Architectures et mécanismes de sécurité pour l'auto-protection des systèmes pervasifs. (Security Architecture and Mechanisms for Self-protection of Pervasive Systems)

Advances in pervasive system are rapidly taking us to a novel frontier in security, revealing a whole new landscape of threats. In open and dynamic environments, malicious terminals may enter a network without being detected, and various malwares may invisibly install themselves on a device. While roaming between heterogeneous networks which are adjusted for their own protection requirements, a device may also take advantage of security policy conflicts to gain unauthorized privileges. In an embedded setting including limited and often unstable computing and networking resources, denial of service attacks are somewhat easier, with little lightweight security countermeasures. Finally, these decentralized, large-scale systems make end-to-end security supervision difficult, with the risk of some sub-system security policies not being up-to-date. These threats can only be mitigated with security mechanisms which are highly adaptable to conditions and security requirements. Moreover, the administration overhead of security infrastructures usually remains high. Operations to achieve the administration become increasingly complex which would be out of control. One promising direction initiated by IBM is to extend context-awareness to the security mechanisms themselves in order to make them autonomic. In this approach, protection schemes are automatically adapted at run-time according to the actual security requirements of the environment. Our work applies autonomic computing to conventional authorization infrastructure. We illustrate that autonomic computing is not only useful for managing IT infrastructure complexity, but also to mitigate continuous software evolution problems. However, its application in pervasive systems calls for a collection of design building blocks, ranging form overall architecture to terminal OS design. In this thesis, we propose: • A three-layer abstract architecture: a three-layer self-protection architecture is applied to the framework. A lower execution space provides running environment for applications, a control plane controls the execution space, and an autonomic plane guides the control behavior of the control plane in taking into account system status, context evolution, administrator strategy and user preferences. • An attribute-based access control model: the proposed model (Generic AttributeBased Access Control) is an attribute-based access control model which improves both the policy-neutrality to specify other access control policies and flexibility to enable fine-grain manipulations on one policy. • A policy-based framework for authorization integrating autonomic computing: the policy-based approach has shown its advantages when handling complex and dynamic systems. In integrating autonomic functions into this approach, an Autonomic Security Policy Framework provides a consistent and decentralized solution to administer G-ABAC policies in large-scale distributed pervasive systems. Moreover, the integration of autonomic functions enhances user-friendliness and context-awareness. • A terminal-side access control enforcement OS: the distributed authorization policies are then enforced by an OS level authorization architecture. It is an efficient