Ryma Abassi

Towards a generic trust management model

Trust is one of the fundamental security concepts since it provides network collaborating entities with a mean to counter their uncertainty. Trust is generally integrated into existent security frameworks in order to add a security level to entities collaborations through the use of trust relations. Besides, benefiting from trust relations implies establishing them, updating them when needed and revoking them if necessary. Unfortunately, using trust can be a hard task since it has to cope with subjectivity and may change according to the involved entities. A formal model can be used to alleviate this problem. One way to formalize trust concept is the use of trust management. This latter allows unifying and standardizing trust as well as all its inherent concepts. It provides needful basis for trust establishment, update and revocation. Different dedicated trust management models were proposed corresponding to existing specific needs. Our main contribution in this paper is then, the proposition of a generic trust management model suitable to the most communication domains and needs. This model is based on the main trust concepts such as recommendations and reputations as well as the main properties such as permanence, transitivity and asymmetry.

An Automated Validation Method for Security Policies: The Firewall Case

Research in computer security issues has recently addressed the development of security policy specification languages. It has however omitted the need of formal validation. In this paper we try to remedy to this drawback by the proposition of an automated tool for security policies. Because we have found several similarities between security policies and software engineering, our approach is strongly inspired from the reasoning followed in the software engineering. First, it brings out a model inspired by Promela to enable the validation task. Secondly, it proposes a 3-step validation process that deals with consistency, completeness and preservation of safety and liveness properties.

XML access control: from XACML to annotated schemas

XML became the de facto standard for the data representation and exchange on the internet. Regarding XML documents access control policy definition, OASIS ratified the XACML standard. It is a declarative language allowing the specification of authorizations as rules. Furthermore, it is common to formally represent XML documents as labeled trees and to handle secure requests through “user views”. A user view is the part of the document accessible to a given user according to the existing policy. Moreover, control access polices can be depicted as annotated rules where annotations define for each document node whether it is accessible. Hence, an annotated schema is a formal representation of “user views”. Our main contribution in this paper is then three folds. First, we compare XACML policies and annotated schemas. Second, we identify a significant fragment of XACML since this latter is very expressive and consequently complex. Third, we define adequate translation algorithms from XACML policies to annotated schemas.

A Reputation-Based Clustering Mechanism for MANET Routing Security

A Mobile Ad hoc NETwork (MANET) is a collection of mobile nodes having no fixed topology and cooperating with each other. Due to these particularities, classical routing protocols cannot be used and some specific ones have been proposed. Because routing process is fundamental in a MANET deployment, it constitutes a privileged target of attackers. In this paper we propose a novel reputation-based clustering mechanism to locate malicious nodes and isolate them. In order to reduce network overhead and to handle network topology dynamicity, the proposed mechanism is based on a specific clustering environment. The clustering maintenance complexity is for its part reduced by the use of a reputation based delegation process allowing the cluster-head to delegate its privileges to a chosen cluster member in case of displacement or lack of energy. Moreover, nodes reputation handling allows the detection and isolation of malicious nodes. Five modules constitute this mechanism: a monitoring module to detect malicious nodes, a reputation module to update reputation values, an isolation module to discard malicious nodes, an identity recognition module to assess alerts sources and a delegation module to allow clusterhead privileges delegation.

Dealing with Multi Security Policies in Communication Networks

In any organization, there are generally several applications in place and usually, each application has its own Security Policy. In fact, the ability to define multiple Security Policies is needed in several cases. Moreover, heterogeneous security mechanisms can be used to achieve security objectives. However, implementing a unified security policy for all theses mechanisms becomes then unfeasible. Hence, a formal representation of security policies is needed. Furthermore, since theses policies are generally written by different people, they may have conflicts. The main contribution of this paper concerns then, the formalization of security policies conflicts as well as their detection and resolution.

Towards an automated firewall security policies validation process

A security policy constitutes one of the major actors in the protection of communication networks. However, it can be one of their weaknesses if it is inadequate according to the network security requirements. For this, a security policy has to be validated before its deployment. Unfortunately, in the literature, there is no well established validation mechanisms ensuring the well founded of such security policies. This paper proposes a validation framework for security policies based on the concept of executable specifications and applied to the firewall case. The main contributions provided by this paper concerns the adaptation of some concepts and mechanisms traditionally used in software engineering for validation aims, such as specification, executable specification or reachability graph.

A Ticket-Based Authentication Scheme for VANETs Preserving Privacy

In Vehicular Ad hoc NETworks (VANETs), vehicles exchange safety messages in order to enhance road safety. Because of their critical role, safety messages should be authenticated before being accepted while preserving the privacy of vehicles. However, misbehaving vehicles should be traced by legal authorities and evicted from the network. In this paper, we propose a new conditional privacy-preserving authentication scheme for VANETs. The proposed scheme is based on the use of temporary tickets to maintain the privacy of vehicles. An identity-based signature technique is employed for authentication. The trusted authority can trace misbehaving vehicles, given their tickets, and RSUs handle the task of evicting them from the network. An in-depth security analysis is performed to demonstrate the efficiency of our proposal.

A Trust Management Based Security Mechanism against Collusion Attacks in a MANET Environment

MANETs (Mobile Ad hoc Networks) are self organized networks with mobile and collaborating nodes without any pre-established infrastructure. Because of these characteristics, securing MANETs constitute a hard and challenging task. Consequently, new mechanisms may be of interest to secure such networks. To this end, we have found that trust management can be a support for MANET security. In fact, the reputation concept and the establishment of trustful relation between collaborating nodes can be meaningful to express security aspects in such environment. From there, we proposed in previous works a Mobility-based Clustering Algorithm (MCA) and a Trust management scheme for MCA (TMCA) to secure routing behaviors. MCA organizes nodes into clusters managed by a cluster-head (CH) and TMCA detects malicious routing behavior based on CHs direct observations and exchanged alerts. A delegation based process was also defined on TMCA and was called DTMCA. Although DTMCA meets security objectives, it may unfortunately be faced with various threats from malicious nodes: Several nodes can in fact collude in order to increase or decrease other reputation values to damage the QoS and even the MANET functioning. Our objective in this paper is then to secure DTMCA against collusion attacks. The mechanism proposed here is based on colluding nodes detection through cluster members behavior monitoring and by comparing this behavior with the received reputation value in the alert message. Detected colluder nodes are then discarded from further communication.

Delegation Management Modeling in a Security Policy based Environment

Security Policies (SP) constitute the core of communication networks protection infrastructures. It offers a set of rules allowing differentiating between legitimate actions and prohibited ones and consequently, associates each entity in the network with a set of permissions and privileges. Moreover, in todays technological society and to allow applications perpetuity, communication networks must support the collaboration between entities to face up any unavailability or flinching. This collaboration must be governed by security mechanisms according to the established permissions and privileges. Delegation is a common practice that is used to simplify the sharing of responsibilities and privileges. The delegation process in a SP environment can be implanted through the use of adequate formalisms and modeling. The main contribution of this paper is then, the proposition of a generic and formal modeling of delegation process. This modeling is based on three steps composing the delegation life cycle: negotiation used for delegation initiation, verification of the SP respect while delegating and revocation of an established delegation. Hence, we propose to deal with each step according to the main delegation characteristics and extend them by some new specificities.

Using security policies in a network securing process

A security policy constitutes one of the major actors in the protection of communication networks but can be one of their drawbacks too. This can be the case if it is inadequate to the security requirements for example. For this, a security policy has to be checked before its real deployment. In this paper, we propose three checking activities each of which is adapted to a given phase of the policy deployment process. This activities deal with the SP validation, the SP testing and the multi-SP conflict management. Our techniques are inspired by the well established techniques of the software engineering for which we have found some similarities with the security domain.