Rights and services interoperability for multimedia content management

The main goal of the work presented in this thesis is to describe the definition of interoperability mechanisms between rights expression languages and policy languages. Starting from languages interoperability, the intention is to go a step further and define how services for multimedia content management can interoperate by means of service-oriented generic and standardised architectures. In order to achieve this goal, several standards and existing initiatives will be analysed and taken into account. Regarding rights expression languages and policy languages, standards like MPEG-21 Rights Expression Language (REL), Open Digital Rights Language (ODRL) and eXtensible Access Control Markup Language (XACML) are considered. Regarding services for content management, the Multimedia Information Protection And Management System (MIPAMS), a standards-based implemented architecture, and the Multimedia Service Platform Technologies (MSPT), also known as MPEG-M standard, are considered. The contribution of this thesis is divided into two parts, one devoted to languages interoperability and the other one devoted to services interoperability, both addressed to multimedia content management. They are briefly described next. The first part of the contribution describes how MPEG-21 REL, ODRL and XACML can interoperate, defining the mapping mechanisms to translate expressions from language to language. The mappings provided have different levels of granularity, starting from a mapping based on a programmatic approach coming from high-level modelling diagrams done using Unified Modelling Language (UML) and Entity-Relationship (ER). The next level of mappings includes specific mappings between MPEG-21 REL and XACML and ODRL and XACML. Finally, a more general solution is proposed by using a broker. Part of this work was done in the context of the VISNET-II Network of Excellence and the AXMEDIS Integrated Project. The findings done prove the validity of the interoperability methods described. The second part of the contribution describes how to describe standards based building blocks to provide interoperable services for multimedia content management. This definition is based on the analysis of existing content management use cases, from the ones involving less security over multimedia content managed to the ones providing full-featured digital rights management (DRM) (including access control and ciphering techniques) to support secure content management. In this section it is also presented the work done in the research projects AXMEDIS, Musiteca and Culturalive. It is also shown the standardisation work done for MPEG-M, particularly on elementary services and service aggregation. To demonstrate the usage of both technologies a mobile application integrating both MPEG-M and MIPAMS is presented. Furthermore, some conclusions and future work is presented in the corresponding section, together with the refereed publications, which are briefly described in the document. In summary, the work presented can follow different research lines. On the one hand, further study on rights expression languages and policy languages is required as new versions of them have recently appeared. It is worth noting the standardisation of a contract expression language, MPEG-21 CEL, which has also to be further analysed in order to evaluate its interoperability with rights and policy languages. On the other hand, standard initiatives must be followed in order to complete the map of SB3's, considering MPEG standards and also other standards not only related to multimedia but also other application scenarios, like e-health or e-government

An aspect-oriented framework for systematic security hardening of software

In this thesis, we address the problems related to the security hardening of open source software. Accordingly, we first propose an aspect-oriented and pattern-based approach for systematic security hardening. It is based on the full separation between the roles and duties of the security experts and the developers performing the hardening. Such proposition constitutes a bridge that allows the security experts to provide the best solutions to particular security problems with the details on why, how and where to apply them. Moreover, it allows the developers to use these solutions to harden open source software without the need to have high security expertise. We realize the proposed approach by elaborating a programming independent and aspect-oriented based language for security hardening called SHL, developing its corresponding parser, compiler and facilities and integrating all of them into a framework for software security hardening. We also illustrate the feasibility of the elaborated framework by developing several security hardening case studies that deal with known security requirements and vulnerabilities and applying them on large scale software. Second, we enrich SHL and the aspect-oriented languages with new pointcut and primitive constructs ( GAFlow, GDFlow, ExportParameter and ImportParameter ) that provide features missing in the current AOP proposals and needed for systematic security hardening concerns. We also explore the viability of the proposed pointcuts and primitives by elaborating and implementing their algorithms and presenting the result of explanatory case studies. Finally, we improve the proposed framework by proposing a new approach for applying security hardening on the Gimple representation of software and elaborating formal syntax for SHL and Gimple together with an operational semantics for SHL weaving based on Gimple. We realize our proposition by integrating into the GCC compiler few features described in the SHL weaving semantics and developing a demonstrative case stud