Sihem Guemara El Fatmi

Towards a generic trust management model

Trust is one of the fundamental security concepts since it provides network collaborating entities with a mean to counter their uncertainty. Trust is generally integrated into existent security frameworks in order to add a security level to entities collaborations through the use of trust relations. Besides, benefiting from trust relations implies establishing them, updating them when needed and revoking them if necessary. Unfortunately, using trust can be a hard task since it has to cope with subjectivity and may change according to the involved entities. A formal model can be used to alleviate this problem. One way to formalize trust concept is the use of trust management. This latter allows unifying and standardizing trust as well as all its inherent concepts. It provides needful basis for trust establishment, update and revocation. Different dedicated trust management models were proposed corresponding to existing specific needs. Our main contribution in this paper is then, the proposition of a generic trust management model suitable to the most communication domains and needs. This model is based on the main trust concepts such as recommendations and reputations as well as the main properties such as permanence, transitivity and asymmetry.

An Automated Validation Method for Security Policies: The Firewall Case

Research in computer security issues has recently addressed the development of security policy specification languages. It has however omitted the need of formal validation. In this paper we try to remedy to this drawback by the proposition of an automated tool for security policies. Because we have found several similarities between security policies and software engineering, our approach is strongly inspired from the reasoning followed in the software engineering. First, it brings out a model inspired by Promela to enable the validation task. Secondly, it proposes a 3-step validation process that deals with consistency, completeness and preservation of safety and liveness properties.

XML access control: from XACML to annotated schemas

XML became the de facto standard for the data representation and exchange on the internet. Regarding XML documents access control policy definition, OASIS ratified the XACML standard. It is a declarative language allowing the specification of authorizations as rules. Furthermore, it is common to formally represent XML documents as labeled trees and to handle secure requests through “user views”. A user view is the part of the document accessible to a given user according to the existing policy. Moreover, control access polices can be depicted as annotated rules where annotations define for each document node whether it is accessible. Hence, an annotated schema is a formal representation of “user views”. Our main contribution in this paper is then three folds. First, we compare XACML policies and annotated schemas. Second, we identify a significant fragment of XACML since this latter is very expressive and consequently complex. Third, we define adequate translation algorithms from XACML policies to annotated schemas.

A Reputation-Based Clustering Mechanism for MANET Routing Security

A Mobile Ad hoc NETwork (MANET) is a collection of mobile nodes having no fixed topology and cooperating with each other. Due to these particularities, classical routing protocols cannot be used and some specific ones have been proposed. Because routing process is fundamental in a MANET deployment, it constitutes a privileged target of attackers. In this paper we propose a novel reputation-based clustering mechanism to locate malicious nodes and isolate them. In order to reduce network overhead and to handle network topology dynamicity, the proposed mechanism is based on a specific clustering environment. The clustering maintenance complexity is for its part reduced by the use of a reputation based delegation process allowing the cluster-head to delegate its privileges to a chosen cluster member in case of displacement or lack of energy. Moreover, nodes reputation handling allows the detection and isolation of malicious nodes. Five modules constitute this mechanism: a monitoring module to detect malicious nodes, a reputation module to update reputation values, an isolation module to discard malicious nodes, an identity recognition module to assess alerts sources and a delegation module to allow clusterhead privileges delegation.

Dealing with Multi Security Policies in Communication Networks

In any organization, there are generally several applications in place and usually, each application has its own Security Policy. In fact, the ability to define multiple Security Policies is needed in several cases. Moreover, heterogeneous security mechanisms can be used to achieve security objectives. However, implementing a unified security policy for all theses mechanisms becomes then unfeasible. Hence, a formal representation of security policies is needed. Furthermore, since theses policies are generally written by different people, they may have conflicts. The main contribution of this paper concerns then, the formalization of security policies conflicts as well as their detection and resolution.

SECOMO: an estimation cost model for risk management projects

In this paper an estimation cost model for risk management projects, called SECOMO is presented. This model helps managers reasoning about the cost and schedule implications of network security decisions that security teams may need to make. It aims to achieve several objectives including: (1) providing accurate cost and scheduling estimates for currently security projects, and (2) providing a normative method for the allocation of resources necessary for the development and maintenance of network security solution.

Towards a test cases generation method for Security Policies

Security Policy specification and testing constitute two fundamental challenges in the development of secure communication systems since they can ensure that a security policy is correctly enforced. Model checking techniques can be used to do such task. Given a system modeling and a test criterion, the model checker can generate a counterexample from which test cases can be deduced. To address the previous challenges, we propose in this paper, a framework to specify a security policy and to test its implementation. This framework is characterized as follows: (1) the security policy enforcement is specified through a new modeling language, S-Promela, (2) the test criteria are expressed by the use of a temporal logic LTL and (3) the test cases are generated by a classical model checking technique.

A generic model for delegation in security policies

Delegation is the process whereby a user can assign his authorizations to another user. This feature is necessary in todays communication networks principally because it allows the interaction between the entities composing such networks. This paper aims to give a first step toward a framework allowing to, formally, model delegation. Hence, we propose an extension of a previously proposed model by adding delegation and specially handling most of the delegation properties which we find in the literature. For this purpose, we model a delegation request based on two types: the grant and the transfer. We also propose an adapted verification process completing the delegation process. Finally, we discuss the revocation of delegations according to three schemes.

A Ticket-Based Authentication Scheme for VANETs Preserving Privacy

In Vehicular Ad hoc NETworks (VANETs), vehicles exchange safety messages in order to enhance road safety. Because of their critical role, safety messages should be authenticated before being accepted while preserving the privacy of vehicles. However, misbehaving vehicles should be traced by legal authorities and evicted from the network. In this paper, we propose a new conditional privacy-preserving authentication scheme for VANETs. The proposed scheme is based on the use of temporary tickets to maintain the privacy of vehicles. An identity-based signature technique is employed for authentication. The trusted authority can trace misbehaving vehicles, given their tickets, and RSUs handle the task of evicting them from the network. An in-depth security analysis is performed to demonstrate the efficiency of our proposal.

A Trust Management Based Security Mechanism against Collusion Attacks in a MANET Environment

MANETs (Mobile Ad hoc Networks) are self organized networks with mobile and collaborating nodes without any pre-established infrastructure. Because of these characteristics, securing MANETs constitute a hard and challenging task. Consequently, new mechanisms may be of interest to secure such networks. To this end, we have found that trust management can be a support for MANET security. In fact, the reputation concept and the establishment of trustful relation between collaborating nodes can be meaningful to express security aspects in such environment. From there, we proposed in previous works a Mobility-based Clustering Algorithm (MCA) and a Trust management scheme for MCA (TMCA) to secure routing behaviors. MCA organizes nodes into clusters managed by a cluster-head (CH) and TMCA detects malicious routing behavior based on CHs direct observations and exchanged alerts. A delegation based process was also defined on TMCA and was called DTMCA. Although DTMCA meets security objectives, it may unfortunately be faced with various threats from malicious nodes: Several nodes can in fact collude in order to increase or decrease other reputation values to damage the QoS and even the MANET functioning. Our objective in this paper is then to secure DTMCA against collusion attacks. The mechanism proposed here is based on colluding nodes detection through cluster members behavior monitoring and by comparing this behavior with the received reputation value in the alert message. Detected colluder nodes are then discarded from further communication.