Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

Model-Driven Development of Control Applications: On Modeling Tools, Simulations and Safety

Control systems are required in various industrial applications varying from individual machines to manufacturing plants and enterprises. Software applications have an important role as an implementation technology in such systems, which can be based on Distributed Control System (DCS) or Programmable Control System (PLC) platforms, for example. Control applications are computer programs that, with control system hardware, perform control tasks. Control applications are efficient and flexible by nature; however, their development is a complex task that requires the collaboration of experts and information from various domains of expertise.This thesis studies the use of Model-Driven Development (MDD) techniques in control application development. MDD is a software development methodology in which models are used as primary engineering artefacts and processed with both manual work and automated model transformations. The objective of the thesis is to explore whether or not control application development can benefit from MDD and selected technologies enabled by it. The research methodology followed in the thesis is the constructive approach of design science.To answer the research questions, tools are developed for modeling and developing control applications using UML Automation Profile (UML AP) in a model-driven development process. The modeling approach is developed based on open source tools on Eclipse platform. In the approach, modeling concepts are kept extendable. Models can be processed with model transformation techniques that plug in to the tool. The approach takes into account domain requirements related to, for example, re-use of design. According to assessment of industrial applicability of the approach and tools as part of it, they could be used for developing industrial DCS based control applications.Simulation approaches that can be used in conjunction to model-driven development of control applications are presented and compared. Development of a model-in-the-loop simulation support is rationalized to enable the use of simulations early while taking into account the special characteristics of the domain. A simulator integration is developed that transforms UML AP control application models to Modelica Modeling Language (ModelicaML) models, thus enabling closed-loop simulations with ModelicaML models of plants to be controlled. The simulation approach is applied successfully in simulations of machinery applications and process industry processes.Model-driven development of safety applications, which are parts of safety systems, would require taking into account safety standard requirements related to modeling techniques and documentation, for example. Related to this aspect, the thesis focuses on extending the information content of models with aspects that are required for safety applications. The modeling of hazards and their associated risks is supported with fault tree notation. The risk and hazard information is integrated into the development process in order to improve traceability. Automated functions enable generating documentation and performing consistency checks related to the use of standard solutions, for example. When applicable, techniques and notations, such as logic diagrams, have been chosen so that they are intuitive to developers but also comply with recommendations of safety standards

Workflow technology for complex socio-technical systems

Thèse numérisée par la Direction des bibliothèques de l'Université de Montréal