Policy-Driven Adaptive Protection Systems.

PhDThe increasing number and complexity of security attacks on IT infrastructure demands for the development of protection systems capable of dealing with the security challenges of today’s highly dynamic environments. Several converging trends including mobilisation, externalisation and collaboration, virtualisation, and cloud computing are challenging traditional silo approaches to providing security. IT security policies should be considered as being inherently dynamic and flexible enough to trigger decisions efficiently and effectively taking into account not only the current execution environment of a protection system and its runtime contextual factors, but also dynamically changing the security requirements introduced by external entities in the operational environment. This research is motivated by the increasing need for security systems capable of supporting security decisions in dynamic operational environments and advocates for a policy-driven adaptive security approach. The first main contribution of this thesis is to articulate the property of specialisation in adaptive software systems and propose a novel methodological framework for the realisation of policy-driven adaptive systems capable of specialisation via adaptive policy transformation. Furthermore, this thesis proposes three distinctive novel protection mechanisms, all three mechanisms exhibit adaptation via specialisation, but each one presenting its own research novelty in its respective field. They are: 1. A Secure Execution Context Enforcement based on Activity Detection; 2. Privacy and Security Requirements Enforcement Framework in Internet-Centric Services; 3. A Context-Aware Multifactor Authentication Scheme Based On Dynamic Pin. 3 Along with a comprehensive study of the state of the art in policy based adaptive systems and a comparative analysis of those against the main objectives of the framework this thesis proposes, these three protection mechanisms serve as a foundation and experimental work from which core characteristics, methods, components, and other elements are analysed in detail towards the investigation and the proposition of the methodological framework presented in this thesis

Engineering self-managed adaptive networks

In order to meet the requirements of emerging services, the future Internet will need to be flexible, reactive and adaptive with respect to arising network conditions. Network management functionality is essential in providing dynamic reactiveness and adaptability but current management approaches have limitations which prevent them from meeting these requirements. In search for a paradigm shift, recent research efforts have been focusing on autonomic/self-management principles, whereby network elements can adapt themselves to contextual changes without any external intervention through adaptive and flexible functionality. This thesis investigates how autonomic principles can be extended and applied to fixed networks for quality of service and performance management. It presents a novel resource management framework which enables intelligence to be introduced within the network in order to support self-management functionality in a coordinated and controllable manner. The proposed framework relies on a distributed infrastructure, called the management substrate, which is a logical structure formed by the ingress nodes of the network. The role of the substrate is illustrated on realistic resource management application scenarios for the emerging self-managed Internet. These cover solutions for dynamic traffic engineering (load balancing across multiple paths), energy efficiency and cache management in Internet Service Providers. The thesis addresses important research challenges associated with the proposed framework, such as the design of specific organisational, communication and coordination models required to support the different management control loops. Furthermore, it develops, for each application scenario, specific mechanisms to realise the relevant resource management functionality. It also considers issues related to the coexistence of multiple control loops and investigates an approach by which their interactions can be managed. In order to demonstrate the benefits of the proposed resource management solution, an extensive performance evaluation of the different mechanisms described in this thesis have been performed based on realistic traffic traces and network topologies