Romain Laborde

A Formal Approach for the Evaluation of Network Security Mechanisms Based on RBAC Policies

Security policy models allow reasoning about security goals achievements. When security mechanisms are implemented, it is difficult to formally validate the security properties against the security goals especially in a network environment. To assess the implemented security properties, one should consider details regarding the network topology, the forwarding as well as filtering and transform engines. In this paper, we present a Colored Petri Net based tool which allows to describe graphically a given network topology, the network security mechanisms and the security goals required. The tool computes the different functionalities to set up the security properties and formally validates the solution using the dead state of the generated reachability graph analysis. Different security properties such as confidentiality and availability can be studied.

INCOME : multi-scale context management for the internet of things

Nowadays, context management solutions in ambient networks are well-known. However, with the IoT paradigm, ambient information is not anymore the only source of context. Context management solutions able to address multiple network scales ranging from ambient networks to the Internet of Things (IoT) are required. We present the INCOME project whose goal is to provide generic software and middleware components to ease the design and development of mass market context-aware applications built above the Internet of Things. By revisiting ambient intelligence (AmI) context management solutions for extending them to the IoT, INCOME allows to bridge the gap between these two very active research domains. In this landscape paper, we identify how INCOME plans to advance the state of the art and we briefly describe its scientific program which consists of three main tasks: (i) multi-scale context management, (ii) management of extrafunctional concerns (quality of context and privacy), and (iii) autonomous deployment of context management entities.

Multi-session Separation of Duties (MSoD) for RBAC

Separation of duties (SoD) is a key security requirement for many business and information systems. Role based access controls (RBAC) is a relatively new paradigm for protecting information systems. In the ANSI standard RBAC model both static and dynamic SoD are defined. However, static SoD policies assume that the system has full control over the assignment of all roles to users, whilst dynamic SoD policies assume that conflicts of interest can only arise during the simultaneous activation of a users roles. Unfortunately neither of these assumptions hold true in dynamic virtual organisations (VOs), or in business processes that span multiple user sessions, or where users only partially disclose their roles at each session. In this paper we propose multi-session SoD (MSoD) policies for business processes which include multiple tasks enacted by multiple users over many user access control sessions. We explore the means to define MSoD policies in RBAC via multi-session mutually exclusive roles (MMER) and multi-session mutually exclusive privileges (MMEP). We propose an approach to expressing MSoD policies in XML and enforcing MSoD policies in a policy controlled RBAC infrastructure. Finally, we describe how we have implemented MSoD policies in the PERMIS privilege management infrastructure.

A survey on addressing privacy together with quality of context for context management in the Internet of Things

Making the Internet of Things (IoT) a reality will contribute to extend the context-aware ability of numerous sensitive applications. We can foresee that the context of users will include not only their own spatio-temporal conditions but also those of the things situated in their ambient environment and at the same time, thanks to the IoT, those that are located in other remote spaces. Consequently, next-generation context managers have to interact with the IoT underlying technologies and must, even more than before, address both privacy and quality of context (QoC) requirements. In this article, we show that the notions of privacy and QoC are intimately related and sometimes contradictory and survey the recent works addressing them. Current solutions usually consider only one notion, and very few of them started to bridge privacy and QoC. We identify some of the remaining challenges that next-generation context managers have to deal with to favour users’ acceptability by providing both the optimal QoC level and the appropriate privacy protection.

Coordination between distributed PDPs

For distributed applications, using a centralised policy decision point (PDP) with a common policy allows coordination between multiple resources that are being accessed. But the central PDP is a bottleneck to performance because every request needs to be diverted to it. Having a set of distributed PDPs co-located with resources can overcome the performance bottleneck, but any form of coordination is then lost. Furthermore, even a centralised PDP sometimes needs to coordinate its access control decision making over time. Therefore, coordination between decision making, for both centralised and distributed PDPs, is needed. This paper addresses issues of coordination between distributed or centralised decision making, by examining when coordination is needed, providing a conceptual model for coordination, defining policy elements that can control coordination, and rules for the refinement of coordination policies. The paper provides a detailed example of coordination policy refinement, and provides an outline of how we are implementing the model in our system

Implementation of a Formal Security Policy Refinement Process in WBEM Architecture

Security mechanisms enforcement consists in configuring devices with the aim that they cooperate and guarantee the defined security goals. In the network context, this task is complex due to the number, the nature, and the interdependencies of the devices to consider.In previous papers, we have proposed a formal framework that focuses on network security information management refinement. The framework includes three abstraction levels: the network security objectives, the network security tactics, and the network security device configurations. The information models of each abstraction level (consistency, correctness and feasibility) are formally specified and analyzed.In this paper we present the integration of this formal refinement process in the WBEM initiative in order to provide a management infrastructure that guarantees the validity of the deployed security configurations.

Access control model for inter-organizational grid virtual organizations

The grid has emerged as a platform that enables to put in place an inter-organizational shared space known as Virtual Organization. The Virtual Organization (VO) encompasses users and resources supplied by the different partners for achieving the VO’s creation goal. Though many works offer solutions to manage a VO, the dynamic, on the fly creation of virtual organizations is still a challenge. Dynamic creation of VOs is associated with the automated generation of access control policy to trace its boundaries, specify the different partners’ rights within it and assure its management during its life time. In this paper, we propose an OrBAC (Organization Based Access Control model) based Virtual Organization model which serves as a corner stone in the VO creation automated process. OrBAC framework specifies the users’ access permissions/interdiction to the VO resources, where its administration model AdOrBAC flexibly models the multi-stakeholder administration in the Grid.

The X.509 trust model needs a technical and legal expert

The X.509 trust model is based on three entities: the certification authority (CA), the certificate holder and the relying party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. It guarantees to the RP the correctness of the certificate information. This trust model is based on hypothesis that RPs have a predefined trust relation with a CA and that the trust level in CA can be determined by reading and analyzing a set of technical and legal documents. The X.509 trust model is so complex to RPs because an RP must realize this task for each and every CA chosen by the certificate holders. We introduce a new role of technical and legal expert into the X.509 trust model to help the RP make this task.

Network Security Management: A Formal Evaluation Tool Based on RBAC Policies

The complexity of factors to consider makes increasingly difficult the design of network security policies. Network security management is by nature a distributed function supplied by the coordination of a variety of devices with different capabilities. Formal evaluation techniques should be used to ensure that correct security network strategy are enforced. In this paper, we propose a new formal tool which allows to describe a given network security strategy, a network topology and the security goals required. The tool includes an evaluation method that checks some security properties and provides information to refine the strategy used. We introduce an example of VPN architecture which validates our approach.

An Adaptive XACMLv3 Policy Enforcement Point

Policies are rules that govern the choices in behavior of a system. Policy based management aims at supporting dynamic adaptability of behavior by changing policy without recoding or stopping the system. The common accepted architecture of such systems includes two main management agents: the Policy Decision Point that analyses requests and set decisions based on a policy and the Policy Enforcement Point (PEP) that enforces the PDPs decision. Modern access control policies include more and more obligations. As a consequence, PEPs must adapt dynamically to enforce them. We propose in this article a dynamically adaptable PEP compliant with XACMLv3 standard.