An Architecture for QoS-capable Integrated Security Gateway to Protect Avionic Data Network

International audienceWhile the use of Internet Protocol (IP) in aviation allows new applications and benefits, it opens the doors for security risks and attacks. Many security mechanisms and solutions have evolved to mitigate the ever continuously increasing number of network attacks. Although these conventional solutions have solved some security problems, they also leave some security holes. Securing open and complex systems have become more and more complicated and obviously, the dependence on a single security mechanism gives a false sense of security while opening the doors for attackers. Hence, to ensure secure networks, several security mechanisms must work together in a harmonic multi-layered way. In addition, if we take QoS requirements into account, the problem becomes more complicated and necessitates in-depth reflexions. In this paper, we present the architecture of our QoS-capable integrated security gateway: a gateway that highly integrates well chosen technologies in the area of network security as well as QoS mechanisms to provide the strongest level of security for avionic data network; our main aim is to provide both multi-layered security and stable performances for critical network applications

A new focus on risk reduction: an ad hoc decision support system for humanitarian relief logistics

Particularly in the early phases of a disaster, logistical decisions are needed to be made quickly and under high pressure for the decision‐makers, knowing that their decisions may have direct consequences on the affected society and all future decisions. Proactive risk reduction may be helpful in providing decision‐makers with optimal strategies in advance. However, disasters are characterized by severe uncertainty and complexity, limited knowledge about the causes of the disaster, and continuous change of the situation in unpredicted ways. Following these assumptions, we believe that adequate proactive risk reduction measures are not practical. We propose strengthening the focus on ad hoc decision support to capture information in almost real time and to process information efficiently to reveal uncertainties that had not been previously predicted. Therefore, we present an ad hoc decision support system that uses scenario techniques to capture uncertainty by future developments of a situation and an optimization model to compute promising decision options. By combining these aspects in a dynamic manner and integrating new information continuously, it can be ensured that a decision is always based on the best currently available and processed information. And finally, to identify a robust decision option that is provided as a decision recommendation to the decision‐makers, methods of multi‐attribute decision making (MADM) are applied. Our approach is illustrated for a facility location decision problem arising in humanitarian relief logistics where the objective is to identify robust locations for tent hospitals to serve injured people in the immediate aftermath of the Haiti Earthquake 2010.Frank Schätter, Marcus Wiens and Frank Schultman

Multi-level Authentication Based Single Sign-On for IMS Services

Part 2: Work in ProgressInternational audienceThe IP multimedia Subsystem (IMS) is the evolution of the 3G mobile networks towards new generation networks (NGN) that are only IP based. This architectural framework is seen as a key element for achieving network convergence defining a new horizontal integrated service offering, based on a common signaling protocol (SIP) for all multimedia services such as Voice over IP, Video call, or instant messaging. However the present deployment of IMS is specified according to a specific model, the so called walled-garden. In this model the applications are only provided to the users within the same operator so that the users will not have to look for applications outside the IMS garden. It is a very restrictive access mode for the users because they remain dependent on services offered by the provider and can consequently not choose freely applications they want to subscribe for. The goal of this paper is to include Single Sign-On (SSO) features in the standing IMS architectures to allow the user accessing all the applications, even the external ones transparently, simulating a walled-garden environment. We also introduce the notion of security level that will be affected to the SPs, and implementing it in what we can call “a Multi-level authentication model”

A Policy Language for Modelling Recommendations

International audienceWhile current and emergent applications become more and more complex, most of existing security policies and models only consider a yes/no response to the access requests. Consequently, modelling, formalizing and implementing permissions, obligations and prohibitions do not cover the richness of all the possible scenarios. In fact, several applications have access rules with the recommendation access modality. In this paper we focus on the problem of formalizing security policies with recommendation needs. The aim is to provide a generic domain-independent formal system for modelling not only permissions, prohibitions and obligations, but also recommendations. In this respect, we present our logic-based language, the semantics, the truth conditions, our axiomatic as well as inference rules. We also give a representative use case with our specification of recommendation requirements. Finally, we explain how our logical framework could be used to query the security policy and to check its consistency