to help the RP make this task.

Network Security Management: A Formal Evaluation Tool Based on RBAC Policies

The complexity of factors to consider makes increasingly difficult the design of network security policies. Network security management is by nature a distributed function supplied by the coordination of a variety of devices with different capabilities. Formal evaluation techniques should be used to ensure that correct security network strategy are enforced. In this paper, we propose a new formal tool which allows to describe a given network security strategy, a network topology and the security goals required. The tool includes an evaluation method that checks some security properties and provides information to refine the strategy used. We introduce an example of VPN architecture which validates our approach.

Towards the Weaving of the Characteristics of Good Security Requirements

Over the past two decades, there has been a significant emphasis on the research work towards the amelioration within the discipline of security requirements engineering. Many researchers, international standards and organizations have come up with various methodologies to facilitate the elicitation and evaluation of security requirements. However, the task of deriving good quality requirements still remains challenging. One of the main reasons is that there is no consensus in defining what is a good and a bad requirement. The purpose of this paper is to provide with a survey of various quality characteristics of requirements proposed by various authors from different perspectives. Our survey analysis shows that there are a total of 20 distinctive characteristics that are defined in order to evaluate the quality aspects of requirements.

A security management information model derivation framework: from goals to configurations

Security mechanisms enforcement consists in configuring devices with the aim that they cooperate and guarantee the defined security goals. In the network context, this task is complex due to the number, the nature, and the interdependencies of the devices to consider. We propose in this article a global and formal framework which models the network security management information from the security goals to the security mechanisms configurations. The process is divided into three steps. First, the security goals are specified and the specification consistency is checked. Secondly, the network security tactics are defined. An evaluation method guarantees the consistency and the correctness against the security goals. Finally, the framework verifies that the network security tactics can be enforced by the real security mechanisms.

A Requirements Engineering-Based Approach for Evaluating Security Requirements Engineering Methodologies

The significance of security requirements in building safety and security critical systems is widely acknowledged. However, given the multitude of security requirements engineering methodologies that exists today, selecting the best suitable methodology remains challenging. In a previous work, we proposed a generic evaluation methodology to elicit and evaluate the anticipated characteristics of a security requirements engineering methodology with regards to the stakeholders’ working context. In this article, we provide the empirical evaluation of three security requirements engineering methodologies KAOS, STS and SEPP with respect to the evaluation criteria elicited for network SRE context. The study show that none of them provide good support to derive network security requirements.