Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

On Applicability of Automated Planning for Incident Management

Incident management aims to save human lives, mitigate the effect of accidents, prevent damages, to mention a few of their benefits. Efficient coordination of rescue team members, allocation of available resources, and appropriate responses to the realtime unfolding of events is critical for managing incidents successfully. Coordination involves a series of decisions and event monitoring, usually made by human coordinators, for instance task definition, task assignment, risk assessment, etc. Each elementary decision can be described by a named action (e.g. boarding an ambulance, assigning a task). Taken as a whole, the team coordinating an incident response can be seen as a decision-making system. In this paper, we discuss how invaluable assistance can be brought to such a system using automated planning. In consultation with experts we have derived a set of requirements from which we provide a formal specification of the domain. Following the specification, we have developed a prototype domain model and evaluated it empirically. Here we present the results of this evaluation, along with several challenges (e.g uncertainty) that we have identifie

Analysis of Mobile Agents using Invariants of Object Nets

Mobility induces new challenges for dynamic systems, which need a new conceptional treatment: systems, that deal for example with mobile agents, need extended security concepts to handle the risks, induced by foreign, untrusted agents. In this contribution we use object nets to model mobile systems. Object nets are Petri nets which have Petri nets as tokens – an approach known as the nets-withinnets paradigm. Object nets are called elementary if the net system has a two levelled structure. In this work we apply structural analysis methods for object nets – namely place invariants – to a simple case study modelling mobile agents

Cooperating broadcast and cellular conditional access system for digital television

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.The lack of interoperability between Pay‐TV service providers and a horizontally integrated business transaction model have compromised the competition in the Pay‐TV market. In addition, the lack of interactivity with customers has resulted in high churn rate and improper security measures have contributed into considerable business loss. These issues are the main cause of high operational costs and subscription fees in the Pay‐TV systems. This paper presents a novel end‐to‐end system architecture for Pay‐TV systems cooperating mobile and broadcasting technologies. It provides a cost‐effective, scalable, dynamic and secure access control mechanism supporting converged services and new business opportunities in Pay‐TV systems. It enhances interactivity, security and potentially reduces customer attrition and operational cost. In this platform, service providers can effectively interact with their customers, personalise their services and adopt appropriate security measures. It breaks up the rigid relationship between a viewer and set‐top box as imposed by traditional conditional access systems, thus, a viewer can fully enjoy his entitlements via an arbitrary set‐top box. Having thoroughly considered state‐of‐the‐art technologies currently being used across the world, the thesis highlights novel use cases and presents the full design and implementation aspects of the system. The design section is enriched by providing possible security structures supported thereby. A business collaboration structure is proposed, followed by a reference model for implementing the system. Finally, the security architectures are analysed to propose the best architecture on the basis of security, complexity and set‐top box production cost criteria

Controlled Components for Internet of Things As-A-Service

In order to facilitate developers willing to create future Internet of Things (IoT) services incorporating the nonfunctional aspects, we introduce an approach and an environment based on controlled components. Our approach allows developers to design an IoT "as-a-service", to build the service composition and to manage it. This is important, because the IoT allows us to observe and understand the real world in order to have decision-making information to act on reality. It is important to make sure that all these components work according to their mission, i.e. their Quality of Service (QoS) contract. Our environment provides the modeling, generates Architecture Description Language (ADL) formats, and uses them in the implementation phase on an open-source platform