28 research outputs found
Policy-based management for body-sensor networks
Accepted versio
Secure dynamic community establishment in coalitions
Accepted versio
Security Management System for 4G Heterogeneous Networks
There is constant demand for the development of mobile networks to meet the service requirements of users, and their development is a significant topic of research. The current fourth generation (4G) of mobile networks are expected to provide high speed connections anywhere at any time. Various existing 4G architectures such as LTE and WiMax support only wireless technologies, while an alternative architecture, Y-Comm, has been proposed to combine both existing wired and wireless networks. Y-Comm seeks to meet the main service requirements of 4G by converging the existing networks, so that the user can get better service anywhere and at any time.
One of the major characteristics of Y-Comm is heterogeneity, which means that networks with different topologies work together to provide seamless communication to the end user. However, this heterogeneity leads to technical issues which may compromise quality of service, vertical handover and security. Due to the convergence characteristic of Y-Comm, security is considered more significant than in the existing LTE and WiMax networks. These security concerns have motivated this research study to propose a novel security management system. The research aims to meet the security requirements of 4G mobile networks, e.g. preventing end user devices from being used as attack tools. This requirement has not been met clearly in previous studies of Y-Comm, but this study proposes a security management system which does this.
This research follows the ITU-T recommendation M.3400 dealing with security violations within Y-Comm networks. It proposes a policy-based security management system to deal with events that trigger actions in the system and uses Ponder2 to implement it. The proposed system, located in the top layer of the Y-Comm architecture, interacts with components of Y-Comm to enforce the appropriate policies. Its four main components are the Intelligent Agent, the Security Engine, the Security Policies Database and the Security Administrator. These are represented in this research as managed objects to meet design considerations such as extensibility and modifiability.
This research demonstrates that the proposed system meets the security requirements of the Y-Comm environment. Its deployment is possible with managed objects built with Ponder2 for all of the components of Y-Comm, which means that the security management system is able to prevent end user devices from being used as attack tools. It can also achieve other security goals of Y-Comm networks
Supporting Management lnteraction and Composition of Self-Managed Cells
Management in ubiquitous systems cannot rely on human intervention or centralised
decision-making functions because systems are complex and devices
are inherently mobile and cannot refer to centralised management applications
for reconfiguration and adaptation directives. Management must be devolved,
based on local decision-making and feedback control-loops embedded in autonomous
components. Previous work has introduced a Self-Managed Cell (SMC)
as an infrastructure for building ubiquitous applications. An SMC consists
of a set of hardware and software components that implement a policy-driven
feedback control-loop. This allows SMCs to adapt continually to changes in
their environment or in their usage requirements. Typical applications include
body-area networks for healthcare monitoring, and communities of unmanned
autonomous vehicles (UAVs) for surveillance and reconnaissance operations.
Ubiquitous applications are typically formed from multiple interacting autonomous
components, which establish peer-to-peer collaborations, federate and
compose into larger structures. Components must interact to distribute management
tasks and to enforce communication strategies. This thesis presents
an integrated framework which supports the design and the rapid establishment
of policy-based SMC interactions by systematically composing simpler abstractions
as building elements of a more complex collaboration. Policy-based
interactions are realised – subject to an extensible set of security functions –
through the exchanges of interfaces, policies and events, and our framework
was designed to support the specification, instantiation and reuse of patterns of
interaction that prescribe the manner in which these exchanges are achieved.
We have defined a library of patterns that provide reusable abstractions for
the structure, task-allocation and communication aspects of an interaction,
which can be individually combined for building larger policy-based systems in
a methodical manner. We have specified a formal model to ensure the rigorous
verification of SMC interactions before policies are deployed in physical devices.
A prototype has been implemented that demonstrates the practical feasibility
of our framework in constrained resources
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
A Lightweight Policy System for Body Sensor Networks
Body sensor networks (BSNs) for healthcare have more stringent security and context adaptation requirements than required in large-scale sensor networks for environment monitoring. Policy-based management enables flexible adaptive behavior by supporting dynamic loading, enabling and disabling of policies without shutting down nodes. This overcomes many of the limitations of sensor operating systems, such as TinyOS, which do not support dynamic modification of code. Alternative schemes for adaptation, such as network programming, have a high communication cost and suffer from operational interruption. In addition, a policy-driven approach enables finegrained access control through specifying authorization policies. This paper presents the design, implementation and evaluation of an efficient policy system called Finger which enables policy interpretation and enforcement on distributed sensors to support sensor level adaptation and fine-grained access control. It features support for dynamic management of policies, minimization of resources usage, high responsiveness and node autonomy. The policy system is integrated as a TinyOS component, exposing simple, well-defined interfaces which can easily be used by application developers. The system performance in terms of processing latency and resource usage is evaluated. © 2009 IEEE.Published versio