Architectures et mécanismes de sécurité pour l'auto-protection des systèmes pervasifs. (Security Architecture and Mechanisms for Self-protection of Pervasive Systems)

نویسنده

  • Ruan He
چکیده

Advances in pervasive system are rapidly taking us to a novel frontier in security, revealing a whole new landscape of threats. In open and dynamic environments, malicious terminals may enter a network without being detected, and various malwares may invisibly install themselves on a device. While roaming between heterogeneous networks which are adjusted for their own protection requirements, a device may also take advantage of security policy conflicts to gain unauthorized privileges. In an embedded setting including limited and often unstable computing and networking resources, denial of service attacks are somewhat easier, with little lightweight security countermeasures. Finally, these decentralized, large-scale systems make end-to-end security supervision difficult, with the risk of some sub-system security policies not being up-to-date. These threats can only be mitigated with security mechanisms which are highly adaptable to conditions and security requirements. Moreover, the administration overhead of security infrastructures usually remains high. Operations to achieve the administration become increasingly complex which would be out of control. One promising direction initiated by IBM is to extend context-awareness to the security mechanisms themselves in order to make them autonomic. In this approach, protection schemes are automatically adapted at run-time according to the actual security requirements of the environment. Our work applies autonomic computing to conventional authorization infrastructure. We illustrate that autonomic computing is not only useful for managing IT infrastructure complexity, but also to mitigate continuous software evolution problems. However, its application in pervasive systems calls for a collection of design building blocks, ranging form overall architecture to terminal OS design. In this thesis, we propose: • A three-layer abstract architecture: a three-layer self-protection architecture is applied to the framework. A lower execution space provides running environment for applications, a control plane controls the execution space, and an autonomic plane guides the control behavior of the control plane in taking into account system status, context evolution, administrator strategy and user preferences. • An attribute-based access control model: the proposed model (Generic AttributeBased Access Control) is an attribute-based access control model which improves both the policy-neutrality to specify other access control policies and flexibility to enable fine-grain manipulations on one policy. • A policy-based framework for authorization integrating autonomic computing: the policy-based approach has shown its advantages when handling complex and dynamic systems. In integrating autonomic functions into this approach, an Autonomic Security Policy Framework provides a consistent and decentralized solution to administer G-ABAC policies in large-scale distributed pervasive systems. Moreover, the integration of autonomic functions enhances user-friendliness and context-awareness. • A terminal-side access control enforcement OS: the distributed authorization policies are then enforced by an OS level authorization architecture. It is an efficient

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Study and Development of a Symmetric protocol to secure communications in WSN

Résumé : Durant cette dernière décennie, les réseaux de capteurs sans fil (RCSF) ont attiré l’attention des chercheurs et des services de recherche et développement en raison de leur facilité de déploiement et de leur champs d’application dans divers domaines, y compris la sécurité et la surveillance, le contrôle, la maintenance des systèmes complexes, l’agriculture, e-santé, etc. Toutefois, en...

متن کامل

CHASSIS — Une Plate - forme pour la Construction de Systèmes d ’ Information

Les systèmes d’information d’aujourd’hui ont de plus en plus la nécessité d’être ouverts. Ceci implique qu’ils doivent répondre aux besoins de réseaux ouverts, de logiciel et de matériel hétérogènes et “inter-opérables,” et, surtout, à des besoins évolutifs et changeants. Le projet CHASSIS vise le développement d’un cadre informatique et méthodologique pour (i) la conception et la construction ...

متن کامل

ThE REfoRm of SociaL PRoTEcTion SySTEmS in mixEd maRkET EconomiES

Cet article analyse la réforme des systèmes de protection sociale dans deux pays méditerranéens, prenant comme point de départ le modèle des variétés du capitalisme. Son but est de démontrer l’intérêt d’une méthode intégrant les différentes approches à l’étude de l’État providence. Prenant comme point de départ la capacité limitée des théories existantes pour expliquer la dynamique de réforme d...

متن کامل

Protection de la vie privée à base d'agents dans un système d'e-learning

Thème Protection de la vie privée à base d'agents dans un système d'e-learning Résumé Les systèmes d'e-learning visent à offrir un accès facile et permanent aux ressources pédagogiques mises en ligne. En effet, les systèmes d'e-learning sont dotés de capacités d'adaptation des contenus et des processus d'apprentissage selon le profil de l'apprenant. Les techniques d'adaptation utilisent des méc...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2010