researResearch - TÃ©lÃ©com Bretagne

More documents

Recommendations

Info

h Research 9 RESEARCH Main achievements of the project Security policy expression The work aimed at expanding the expressiveness of the OrBAC 1 model and the functions of the MotOrBAC prototype (a support tool for expressing a security policy with the OrBAC model) continues within the framework of the ANR Polux and Fluor projects. It consists notably of integrating both access control and information flow control requirements into the OrBAC model by using particular contexts enabling control of domain transitions [1]. We have also defined a general delegation and revocation of rights model and shown that this model is more expressive than the other existing models (thesis under joint supervision with SupCom Tunis). Finally, we have formalised a model with a wide range of obligation expressions, permitting notably the specification of obligations with deadlines, of persistent obligations and of group obligations. This formalism allows expansion of the OrBAC model in order to express security policies integrating usage control requirements (control before, during or after use of the resource). Methodology for the deployment of security policies The MotOrBAC prototype is based on a modular architecture which allows easy integration of new functions in order to deploy a security policy in the form of plug-ins. We have notably formalised the deployment of security policies that depend on contextual conditions (for example, time delays or location or intrusion events) [2]. In this case, MotOrBAC can be used to manage the contextual conditions and dynamically redeploy the policy when the context changes. We have developed another plug-in enabling translation of OrBAC requirements into the oasis standard XACML , a language to express access control policies. This work is in the process of being integrated into the negotiation of security policies architecture XENA, developed within the RNRT “Politess” project framework [9]. We are currently studying the deployment of information flow control requirements based on domain partitioning, such as those currently embedded in some secured versions of Linux, in particular Security Enhanced Linux. Implementing security The work carried out under a thesis funded by the initiative programme « Reseaux autonomes and spontanés » (Autonomous and Spontaneous Networks) supported by the Telecom Institute concerns interoperability between organisations with different security policies. The work focused on the secure management of interoperability based on the definition of contracts. This notion of a contract combined with an ontological mapping enables derivation of interoperability policies between organisations and has been integrated into O2O (Organization to Organization), an extension of the OrBAC model. We are also working on securing applications using aspect weaving techniques as in the AOP (Aspect Oriented Programming) approach. This approach is effective, each of the aspects woven into an application corresponding to a call to the API of MotOrBAC to carry out the required security checks. Secure content distribution Within the P2Pim@ges project which is supported by the business and research pole « Images et Reseaux (Images and Networks)» we study the implementation of security requirements in peer to peer(P2P) systems. Control of content distribution relies on DRM (Digital Right Management) techniques via the implemention of the OPA (Onion Policy Administration) model and the FORM (Federated Right Expression Model). This approach is integrated in the Protekto platform which combines the functions of identity management based on single authentication mechanisms (Single Sign On) with management of access to content authorisation as well as the distribution of that content. Network Security In the context of work related to the development of services through the Parlay/Parlay X bridge, the location service constitutes one of the new services creating heightened interest for operators. Privacy treatment and management is a central consideration. An improved treatment of pseudonyms was proposed and integrated into an 179 1) OrBAC : Organization Based Access Control 2) XACML : eXtensible Access Control Markup Language
esearc <strong>researResearch</strong> architecture of privacy management for composed services. Regarding security in domotic networks, the work carried out on the use of IPv6 for the confinement of services led to the writing of a patent which has been submitted to the INPI [8]. This work is being done in collaboration with the structural project Pratic as a thesis financed by the Brittany Regional Council. Also, we have proposed new reputation evaluation mechanisms for group management in ad-hoc networks and shown their efficiency compared to existing mechanisms [4] Intrusion detection and reaction techniques Work carried out within the CELTIC/RED European project deals with the conception of a supervision platform enabling the establishment of a sufficiently precise diagnosis of the detected intrusion to then be able to activate an adapted reaction to the intrusion[5]. The supervision platform is based on three levels of reaction : (1) the lower level following a low grade diagnosis and triggering a reaction in the form of « reflex » actions, (2) the intermediate level based on a diagnosis relying on the fusion and correlation techniques developed in CRIM (Correlation and recognition of malicious intentions) and the activation of reactions whose purpose is to block the intrusion and (3) the higher level corresponding to redeployment of the security policy : automatic activation of the OrBAC security rules enabling the intrusion to be dealt with and the reconfiguration of the security components to take these security rules into account. Within the CIFRE bourse framework and in collaboration with Alcatel-Lucent, we have defined a model to evaluate the impact of an intrusion as well as the consequences of a reaction. Another CIFRE bourse in collaboration with Orange Labs, has allowed current work to deal with the management of inter-service dependence. The different projects share a common goal, namely, the selection of the most appropriate reaction to deal with the intrusion. Conception and testing of security policies This work, which has been carried out within the regionally funded SETEQUI thesis framework, aims principally at developing automatic techniques for testing the implantation of security mechanisms. The work enabled us to define the difference between a functional testing and a security testing and to study several criteria for test generation from an access control model. These criteria were compared on experimental case studies with the test efficiency being measured using an adaptation of the mutation approach (error injection into a programme). To ensure independence of the access control language used (DAC, RBAC, OrBac), we use a model driven engineering technique to express the semantics of security errors to the highest level (using a meta-model extended with an operational semantic). Since the aim is preventive, we propose solutions for the automatic insertion of security mechanisms into the code (Aspect-Oriented Programming techniques), in order to transform semiautomatically the existing functional tests into security tests (modification of the oracle function) or to locate the existing mechanisms hard coded in the application when the security policy evolves. 180
Page 1 and 2:
Research Report 2008 w w w . t e l
Page 3 and 4:
esearc researResearch Summary 1. Do
Page 5 and 6:
esearc researResearch Télécom Bre
Page 7 and 8:
esearc researResearch 2. Research s
Page 9 and 10:
esearc researResearch enables to fe
Page 11 and 12:
esearc researResearch 6. Research r
Page 13 and 14:
esearc researResearch Annexe 1 : Do
Page 15 and 16:
esearc researResearch Annexe 2 : In
Page 17 and 18:
esearc researResearch « Medical im
Page 19 and 20:
esearc researResearch Annexe 5 : In
Page 21 and 22:
20 researc researResearch
Page 24 and 25:
ACP: Advance Coding Project esearch
Page 26:
h Research 9 RESEARCH Main achievem
Page 29 and 30:
esearc researResearch CaPSyS Propag
Page 31 and 32:
esearc researResearch 30 • Atmosp
Page 33 and 34:
esearc researResearch Following the
Page 35 and 36:
esearc researResearch DISHYP Microw
Page 37 and 38:
esearc researResearch themes of RF
Page 40 and 41:
FIAT: Integrated analog functions f
Page 42:
Page 45 and 46:
esearc researResearch FOTON Optical
Page 47 and 48:
esearc researResearch 46 Projects a
Page 50 and 51:
MACS: Methodologies for System Desi
Page 52 and 53:
Page 54 and 55:
h Research 9 RESEARCH specifically
Page 56 and 57:
MCLC: Composite Liquid Crystal Mate
Page 58:
Page 61 and 62:
esearc researResearch ProArch Radio
Page 63 and 64:
esearc researResearch 62 offsets by
Page 65 and 66:
esearc researResearch SiCoMo Simula
Page 67 and 68:
esearc researResearch whether or no
Page 69 and 70:
esearc researResearch TAC Turbo-alg
Page 72 and 73:
Coding and the brain esearch resea
Page 74 and 75:
TCTE: Turbo CDMA and Turbo Equaliza
Page 76 and 77:
Page 78:
h Research 9 RESEARCH Publications
Page 82 and 83:
CAMA: Components for adaptable mobi
Page 84 and 85:
Page 86 and 87:
GERME: Management of ressources and
Page 88 and 89:
Page 90 and 91:
IAHP: Computing and High Performanc
Page 92 and 93:
Page 94 and 95:
IDEAL: Dynamic Engineering for netw
Page 96 and 97:
Page 98 and 99:
PRATIC: Network protocols and archi
Page 100 and 101:
Page 102 and 103:
SID: Innovative services for people
Page 104 and 105:
Page 106 and 107:
h Research 9 RESEARCH Challenge: Di
Page 108 and 109:
DECIDE: Decision aId and knowledge
Page 110 and 111:
Page 112 and 113:
GRAMAGICOM: The magical grammar of
Page 114 and 115:
Page 116 and 117:
IBAF: Engineering for banking insur
Page 118 and 119:
IMM: Intercultural multimedia esear
Page 120 and 121:
Page 122 and 123:
LEXMED: Content research in ICT, he
Page 124 and 125:
MICC-MAC : Interaction and cooperat
Page 126 and 127:
Page 128 and 129:
UT: Uses of ICT (Information and Co
Page 130 and 131: h Research 9 RESEARCH Main achievem
Page 132 and 133: h Research 9 RESEARCH Switzerland)
Page 134 and 135: h Research 9 RESEARCH Challenge: Me
Page 136 and 137: IEM: Interpretation for marine envi
Page 140 and 141: h Research 9 RESEARCH 2. Simulation
Page 142 and 143: TASM: Underwater Acoustic Communica
Page 146 and 147: TOI: Optical information processing
Page 150 and 151: TSP: Sound and speech processing es
Page 154 and 155: h Research 9 RESEARCH Challenge: Me
Page 156 and 157: LICIP: Free software, collaborative
Page 160 and 161: SCRIPTureS: Semantic composition an
Page 164 and 165: h Research 9 RESEARCH a needs analy
Page 166 and 167: h Research 9 RESEARCH resolution re
Page 168 and 169: h Research 9 RESEARCH Challenge: In
Page 170 and 171: LATIM: Laboratory For Medical Infor
Page 174 and 175: h Research 9 RESEARCH of images aim
Page 176 and 177: h Research 9 RESEARCH Challenge: IC
Page 178 and 179: SERES: Network and Information Syst
Page 182 and 183: h Research 9 RESEARCH Publications
Page 184 and 185: h Research 9 RESEARCH Challenge: IC
Page 186 and 187: SISE: Information systems for surve
Page 190 and 191: SME: Signals, sea and the environme
Page 194 and 195: h Research 9 RESEARCH Publications
Page 196 and 197: TIMEM: Information processing for m
Page 200: w w w . t e l e c o m - b r e t a g
show all

researResearch - TÃ©lÃ©com Bretagne

Create successful ePaper yourself

Delete template?

Save as template?