Multi-device application middleware: leveraging the ubiquity of the Web with webinos

The broad range of connected devices has turned the Internet into a ubiquitous concept. In addition to desktop and laptop PCs, the Internet currently connects mobile devices, home entertainment systems, and even in-car units. From this ubiquitous evolution towards sensor-rich devices, the opportunity arises for various new types of innovative software application. However, alongside rises the issue of managing the increasing diversity of device characteristics and capabilities. As device fragmentation grows, application developers are facing the need to cover a wider variety of target devices and usage scenarios. In result, maintaining a viable balance between development costs and market coverage has turned out to be an important challenge when developing applications for a ubiquitous ecosystem. In this article, we present the webinos platform, a distributed Web runtime platform that leverages the Web for supporting self-adaptive cross-device applications. In order to enable the development of such immersive ubiquitous applications, we introduce and evaluate the concept of a context-aware federated overlay architecture

IaaS-cloud security enhancement: an intelligent attribute-based access control model and implementation

The cloud computing paradigm introduces an efficient utilisation of huge computing resources by multiple users with minimal expense and deployment effort compared to traditional computing facilities. Although cloud computing has incredible benefits, some governments and enterprises remain hesitant to transfer their computing technology to the cloud as a consequence of the associated security challenges. Security is, therefore, a significant factor in cloud computing adoption. Cloud services consist of three layers: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Cloud computing services are accessed through network connections and utilised by multi-users who can share the resources through virtualisation technology. Accordingly, an efficient access control system is crucial to prevent unauthorised access. This thesis mainly investigates the IaaS security enhancement from an access control point of view. [Continues.

Security Management System for 4G Heterogeneous Networks

There is constant demand for the development of mobile networks to meet the service requirements of users, and their development is a significant topic of research. The current fourth generation (4G) of mobile networks are expected to provide high speed connections anywhere at any time. Various existing 4G architectures such as LTE and WiMax support only wireless technologies, while an alternative architecture, Y-Comm, has been proposed to combine both existing wired and wireless networks. Y-Comm seeks to meet the main service requirements of 4G by converging the existing networks, so that the user can get better service anywhere and at any time. One of the major characteristics of Y-Comm is heterogeneity, which means that networks with different topologies work together to provide seamless communication to the end user. However, this heterogeneity leads to technical issues which may compromise quality of service, vertical handover and security. Due to the convergence characteristic of Y-Comm, security is considered more significant than in the existing LTE and WiMax networks. These security concerns have motivated this research study to propose a novel security management system. The research aims to meet the security requirements of 4G mobile networks, e.g. preventing end user devices from being used as attack tools. This requirement has not been met clearly in previous studies of Y-Comm, but this study proposes a security management system which does this. This research follows the ITU-T recommendation M.3400 dealing with security violations within Y-Comm networks. It proposes a policy-based security management system to deal with events that trigger actions in the system and uses Ponder2 to implement it. The proposed system, located in the top layer of the Y-Comm architecture, interacts with components of Y-Comm to enforce the appropriate policies. Its four main components are the Intelligent Agent, the Security Engine, the Security Policies Database and the Security Administrator. These are represented in this research as managed objects to meet design considerations such as extensibility and modifiability. This research demonstrates that the proposed system meets the security requirements of the Y-Comm environment. Its deployment is possible with managed objects built with Ponder2 for all of the components of Y-Comm, which means that the security management system is able to prevent end user devices from being used as attack tools. It can also achieve other security goals of Y-Comm networks

Smart object-oriented access control: Distributed access control for the Internet of Things

Ensuring that data and devices are secure is of critical importance to information technology. While access control has held a key role in traditional computer security, its role in the evolving Internet of Things is less clear. In particular, the access control literature has suggested that new challenges, such as multi-user controls, fine-grained controls, and dynamic controls, prompt a foundational re-thinking of access control. We analyse these challenges, finding instead that the main foundational challenge posed by the Internet of Things involves decentralization: accurately describing access control in Internet of Things environments (e.g., the Smart Home) requires a new model of multiple, independent access control systems. To address this challenge, we propose a meta-model (i.e., a model of models): Smart Object-Oriented Access Control (SOOAC). This model is an extension of the XACML framework, built from principles relating to modularity adapted from object-oriented programming and design. SOOAC draws attention to a new class of problem involving the resolution of policy conflicts that emerge from the interaction of smart devices in the home. Contrary to traditional (local) policy conflicts, these global policy conflicts emerge when contradictory policies exist across multiple access control systems. We give a running example of a global policy conflict involving transitive access. To automatically avoid global policy conflicts before they arise, we extend SOOAC with a recursive algorithm through which devices communicate access requests before allowing or denying access themselves. This algorithm ensures that both individual devices and the collective smart home are secure. We implement SOOAC within a prototype smart home and assess its validity in terms of effectiveness and efficiency. Our analysis shows that SOOAC is successful at avoiding policy conflicts before they emerge, in real time. Finally, we explore improvements that can be made to SOOAC and suggest directions for future work

Konfigurationsvalidierung und Entwurfsoptimierung von Speichernetzen

Storage Area Networks (SANs) connect groups of storage devices to servers over fast interconnects, so that storage resources can be pooled and assigned to applications in a flexible and scalable way. An important challenge lies in managing the complexity of the resulting massive SAN configurations. Policy-based validation has been proposed earlier as a solution to this configuration problem. We propose a light-weight, SQL-based solution that uses existing well-known technologies to implement such a validation system. Our approach is based on a relational database which stores conguration data extracted from the system via a WBEM standard interface. In contrast to other approaches, we use SQL to define our policy rules as executable checks on these configuration data. Another problem that is caused by the high complexity of a SAN is to find an optimal SAN design. Human SAN experts usually build a SAN topology following some rules of thumb. These rules lead often to a reliable SAN, but they do not necessarily minimize the total cost of the network, or provide a better topology to meet the Service Level Agreements (SLAs). In this dissertation, we also consider the problem of designing a SAN in an optimal way, while additionally taking a number of SLAs into account. First, we give an algorithm for assigning storage devices to applications running on the SAN's hosts. This algorithm tries to balance the workload as evenly as possible over all storage devices. Our second algorithm takes these assignments and computes the interconnections (data paths) that are necessary to achieve the desired configuration while respecting redundancy (safety) requirements in the SLAs. Again, this algorithm tries to balance the workload of all connections and devices. Thus, our network configurations respect all SLAs and provide flexibility for future changes by avoiding bottlenecks on storage devices or switches. We also discuss integrating our solution with the open source SAN management software Aperi.Die Speichernetze (Storage Area Networks - SANs) verbinden Gruppen von Speichergeräten zu den Servern über schnelle Verbindungsgeräte mit Hilfe der Protokolle wie Fibre Channel oder iSCSI, sodass Speicherressourcen den Servern in einer flexiblen und skalierbaren Weise zugeordnet werden können. Eine wichtige Herausforderung ist die Beherrschung der Komplexität der SAN-Konfiguration, die auf die hohe Skalierbarkeit des Netzes und auf die Zusammenschaltung der vielfältigen Geräte zurückzuführen ist. Policy-basierte Validierung wurde früher als eine Lösung für dieses Konfigurationsproblem vorgeschlagen. Mit SANchk wird eine leichtgewichtige SQL-basierte Lösung, in der vorhandene gutbekannte Technologien verwendet werden, vorgeschlagen, um ein solches System zu implementieren. Der Ansatz von SANchk basiert auf einer relationalen Datenbank, die die Konfigurationsdaten, die dem System durch eine WBEM-Standard-Schnittstelle entnommen worden sind, beinhaltet. Im Unterschied zu anderen Ansätzen benutzt SANchk SQL um Policy-Regeln and ausführbare Tests auf diese Konfigurationsdaten zu definieren. Ein anderes Problem, das von der hohen Komplexität eines SANs verursacht wird, ist die Frage nach einem optimalen SAN-Entwurf. Menschliche SAN-Experten bilden eine SAN-Topologie meistens durch die Verwendung von Daumenregeln. Diese Regeln führen oft zu einem zuverlässigen SAN, aber sie minimieren nicht nötigerweise die totale Kosten des Netzwerks oder bieten eine bessere Topologie um die Service Level Agreements (SLAs) zu tre#en. In dieser Dissertation betrachten wir auch das Problem des optimalen SAN-Entwurfs hinsichtlich der SLAs. Erst dedefinieren wir einen Algorithmus für die Zuweisung der Speichergeräte zu den Anwendungen auf den SAN-Hosts. Dieser Algorithmus versucht die Auslastung der Speichergeräte möglichst anzugleichen. Unserer zweite Algorithmus nimmt diese Zuweisungen ein und berechnet die Datenpfade, die nötig sind, um die gewünschte Konfiguration zu erreichen, unter der Berücksichtigung der Redundanzanforderungen. Auch dieser Algorithmus versucht die Auslastungen aller Verbindungen und Geräte anzugleichen. Folglich, unsere Netzwerkkonfigurationen respektieren alle SLAs und bieten Flexibilität für zukünftige Änderungen durch die Vermeidung der Engpässe an den Speichergeräten oder Switches. Wir erörtern auch die Integration unserer Lösung in die open-source SAN-Management-Software Aperi

Steps towards adaptive situation and context-aware access: a contribution to the extension of access control mechanisms within pervasive information systems

L'évolution des systèmes pervasives a ouvert de nouveaux horizons aux systèmes d'information classiques qui ont intégré des nouvelles technologies et des services qui assurent la transparence d'accès aux resources d'information à n'importe quand, n'importe où et n'importe comment. En même temps, cette évolution a relevé des nouveaux défis à la sécurité de données et à la modélisation du contrôle d'accès. Afin de confronter ces challenges, differents travaux de recherche se sont dirigés vers l'extension des modèles de contrôles d'accès (en particulier le modèle RBAC) afin de prendre en compte la sensibilité au contexte dans le processus de prise de décision. Mais la liaison d'une décision d'accès aux contraintes contextuelles dynamiques d'un utilisateur mobile va non seulement ajouter plus de complexité au processus de prise de décision mais pourra aussi augmenter les possibilités de refus d'accès. Sachant que l'accessibilité est un élément clé dans les systèmes pervasifs et prenant en compte l'importance d'assurer l'accéssibilité en situations du temps réel, nombreux travaux de recherche ont proposé d'appliquer des mécanismes flexibles de contrôle d'accès avec des solutions parfois extrêmes qui depassent les frontières de sécurité telle que l'option de "Bris-de-Glace". Dans cette thèse, nous introduisons une solution modérée qui se positionne entre la rigidité des modèles de contrôle d'accès et la flexibilité qui expose des risques appliquées pendant des situations du temps réel. Notre contribution comprend deux volets : au niveau de conception, nous proposons PS-RBAC - un modèle RBAC sensible au contexte et à la situation. Le modèle réalise des attributions des permissions adaptatives et de solution de rechange à base de prise de décision basée sur la similarité face à une situation importanteÀ la phase d'exécution, nous introduisons PSQRS - un système de réécriture des requêtes sensible au contexte et à la situation et qui confronte les refus d'accès en reformulant la requête XACML de l'utilisateur et en lui proposant une liste des resources alternatives similaires qu'il peut accéder. L'objectif est de fournir un niveau de sécurité adaptative qui répond aux besoins de l'utilisateur tout en prenant en compte son rôle, ses contraintes contextuelles (localisation, réseau, dispositif, etc.) et sa situation. Notre proposition a été validé dans trois domaines d'application qui sont riches des contextes pervasifs et des scénarii du temps réel: (i) les Équipes Mobiles Gériatriques, (ii) les systèmes avioniques et (iii) les systèmes de vidéo surveillance.The evolution of pervasive computing has opened new horizons to classical information systems by integrating new technologies and services that enable seamless access to information sources at anytime, anyhow and anywhere. Meanwhile this evolution has opened new threats to information security and new challenges to access control modeling. In order to meet these challenges, many research works went towards extending traditional access control models (especially the RBAC model) in order to add context awareness within the decision-making process. Meanwhile, tying access decisions to the dynamic contextual constraints of mobile users would not only add more complexity to decision-making but could also increase the possibilities of access denial. Knowing that accessibility is a key feature for pervasive systems and taking into account the importance of providing access within real-time situations, many research works have proposed applying flexible access control mechanisms with sometimes extreme solutions that depass security boundaries such as the Break-Glass option. In this thesis, we introduce a moderate solution that stands between the rigidity of access control models and the riskful flexibility applied during real-time situations. Our contribution is twofold: on the design phase, we propose PS-RBAC - a Pervasive Situation-aware RBAC model that realizes adaptive permission assignments and alternative-based decision-making based on similarity when facing an important situation. On the implementation phase, we introduce PSQRS - a Pervasive Situation-aware Query Rewriting System architecture that confronts access denials by reformulating the user's XACML access request and proposing to him a list of alternative similar solutions that he can access. The objective is to provide a level of adaptive security that would meet the user needs while taking into consideration his role, contextual constraints (location, network, device, etc.) and his situation. Our proposal has been validated in three application domains that are rich in pervasive contexts and real-time scenarios: (i) Mobile Geriatric Teams, (ii) Avionic Systems and (iii) Video Surveillance Systems

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers