Automated Runtime Risk Management for Voice over IP Networks and Services

International audienceVoice over IP (VoIP) has become a major paradigm for providing telephony services at a lower cost and with a higher flexibility. VoIP infrastructures are however exposed to multiple security issues both inherited from the IP layer and specific to the application layer. In the meantime, protection mechanisms are available but may seriously impact on the continuity and quality of such critical services. We propose in this paper an automated risk management schema for continuously adapting VoIP equipment exposure by activating security safeguards in a dynamic and progressive manner. We describe the architecture supporting our solution, the considered risk model taking into account VoIP properties and the algorithms for restricting and relaxing the risk level of the VoIP service at runtime. The benefits and limits of our solution are evaluated through an implementation prototype and an extensive set of experimental results in the case scenario of SPIT attacks

Network-based business process management: embedding business logic in communications networks

Advanced Business Process Management (BPM) tools enable the decomposition of previously integrated and often ill-defined processes into re-usable process modules. These process modules can subsequently be distributed on the Internet over a variety of many different actors, each with their own specialization and economies-of-scale. The economic benefits of process specialization can be huge. However, how should such actors in a business network find, select, and control, the best partner for what part of the business process, in such a way that the best result is achieved? This particular management challenge requires more advanced techniques and tools in the enabling communications networks. An approach has been developed to embed business logic into the communications networks in order to optimize the allocation of business resources from a network point of view. Initial experimental results have been encouraging while at the same time demonstrating the need for more robust techniques in a future of massively distributed business processes.active networks;business process management;business protocols;embedded business logic;genetic algorithms;internet distributed process management;payment systems;programmable networks;resource optimization

Managing Risks at Runtime in VoIP Networks and Services

International audienceIP telephony is less confined than traditional PSTN telephony. As a consequence, it is more exposed to security attacks. These attacks are specific to VoIP protocols such as SPIT, or are inherited from the IP layer such as ARP poisoning. Protection mechanisms are often available, but they may seriously impact on the quality of service of such critical environments. We propose to exploit and automate risk management methods and techniques for VoIP infrastructures. Our objective is to dynamically adapt the exposure of a VoIP network with regard to the attack potentiality while minimizing the impact for the service. This paper describes the challenges of risk management for VoIP, our runtime strategy for assessing and treating risks, preliminary results based on Monte-Carlo simulations and future work

Mobihealth: mobile health services based on body area networks

In this chapter we describe the concept of MobiHealth and the approach developed during the MobiHealth project (MobiHealth, 2002). The concept was to bring together the technologies of Body Area Networks (BANs), wireless broadband communications and wearable medical devices to provide mobile healthcare services for patients and health professionals. These technologies enable remote patient care services such as management of chronic conditions and detection of health emergencies. Because the patient is free to move anywhere whilst wearing the MobiHealth BAN, patient mobility is maximised. The vision is that patients can enjoy enhanced freedom and quality of life through avoidance or reduction of hospital stays. For the health services it means that pressure on overstretched hospital services can be alleviated

Network-based business process management: embedding business logic in communications networks

Advanced Business Process Management (BPM) tools enable the decomposition of previously integrated and often ill-defined processes into re-usable process modules. These process modules can subsequently be distributed on the Internet over a variety of many different actors, each with their own specialization and economies-of-scale. The economic benefits of process specialization can be huge. However, how should such actors in a business network find, select, and control, the best partner for what part of the business process, in such a way that the best result is achieved? This particular management challenge requires more advanced techniques and tools in the enabling communications networks. An approach has been developed to embed business logic into the communications networks in order to optimize the allocation of business resources from a network point of view. Initial experimental results have been encouraging while at the same time demonstrating the need for more robust techniques in a future of massively distributed business processes

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability