Patrice Clemente

An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system

Many efforts in the area of computer security have been drawn to attribute-based access control (ABAC). Compared to other adopted models, ABAC provides more granularity, scalability, and flexibility. This makes it a valuable access control system candidate for securing platforms and environments used for coordination and cooperation among organizations and communities, especially over open networks such as the Internet. On the other hand, the basic ABAC model lacks provisions for context, trust and privacy issues, all of which are becoming increasingly critical, particularly in high performance distributed collaboration environments. This paper presents an extended access control model based on attributes associated with objects and subjects. It incorporates trust and privacy issues in order to make access control decisions sensitive to the cross-organizational collaboration context. Several aspects of the proposed model are implemented and illustrated by a case study that shows realistic ABAC policies in the domain of distributed multiple organizations crisis management systems. Furthermore, the paper shows a collaborative graphical tool that enables the actors in the emergency management system to make better decisions. The prototype shows how it guarantees the privacy of objects attributes, taking into account the trust of the subjects. This tool incorporates a decision engine that relies on attribute based policies and dynamic trust and privacy evaluation. The resulting platform demonstrates the integration of the ABAC model, the evolving context, and the attributes of actors and resources.

A Collaborative Approach for Access Control, Intrusion Detection and Security Testing

Security Management is becoming a critical aspect for large scale distributed systems. In this paper, we propose a global architecture, based on an original meta-policy approach for access control and intrusion detection, allowing to guarantee global security properties. In contrast with classical meta-policy based systems, by applying verification techniques on the meta-policy, our solution guarantees global security properties while supporting local updates of the security policy. It is thus a powerful solution that provides strong fault tolerance since the control is carried out in a complete decentralized manner. By using a meta-policy, the system can verify the respect of global security properties after meta or local modifications of the policy. Thanks to test components, our system is also able to evaluate and configure in real-time each of its functionalities while tracking self corruption by malicious hackers. Our architecture is a cooperative multi agent-based system, making it possible to activate a functionality independently from some others. It is divided into several levels, each one contributing to the automation of the security management.

Trust and privacy in attribute based access control for collaboration environments

Many efforts in the area of computer security have been drawn to attribute-based access control (ABAC). Compared to other up-to-date models, ABAC provides more granularity, scalability, and flexibility, which make it a valuable candidate for securing collaboration between organizations, especially over an open network such as the Internet. On the other hand, this model lacks provisions for trust and privacy issues, both of which are becoming increasingly critical, particularly in collaboration environments. Recently, we proposed a preliminary model to address this gap [1]. This paper is a further discussion and development of how trust and privacy can be incorporated in the previously introduced ABAC model. In addition, we propose a structure for access control model that can cover most of real world access scenarios and schemes. The paper concludes with some remarks on implementation of such models along with possible future directions on evolution of access control models in general.

From a generic framework for expressing integrity properties to a dynamic MAC enforcement for operating systems

Protection deals with the enforcement of integrity and confidentiality. Integrity violations often lead to confidentiality vulnerabilities. This paper proposes a novel approach of Mandatory Access Control enforcement for guaranteeing a large range of integrity properties. In the literature, many integrity models are proposed such as the Biba model, data integrity, subject integrity, domain integrity and Trusted Path Execution. There can be numerous integrity models. In practice, an administrator needs to combine various integrity models. The major limitations of existing solutions deal first with the support of indirect activities aiming at violating integrity and second with the impossibility to extend existing models or even define new ones. This paper proposes a novel framework for expressing integrity requirements associated with direct or indirect activities, mostly in terms of information flows. It presents a formalization for the major integrity properties of the literature. The formalization of the required security is efficient and a straightforward enforcement is proposed. In contrast with our previous work, an information flow graph provides a dynamic analysis of the requested properties. The paper also provides a MAC implementation that enforces every integrity property supported by our formalization. Thus, a system call fails if it could violate the required security properties. A large scale experiment on high interaction honeypots shows the relevance, robustness and efficiency of our approach. This experimentation sets up two kinds of hosts. Hosts with our solution in IDS mode detect the violation of the requested properties. That IDS allows us to verify the completeness of our MAC protection. Hosts with our MAC protection guarantee all the required properties.

Classification of Malicious Distributed SELinux Activities

This paper deals with the classification of malicious activities occurring on a network of SELinux hosts. SELinux system logs come from a high interaction distributed honeypot. An architecture is proposed to compute those events in order to assemble system sessions, such as malicious ones. Afterwards, recognition mechanisms are proposed to classify those activities. The paper presents the classification architecture using comprehensive examples. It is the first solution that supports SELinux sessions. In contrast with previous works, distributed sessions are better addressed using only SELinux logs. The results of experiments use real samples taken from our honeypot. A high performance architecture enables to compute a large amount of events captured during one year on our high interaction honeypot. Our approach enables the real-time reconstruction of system sessions. Moreover, sessions are compared to patterns in order to classify them according to specific attacks. The paper shows that the classification can be done in a linear time. An automatic recognition of new patterns is proposed.

Cloud resources placement based on functional and non-functional requirements

It is difficult for customers to select the adequate cloud providers which fit their needs, as the number of cloud offerings increases rapidly. Many works thus focus on the design of cloud brokers. Unfortunately, most of them do not consider precise security requirements of customers. In this paper, we propose a methodology defined to place services in a multi-provider cloud environment, based on functional and non-functional requirements, including security requirements. To eliminate inner conflicts within customers requirements, and to match the cloud providers offers with these customers requirements, we use a formal analysis tool: Alloy. The broker uses a matching algorithm to place the required services in the adequate cloud providers, in a way that fulfills all customer requirements. We finally present a prototype implementation of the proposed broker.

SYNEMA: Visual monitoring of network and system security sensors

This paper presents a new monitoring tool called SYNEMA that helps to visualize different types of alerts from well-known security sensors. The architecture of the proposed tool is distributed and enables centralizing the collected information into a lightweight visualizer. The front-end proposes many display modes in order to give the ability to clearly see malicious activities and to be able to visually monitor information collected at system, network and user level in the hosts. The paper concludes with development perspectives about an auto-configurable plugin for visual correlation of attacks.