Sécurité des ressources collaboratives dans les réseaux sociaux d'entreprise. (Security of collaborative resources in enterprises social networks)

Enterprise social networks (ESN) have revolutionized collaboration between professional organizations. By means of an ESN, conventional mobility constraints, complex procedures for services exchange and the lack of flexibility and communication are no longer concerns. In this thesis we have worked on the project OpenPaaS ESN. Mainly we focused on the management of the access control, which led us to other needs, namely the management of digital identities and their monitoring. We worked primarily on managing the authentication of digital identities within collaborative communities made of heterogeneous enterprises regarding authentication management systems. For this, we have proposed an interoperable architecture for managing federated authentication, allowing thus each enterprise to preserve its (own) authentication mechanism and each principal to perform a single sign on authentication regarding different enterprises. Further, we focused on the management of digital identities accreditations, i.e. Access Control. On this aspect, we have proposed a flexible access control model based on a set of identity attributes. We developed this model on the basis of a formal language based on temporal logic, namely the Event-Calculus logic. We were thus able to make the sharing of resources fluid and agile, and also able to handle temporary authorizations, i.e. delegations. The fluidity and agility of the shares is due to the user-centric resources’ sharing in a straightforward manner. In addition, the logical formalism has allowed us to automatically check the access control policies consistency. For enterprises, our access control system gives them the ability to control the user-centric sharing policies through policies based on a risk management mechanism, which make our access control mechanism dynamic. The risk mechanism is based on the NIST’s risk definition with an alignment with a set of parameters that include access control in the ESN context. More precisely, the dynamic risk management includes, the collaborative resource’s importance, the authentication system’s vulnerabilities and trust level reflected through the behavior of each collaborative actor. On this latter aspect of trust, we made an evaluation of trust through the computation of reputation scores based on the history of collaborative interactions of each subject of collaboration. Finally, we have implemented all those security modules and integrate them as a prototype into OpenPaaS ESN.