Context-aware access control in ubiquitous computing (CRAAC)

Ubiquitous computing (UbiComp) envisions a new computing environment, where computing devices and related technology are widespread (i.e. everywhere) and services are provided at anytime. The technology is embedded discreetly in the environment to raise users' awareness. UbiComp environments support the proliferation of heterogeneous devices such as embedded computing devices, personal digital assistants (PDAs), wearable computers, mobile phones, laptops, office desktops (PCs), and hardware sensors. These devices may be interconnected by common networks (e.g. wired, wireless), and may have different levels of capabilities (i.e. computational power, storage, power consumption, etc). They are seamlessly integrated and interoperated to provide smart services (i.e. adaptive services). A UbiComp environment provides smart services to users based on the users' and/or system's current contexts. It provides the services to users unobtrusively and in turn the user's interactions with the environment should be as non-intrusive and as transparent as possible. Access to such smart services and devices must be controlled by an effective access control system that adapts its decisions based on the changes in the surrounding contextual information. This thesis aims at designing an adaptive fine-grained access control solution that seamlessly fits into UbiComp environments. The solution should be flexible in supporting the use of different contextual information and efficient, in terms of access delays, in controlling access to resources with divergent levels of sensitivity. The main contribution of this thesis is the proposal of the Context-Risk-Aware Access Control (CRAAC) model. CRAAC achieves fine-grained access control based upon the risk level in the underlying access environment and/or the sensitivity level of the requested resource object. CRAAC makes new contributions to the access control field, those include 1) introducing the concept of level of assurance based access control, 2) providing a method to convert the contextual attributes values into the corresponding level of assurance, 3) Proposing two methods to aggregate the set of level of assurance into one requester level of assurance, 4) supporting four modes of working each suits a different application context and/or access control requirements, 5) a comprehensive access control architecture that supports the CRAAC four modes of working, and 6) an evaluation of the CRAAC performance at runtime.EThOS - Electronic Theses Online Serviceral Centre and Educational BureauCairo UniversityGBUnited Kingdo

Self-management Framework for Mobile Autonomous Systems

The advent of mobile and ubiquitous systems has enabled the development of autonomous systems such as wireless-sensors for environmental data collection and teams of collaborating Unmanned Autonomous Vehicles (UAVs) used in missions unsuitable for humans. However, with these range of new application domains comes a new challenge – enabling self-management in mobile autonomous systems. The primary challenge in using autonomous systems for real-life missions is shifting the burden of management from humans to these systems themselves without loss of the ability to adapt to failures, changes in context, and changing user requirements. Autonomous systems have to be able to manage themselves individually as well as to form self-managing teams that are able to recover or adapt to failures, protect themselves from attacks and optimise performance. This thesis proposes a novel distributed policy-based framework that enables autonomous systems to perform self management individually and as a team. The framework allows missions to be specified in terms of roles in an adaptable and reusable way, enables dynamic and secure team formation with a utility-based approach for optimal role assignment, caters for communication link maintenance among team members and recovery from failure. Adaptive management is achieved by employing an architecture that uses policy-based techniques to allow dynamic modification of the management strategy relating to resources, role behaviour, team and communications management, without reloading the basic software within the system. Evaluation of the framework shows that it is scalable with respect to the number of roles, and consequently the number of autonomous systems participating in the mission. It is also shown to be optimal with respect to role assignments, and robust to intermittent communication link disconnections and permanent team-member failures. The prototype implementation was tested on mobile robots as a proof-ofconcept demonstration

Un cadre de spécification et de déploiement de politiques d'autorisation

Notre travail propose une méthodologie de conception et de développement d'un système d'autorisation adaptable aux différentes facettes que peut recouvrir le contrôle d'accès dans les organisations telles que l'hétérogénéité des pratiques organisationnelles, des technologies utilisées et des contextes à considérer. Pour y répondre, deux approches de gestion ont guidé nos études : le contrôle d'accès basé sur des attributs et la gestion à base de politiques. * Le contrôle d'accès basé sur des attributs permet de spécifier des permissions par rapport à toute caractéristique liée de la sécurité des utilisateurs, des actions, des ressources et de l'environnement. Cette approche répond aux problèmes liés à l'expressivité des langages de politiques d'autorisation. * La gestion à base de politiques, quant à elle, vise à permettre l'adaptabilité dynamique du comportement d'un système par le biais de politiques de gestion. Elle repose sur une architecture mettant en exergue deux entités : le Policy Decision Point (PDP) et le Policy Enforcement Point (PEP). Le PDP est une entité indépendante de l'élément géré, qui prend des décisions de gestion par rapport à une politique donnée. Le PEP fait l'interface entre le PDP et l'élément géré. Lorsqu'une requête est effectuée par un utilisateur sur une ressource, le PEP envoie une demande de décision au PDP et l'applique. Ce type d'architecture favorise l'intégration du système de gestion dans un environnement à gérer. Nous avons donc choisi le standard XACML comme technologie cible car il met en œuvre ces deux approches. Si d'un point de vue théorique XACML semble répondre aux problèmes d'adaptabilité, les systèmes conçus selon ce standard aujourd'hui sont limités à une situation donnée. En effet, un système XACML développé pour des besoins et un environnement technologique donnés ne peut pas être facilement réutilisé dans un autre contexte. Il est donc nécessaire de définir une méthodologie de conception et de développement pour rendre un tel système d'autorisation adaptable dans la pratique. Notre approche consiste à définir un système d'autorisation minimal qui puisse être facilement étendu pour des besoins spécifiques et contextuels (e.g. capacité d'expression et de mise en œuvre de politiques incluant des contraintes complexes, adaptation à un environnement technologique particulier, etc). Ceci amène les questions suivantes : • Quelles extensions doivent être apportées au système d'autorisation minimal ? Est-il possible de réutiliser des extensions pour différentes situations données ? Par exemple, le nombre de technologies utilisées pour stocker les accréditations des utilisateurs est limité (e.g. LDAP, MySQL, Active Directory). Cependant, les accréditations ainsi que la structuration de ces données d'accréditation peuvent différer d'une organisation à une autre. • Comment gérer le cycle de vie des extensions dans le système d'autorisation ? En effet, il existe un lien fort entre l'utilisation d'une extension et les besoins exprimés dans une politique d'autorisation. Par exemple, l'existence dans le système d'autorisation d'une extension permettant de récupérer le rôle de l'utilisateur dans une base de données MySQL n'est nécessaire que si le système d'autorisation doit évaluer au moins une politique incluant des contraintes sur le rôle des utilisateurs. Dans le cas contraire, cette extension n'a pas lieu d'être présente dans le système d'autorisation minimal. De la même manière, si une politique incluant des contraintes sur les rôles des utilisateurs est chargée dans le système d'autorisation, l'extension associée doit être rajoutée. En nous basant sur les différents travaux issus du domaine du génie logiciel liés au concept d'adaptabilité, nous avons défini les besoins d'adaptation des systèmes d'autorisation. Ce travail nous a permis de déterminer une classification des extensions par rapport aux besoins d'adaptabilité des systèmes d'autorisation de type XACML. Nous avons aussi proposé une méthode permettant de faciliter la création d'extensions et favorisant leur réutilisabilité. Enfin, nous avons traité le problème de gestion du cycle de vie des extensions dans le système d'autorisation en proposant le concept de " politique auto-contenue ". Une politique auto-contenue comprend les règles d'autorisation ainsi que toute information nécessaire au système d'autorisation pour qu'il l'interprète et qu'il l'exécute (i.e., les extensions et leurs configurations). Nous avons décrit une architecture pour spécifier et déployer des politiques auto-contenues en utilisant l'approche composants orientés-services. Notre architecture est flexible et dynamiquement adaptable. Nous l'avons implémentée en utilisant le cadriciel OSGi afin de valider notre travail à la fois en termes de faisabilité mais aussi de performance. De plus, nous avons réalisé un éditeur de politique auto-contenue qui facilite l'écriture des règles d'autorisation ainsi que la configuration des extensions utilisées.Our work proposes a methodology for the conception and the development of an adaptable authorization system that can cover the requirements of access control in organizations such as the heterogeneity of organizational practices, the technologies used and the contexts to consider. To answer, two approaches of management have guided our study: the attribute based access control and the policy based management. * The attribute based access control permits to specify permissions related to any security characteristics of users, actions, resources and environment. This approach addresses the problems related to the expressivity of languages of authorization policies. * The policy based management, for its part, aims to enable the dynamic adaptability behavior of the system through the management of policies. Roughly, the architecture supporting this approach consists of two main entities: a policy decision point (PDP), and a policy enforcement point (PEP). The PDP is independent of the managed element, which interprets the policy and takes management decisions based on it. The PEP is the interface between the PDP and the managed element. It compels the managed system to execute the management decisions taken by the PDP. This architecture supports the integration of the management system in a managed environment. Therefore, we have chosen the standard XACML as a target technology because it supports both approaches. If in a theoretical point of view, XACML seems to address the issues of adaptability. However, systems designed according to this standard are limited to a given situation. In fact, a developed XACML system that satisfies the given requirements and a particular technological environment cannot be easily reused in another context. Therefore, it is necessary to define a methodology in order to render such authorization system adaptable in practice. Our approach is to define a minimal authorization system (i.e. a core that only supports the standard XACML) that can be easily extended for specific requirements in a given situation (ex., the ability to express and implement policies including complex constraints, adaptation to a particular technological environment, etc.). This raises the following questions: * What extensions that should be imported to the minimal authorization system? Is it possible to reuse the extensions for different situations? For example, the number of technologies used to store the user credentials is limited (ex., LDAP, MySQL, Active Directory). However, the user credentials and the structuring of the data of user credentials may differ from one organization to another. * How to manage the lifecycle of the extensions in the authorization system ? In fact, there is a strong link between the use of an extension and the requirements expressed in an authorization policy. For example, the existence in the authorization system of an extension to retrieve the role of the user in a MySQL database is required only if the authorization system must evaluate at least one policy that includes constraints on the role of users. Otherwise, this extension does not happen to be present in the minimal authorization system. Similarly, if a policy including constraints on user roles is loaded into the authorization system, the associated extension must be added also. Based on the various studies from the field of software engineering related to the concept of adaptability, we have identified the requirements of adaptation of authorization systems. This work allows us to determine a classification of extensions according to the requirements of adaptability in authorization systems of type XACML. We have also proposed a methodology to facilitate the creation of extensions and promoting their reusability in the authorization system. Finally, we have addressed the problem of managing the lifecycle of the extensions in the authorization system by proposing the concept of "self-contained policy". A self-contained policy includes the authorization rules and any necessary information in order the authorization system interprets and runs it (i.e., the extensions and their configurations). Also, we have described the architecture for specifying and deploying self-contained policies using the approach components-oriented services. Our architecture is flexible and dynamically adaptable. We have implemented it using the OSGi framework in order to validate our work in both terms of feasibility, and performance. In addition, we have conducted a self-contained policy editor that facilitates the writing of authorization rules and the configuration of the used extensions

Pervasive service discovery in low-power and lossy networks

Pervasive Service Discovery (SD) in Low-power and Lossy Networks (LLNs) is expected to play a major role in realising the Internet of Things (IoT) vision. Such a vision aims to expand the current Internet to interconnect billions of miniature smart objects that sense and act on our surroundings in a way that will revolutionise the future. The pervasiveness and heterogeneity of such low-power devices requires robust, automatic, interoperable and scalable deployment and operability solutions. At the same time, the limitations of such constrained devices impose strict challenges regarding complexity, energy consumption, time-efficiency and mobility. This research contributes new lightweight solutions to facilitate automatic deployment and operability of LLNs. It mainly tackles the aforementioned challenges through the proposition of novel component-based, automatic and efficient SD solutions that ensure extensibility and adaptability to various LLN environments. Building upon such architecture, a first fully-distributed, hybrid pushpull SD solution dubbed EADP (Extensible Adaptable Discovery Protocol) is proposed based on the well-known Trickle algorithm. Motivated by EADPs’ achievements, new methods to optimise Trickle are introduced. Such methods allow Trickle to encompass a wide range of algorithms and extend its usage to new application domains. One of the new applications is concretized in the TrickleSD protocol aiming to build automatic, reliable, scalable, and time-efficient SD. To optimise the energy efficiency of TrickleSD, two mechanisms improving broadcast communication in LLNs are proposed. Finally, interoperable standards-based SD in the IoT is demonstrated, and methods combining zero-configuration operations with infrastructure-based solutions are proposed. Experimental evaluations of the above contributions reveal that it is possible to achieve automatic, cost-effective, time-efficient, lightweight, and interoperable SD in LLNs. These achievements open novel perspectives for zero-configuration capabilities in the IoT and promise to bring the ‘things’ to all people everywhere

Managing Identity Management Systems

Although many identity management systems have been proposed, in- tended to improve the security and usability of user authentication, major adoption problems remain. In this thesis we propose a range of novel schemes to address issues acting as barriers to adoption, namely the lack of interoper- ation between systems, simple adoption strategies, and user security within such systems. To enable interoperation, a client-based model is proposed supporting in- terworking between identity management systems. Information Card systems (e.g. CardSpace) are enhanced to enable a user to obtain a security token from an identity provider not supporting Information Cards; such a token, after en- capsulation at the client, can be processed by an Information Card-enabled relying party. The approach involves supporting interoperation at the client, while maximising transparency to identity providers, relying parties and iden- tity selectors. Four specific schemes conforming to the model are described, each of which has been prototyped. These schemes enable interoperation be- tween an Information Card-enabled relying party and an identity provider supporting one of Liberty, Shibboleth, OpenID, or OAuth. To facilitate adoption, novel schemes are proposed that enable Informa- tion Card systems to support password management and single sign on. The schemes do not require any changes to websites, and provide a simple, intu- itive user experience through use of the identity selector interface. They fa- miliarise users with Information Card systems, thereby potentially facilitating their future adoption. To improve user security, an enhancement to Information Card system user authentication is proposed. During user authentication, a one-time pass- word is sent to the user's mobile device which is then entered into the com- puter by the user. Finally, a universal identity management tool is proposed, designed to support a wide range of systems using a single user interface. It provides a consistent user experience, addresses a range of security issues (e.g. phishing), and provides greater user control during authentication.EThOS - Electronic Theses Online ServiceGBUnited Kingdo