Top

Annals of Telecommunications

Published in:

06-11-2018

A situation-driven framework for dynamic security management

Authors: Romain Laborde, Arnaud Oglaza, Ahmad Samer Wazan, François Barrère, Abdelmalek Benzekri

Published in: Annals of Telecommunications | Issue 3-4/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

We present a dynamic security management framework where security policies are specified according to situations. Situation-based policies easily express complex dynamic security measures, are closer to business, and simplify the policy life cycle management. Situations are specified using complex event processing techniques. The framework is supported by a modular event–based infrastructure where a dedicated situation manager maintains active situations allowing the command center to take dynamic situation–based authorization and obligation decisions. The whole framework has been implemented and showed good performance by simulation. Finally, we detail two real experiments.

previous article Anonymous roaming authentication protocol for wireless network with backward unlinkability and natural revocation

next article Isolation in cloud computing infrastructures: new security challenges

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

http://www.espertech.com/esper/

https://github.com/wso2/balana

http://www.polestar.eu/

http://www.android-x86.org/

https://github.com/mobile-event-processing/Asper

Harkins M (2012) Managing risk and information security: protect to enable Apress

Laborde R, Oglaza A, Barrère F, Benzekri A (2017) dynsmaug: a dynamic security management framework driven by situations. In: Cyber Security in Networking Conference (CSNet), 2017. IEEE, pp 1–8

Agrawal D, Lee K-W, Lobo J (2005) Policy-based management of networked computing systems. IEEE Commun Mag 43(10):69–75CrossRef

Westerinen A, Strassner J, Scherling M, Quinn B, Herzog S, Huynh A, Carlson M, Perry J, Waldbusser S (2001) Terminology for policy-based management ietf rfc 3198

Chadwick D, Zhao G, Otenko S, Laborde R, Su L, Nguyen TA (2008) PERMIS: a modular authorization infrastructure. Concurrency and Computation: Practice and Experience 20(11):1341–1357CrossRef

Barrėre F, Benzekri A, Frasset F, Laborde R (2002) A multi-domain security policy distribution architecture for dynamic IP based VPN management. In: 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), pp 224–227

Lymberopoulos L, Lupu E, Sloman M (2003) An adaptive policy-based framework for network services management. J Netw Syst Manag 11(3):277–303CrossRef

Dey AK (2001) Understanding and using context. Pers Ubiquit Comput 5(1):4–7CrossRef

Barwise J, Perry J (1980) The situation underground. Stanford University Press, Stanford

10.

Endsley MR (1988) Design and evaluation for situation awareness enhancement. In: Proceedings of the human factors and ergonomics society annual meeting, vol 132, no 2. SAGE Publications, pp 97–101

11.

Adi A, Etzion O (2004) Amit - the situation manager. The VLDB Journal—The International Journal on Very Large Data Bases 13(2):177–203CrossRefMATH

12.

Luckham D (2008) The power of events: an introduction to complex event processing in distributed enterprise systems. In: Workshop on Rules and Rule Markup Languages for the Semantic Web. Springer, p 3

13.

OASIS (2013) eXtensible access control markup language (XACML) Version 3.0, Tech. Rep. [Online]. Available: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-en.pdf

14.

Hu VC, Ferraiolo D, Kuhn R, Schnitzer A, Sandlin K, Miller R, Scarfone K (2016) Guide to attribute based access control (ABAC) definition and considerations, NIST, Tech. Rep. SP 800–162

15.

Laborde R, Barrère F, Benzekri A (2013) Toward authorization as a service: a study of the xacml standard. In: Proceedings of the 16th Communications & Networking Symposium. SCS, p 9

16.

Oglaza A, Laborde R, Zaraté P (2013) Authorization policies: using decision support system for context-aware protection of user’s private data. In: International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, pp 1639–1644

17.

Giambiagi P, Nair SK, Brossard D (2015) Abbreviated language for authorization Version 1.0. [Online]. Available: https://www.oasis-open.org/committees/download.php/55228/alfa-for-xacml-v1.0-wd01.doc

18.

Bonatti P, Galdi C, Torres D (2015) Event-driven RBAC. J Comput Secur 23(6):709–757CrossRef

19.

Son J, Kim J-D, Na H-S, Baik D-K (2015) CBDAC: context-based dynamic access control model using intuitive 5w1h for ubiquitous sensor network, International Journal of Distributed Sensor Networks

20.

Kim Y-G, Lim J (2007) Dynamic activation of role on RBAC for ubiquitous applications. In: 2007 International Conference on Convergence Information Technology. IEEE, pp 1148–1153

21.

Yau SS, Yao Y, Banga V (2005) Situation-aware access control for service-oriented autonomous decentralized systems. In: Autonomous Decentralized Systems, 2005. ISADS 2005, Proceedings. IEEE, pp 17–24

22.

Kayes ASM, Han J, Colman A (2015) An ontological framework for situation-aware access control of software services. Inf Syst 53:253–277CrossRef

23.

Kabbani B, Laborde R, Barrere F, Benzekri A (2014) Specification and enforcement of dynamic authorization policies oriented by situations. In: 2014 6th International Conference on New Technologies Mobility and Security (NTMS). IEEE, pp 1–6

24.

Kabbani B, Laborde R, Barrère F, Benzekri A (2014) Managing Break-The-Glass using Situation-oriented authorizations. In: 9ème conférence sur la sécurité des Architectures réseaux et systèmes d’Information-SAR-SSI 2014

25.

Marie P, Desprats T, Chabridon S, Sibilla M, Taconet C (2015) From ambient sensing to iot-based context computing: an open framework for end to end qoc management. Sensors 15(6):14180–14206CrossRef

Title: A situation-driven framework for dynamic security management
Authors: Romain Laborde
Arnaud Oglaza
Ahmad Samer Wazan
François Barrère
Abdelmalek Benzekri
Publication date: 06-11-2018
Publisher: Springer International Publishing
Published in: Annals of Telecommunications / Issue 3-4/2019
Print ISSN: 0003-4347
Electronic ISSN: 1958-9395
DOI: https://doi.org/10.1007/s12243-018-0673-0

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3-4/2019

Isolation in cloud computing infrastructures: new security challenges

Additively homomorphic encryption and fragmentation scheme for data aggregation inside unattended wireless sensor networks

A high gain S-band slot antenna with MSS for CubeSat

Cybersecurity in networking

Anonymous roaming authentication protocol for wireless network with backward unlinkability and natural revocation

Cache nFace: a simple countermeasure for the producer-consumer collusion attack in Named Data Networking