Michel Kamel

Implementation of a Formal Security Policy Refinement Process in WBEM Architecture

Security mechanisms enforcement consists in configuring devices with the aim that they cooperate and guarantee the defined security goals. In the network context, this task is complex due to the number, the nature, and the interdependencies of the devices to consider.In previous papers, we have proposed a formal framework that focuses on network security information management refinement. The framework includes three abstraction levels: the network security objectives, the network security tactics, and the network security device configurations. The information models of each abstraction level (consistency, correctness and feasibility) are formally specified and analyzed.In this paper we present the integration of this formal refinement process in the WBEM initiative in order to provide a management infrastructure that guarantees the validity of the deployed security configurations.

Access control model for inter-organizational grid virtual organizations

The grid has emerged as a platform that enables to put in place an inter-organizational shared space known as Virtual Organization. The Virtual Organization (VO) encompasses users and resources supplied by the different partners for achieving the VO’s creation goal. Though many works offer solutions to manage a VO, the dynamic, on the fly creation of virtual organizations is still a challenge. Dynamic creation of VOs is associated with the automated generation of access control policy to trace its boundaries, specify the different partners’ rights within it and assure its management during its life time. In this paper, we propose an OrBAC (Organization Based Access Control model) based Virtual Organization model which serves as a corner stone in the VO creation automated process. OrBAC framework specifies the users’ access permissions/interdiction to the VO resources, where its administration model AdOrBAC flexibly models the multi-stakeholder administration in the Grid.

PEP = Point to Enhance Particularly

Policies are rules that govern the choices in behaviour of a system. Policy based management aims at supporting dynamic adaptability of behaviour by changing policy without receding or stopping the system. The common accepted architecture of such systems includes two main management agents: the policy decision point that analyses requests and set decisions based on a policy and the policy enforcement point that enforces the PDP s decision. While many works deal with PDP implementations, PEP is considered to be only an interface between applications to be managed and the PDP. PEPs are usually specific to an application and a context of use. As a consequence, they cannot be re-used for new applications and they are implemented from scratch each time. In this article, we present a modular architecture to implement reusable PEPs for policy based authorization systems.

A secure collaborative web-based environment for virtual organisations

The concept of the Virtual Organisation (VO) is a natural outcome of network evolution and the growth of collaborative work tools. In the projects Value Improvement thought a Virtual Aeronautical Collaborative Enterprise (VIVACE) and Transglobal Secure Collaboration Program (TSCP), we studied the different issues when setting VOs up. In this paper, we expose the requirements and characteristics of VOs through a use case where the partners produce a technical aeronautic specification, which was proposed by those consortiums. Then, we present a secured collaborative environment that we have deployed to deal with VO security constraints. It combines attribute-based access control models, privileges management infrastructure and identity federation to make VOs more dynamic.

A secure collaborative web based environment for virtual organizations

The concept of Virtual Organization (VO) is a natural outcome of networks evolution and collaborative work tools growth. In the projects VIVACE and TSCP, we have studied the different issues when setting VOs up. In this paper, we expose requirements and characteristics of VOs through a use case, which was proposed by these consortiums. Then, we present a secured collaborative environment, which combines attribute based access control models, privileges management infrastructure and federation of identity, we have deployed to deal with VO security constraints.