1,784 research outputs found
Enforcing Security and Assurance Properties in Cloud Environment
International audienceBefore deploying their infrastructure (resources, data, communications, ...) on a Cloud computing platform, companies want to be sure that it will be properly secured. At deployment time, the company provides a security policy describing its security requirements through a set of properties. Once its infrastructure deployed, the company want to be assured that this policy is applied and enforced. But describing and enforcing security properties and getting strong evidences of it is a complex task. To address this issue, in [1], we have proposed a language that can be used to express both security and assurance properties on distributed resources. Then, we have shown how these global properties can be cut into a set of properties to be enforced locally. In this paper, we show how these local properties can be used to automatically configure security mechanisms. Our language is context-based which allows it to be easily adapted to any resource naming systems e.g., Linux and Android (with SELinux) or PostgreSQL. Moreover, by abstracting low-level functionalities (e.g., deny write to a file) through capabilities, our language remains independent from the security mechanisms. These capabilities can then be combined into security and assurance properties in order to provide high-level functionalities, such as confidentiality or integrity. Furthermore, we propose a global architecture that receives these properties and automatically configures the security and assurance mechanisms accordingly. Finally, we express the security and assurance policies of an industrial environment for a commercialized product and show how its security is enforced
Policy-based management for body-sensor networks
Accepted versio
CyberGuarder: a virtualization security assurance architecture for green cloud computing
Cloud Computing, Green Computing, Virtualization, Virtual Security Appliance, Security Isolation
A Generic Framework for the Engineering of Self-Adaptive and Self-Organising Systems
This paper provides a unifying view for the engineering of
self-adaptive (SA) and self-organising (SO) systems. We first
identify requirements for designing and building trustworthy
self-adaptive and self-organising systems. Second, we propose a
generic framework combining design-time and run-time features,
which permit the definition and analysis at design-time of
mechanisms that both ensure and constrain the run-time behaviour of
an SA or SO system, thereby providing some assurance of its self-*
capabilities. We show how this framework applies to both an SA
and an SO system, and discuss several current proof-of-concept
studies on the enabling technologies
Supporting Management lnteraction and Composition of Self-Managed Cells
Management in ubiquitous systems cannot rely on human intervention or centralised
decision-making functions because systems are complex and devices
are inherently mobile and cannot refer to centralised management applications
for reconfiguration and adaptation directives. Management must be devolved,
based on local decision-making and feedback control-loops embedded in autonomous
components. Previous work has introduced a Self-Managed Cell (SMC)
as an infrastructure for building ubiquitous applications. An SMC consists
of a set of hardware and software components that implement a policy-driven
feedback control-loop. This allows SMCs to adapt continually to changes in
their environment or in their usage requirements. Typical applications include
body-area networks for healthcare monitoring, and communities of unmanned
autonomous vehicles (UAVs) for surveillance and reconnaissance operations.
Ubiquitous applications are typically formed from multiple interacting autonomous
components, which establish peer-to-peer collaborations, federate and
compose into larger structures. Components must interact to distribute management
tasks and to enforce communication strategies. This thesis presents
an integrated framework which supports the design and the rapid establishment
of policy-based SMC interactions by systematically composing simpler abstractions
as building elements of a more complex collaboration. Policy-based
interactions are realised – subject to an extensible set of security functions –
through the exchanges of interfaces, policies and events, and our framework
was designed to support the specification, instantiation and reuse of patterns of
interaction that prescribe the manner in which these exchanges are achieved.
We have defined a library of patterns that provide reusable abstractions for
the structure, task-allocation and communication aspects of an interaction,
which can be individually combined for building larger policy-based systems in
a methodical manner. We have specified a formal model to ensure the rigorous
verification of SMC interactions before policies are deployed in physical devices.
A prototype has been implemented that demonstrates the practical feasibility
of our framework in constrained resources
Architecture for Mobile Heterogeneous Multi Domain Networks
Multi domain networks can be used in several scenarios including military, enterprize networks, emergency networks and many other cases. In such networks, each domain might be under its own administration. Therefore, the cooperation among domains is conditioned by individual domain policies regarding sharing information, such as network topology, connectivity, mobility, security, various service availability and so on. We propose a new architecture for Heterogeneous Multi Domain (HMD) networks, in which one the operations are subject to specific domain policies. We propose a hierarchical architecture, with an infrastructure of gateways at highest-control level that enables policy based interconnection, mobility and other services among domains. Gateways are responsible for translation among different communication protocols, including routing, signalling, and security. Besides the architecture, we discuss in more details the mobility and adaptive capacity of services in HMD. We discuss the HMD scalability and other advantages compared to existing architectural and mobility solutions. Furthermore, we analyze the dynamic availability at the control level of the hierarchy
Autonomic Management of Large Clusters and Their Integration into the Grid
We present a framework for the co-ordinated, autonomic management of multiple clusters in a compute center and their integration into a Grid environment. Site autonomy and the automation of administrative tasks are prime aspects in this framework. The system behavior is continuously monitored in a steering cycle and appropriate actions are taken to resolve any problems. All presented components have been implemented in the course of the EU project DataGrid: The Lemon monitoring components, the FT fault-tolerance mechanism, the quattor system for software installation and configuration, the RMS job and resource management system, and the Gridification scheme that integrates clusters into the Grid
SLA BASED FEDERATED E-MARITIME SERVICES
We consider a SOA based service engineering framework as a robust engineering approach to the elaboration and analysis of functional and quality requirements, as well the formal testing of architectural solutions of emerging e-maritime systemst. Autonomic systems and related architectural frameworks are considered towards engineering e-maritime services. E-maritime services’ interfaces, behavior, and service composition design and testing aspects are discussed. A SOA SLA approach is proposed so as to enable e-maritime service properties to be formally agreed, negotiated and offered over an e-maritime SOA platform
- …