researResearch - Télécom Bretagne
researResearch - Télécom Bretagne
researResearch - Télécom Bretagne
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
esearc<br />
<strong>researResearch</strong><br />
architecture of privacy management for<br />
composed services. Regarding security in<br />
domotic networks, the work carried out on the<br />
use of IPv6 for the confinement of services led to<br />
the writing of a patent which has been submitted<br />
to the INPI [8]. This work is being done in<br />
collaboration with the structural project Pratic as<br />
a thesis financed by the Brittany Regional<br />
Council. Also, we have proposed new reputation<br />
evaluation mechanisms for group management<br />
in ad-hoc networks and shown their efficiency<br />
compared to existing mechanisms [4]<br />
Intrusion detection and reaction<br />
techniques<br />
Work carried out within the CELTIC/RED<br />
European project deals with the conception of a<br />
supervision platform enabling the establishment<br />
of a sufficiently precise diagnosis of the detected<br />
intrusion to then be able to activate an adapted<br />
reaction to the intrusion[5]. The supervision<br />
platform is based on three levels of reaction : (1)<br />
the lower level following a low grade diagnosis<br />
and triggering a reaction in the form of « reflex »<br />
actions, (2) the intermediate level based on a<br />
diagnosis relying on the fusion and correlation<br />
techniques developed in CRIM (Correlation and<br />
recognition of malicious intentions) and the<br />
activation of reactions whose purpose is to block<br />
the intrusion and (3) the higher level<br />
corresponding to redeployment of the security<br />
policy : automatic activation of the OrBAC<br />
security rules enabling the intrusion to be dealt<br />
with and the reconfiguration of the security<br />
components to take these security rules into<br />
account. Within the CIFRE bourse framework and<br />
in collaboration with Alcatel-Lucent, we have<br />
defined a model to evaluate the impact of an<br />
intrusion as well as the consequences of a<br />
reaction. Another CIFRE bourse in collaboration<br />
with Orange Labs, has allowed current work to<br />
deal with the management of inter-service<br />
dependence. The different projects share a<br />
common goal, namely, the selection of the most<br />
appropriate reaction to deal with the intrusion.<br />
Conception and testing of security<br />
policies<br />
This work, which has been carried out within the<br />
regionally funded SETEQUI thesis framework,<br />
aims principally at developing automatic<br />
techniques for testing the implantation of<br />
security mechanisms. The work enabled us to<br />
define the difference between a functional testing<br />
and a security testing and to study several<br />
criteria for test generation from an access<br />
control model. These criteria were compared on<br />
experimental case studies with the test efficiency<br />
being measured using an adaptation of the<br />
mutation approach (error injection into a<br />
programme). To ensure independence of the<br />
access control language used (DAC, RBAC,<br />
OrBac), we use a model driven engineering<br />
technique to express the semantics of security<br />
errors to the highest level (using a meta-model<br />
extended with an operational semantic). Since<br />
the aim is preventive, we propose solutions for<br />
the automatic insertion of security mechanisms<br />
into the code (Aspect-Oriented Programming<br />
techniques), in order to transform semiautomatically<br />
the existing functional tests into<br />
security tests (modification of the oracle<br />
function) or to locate the existing mechanisms<br />
hard coded in the application when the security<br />
policy evolves.<br />
180