Towards End-to-End QoS in Ad Hoc Networks

http://citi.insa-lyon.fr/wons2006/index.htmlIn this paper, we address the problem of supporting adaptive QoS resource management in mobile ad hoc networks, by proposing an efficient model for providing proportional endto- end QoS between classes. The effectiveness of our proposed solution in meeting desired QoS differentiation at a specific node and from end-to-end are assessed by simulation using a queueing network model implemented in QNAP. The experiments results show that the proposed solution provides consistent proportional differentiation for any service class and validates our claim even under bursty traffic and fading channel conditions

Managing Break-The-Glass using Situation-oriented authorizations

National audienceThe patient's life is a redline in Healthcare environments. Whenever it comes to danger, such environments reject static authorizations . A common problem "Break The Glass" is known as the act of breaking the static authorization in order to reach the required permission. Healthcare environment is full of different contexts and situations that require the authorizations to be dynamic. Dynamic Authorization is a concept of giving the choice to E-Health authorization system to choose the most suitable permission by considering one's situation. This paper aims at preventing the matter of modifying the policy to make authorizations dynamic. It introduces a simple solution to provide Dynamic Authorization by orienting the authorization system decision using situations. Situations, which are calculated using Complex Event Processing, are integrated to XACML architecture. A Healthcare example proves the efficiency of our approach

dynSMAUG: A Dynamic Security Management Framework Driven by Situations

We present a dynamic security management framework where security policies are specified according to situations. A situation allows to logically group dynamic constraints and make policies closer to business. Situations are specified and calculated by using complex events processing techniques and security policies are written in XACMLv3. Finally, the framework is supported by a modular event based deployment infrastructure. The whole framework has been implemented and its performance is evaluated

Etude du concept de confiance pour les infrastructures à clés publiques

Les infrastructures à clés publiques (ICPs) constituent à ce jour un élément majeur de la construction d’espaces sécurisés dans les environnements numériques. L’ICP se base sur un modèle de confiance composé de trois entités, à savoir les autorit´es de certification (ACs), les porteurs de certificat et les entités d´ependantes (EDs). Historiquement, ce modèle de confiance a été conçu pour des cas où les porteurs de certificat et les EDs ont des relations directes avec les ACs (par exemple tous font partie de la même entreprise). Aujourd’hui dans Internet, les EDs n’ont aucune relation directe avec les ACs. Cette nouvelle situation nécessite donc une définition plus précise de la notion de la confiance entre les ACs et les EDs. Nous montrons que l’évaluation de la confiance selon cette définition nécessite des expertises juridiques et techniques. Nous proposons donc de modifier le modèle de confiance à trois entités en ajoutant le rôle de l’expert technique et juridique qui aide les EDs à prendre des décisions sur les certificats

G-Cloud on Openstack : Adressing access control and regulation requirements

It is well known that e-Government applications bring several benefits to citizens in terms of efficiency, accessibility and transparency. Today, most of governments tend to propose cloud computing based e-services to their citizens. A key component in these services is the access control management issue. In this paper, we present our research works for building an access control system for the Djiboutian e-Government project that is built using Openstack framework. Specifically, we demonstrate the limitation of the integrated access control system in Openstack for the Djiboutian e-Government access control requirements and for the compliance to the related regulation. Thus, we propose to extend the existing access control system of Openstack by integrating the features of the XACML V3 to the Openstack framework

Difficulties to enforce your privacy preferences on Android? Kapuer will help you

Smartphones and mobile computing have changed our world and we are now over connected. Millions of applications are available to help us in every way possible. However applications can collect data from users for different purposes. Many private data are used to profile users. How to control privacy in this environment? We propose a system called Kapuer that improves the management of applications permissions on Android by combining access control and decision support. We present in this article the Android implementation of Kapuer

Know Your Customer: Opening a new bank account online using UAAF

Universal Authentication and Authorization Framework is a user-centric, privacy by design and decentralized system that allows anyone to easily benefit from a reliable digital identity made of multi-purpose and multi-origin attributes. In this article, we present the implementation of this framework in the context of online banking. We demonstrate how it can facilitate enforcing Know Your Customer when opening a new bank account online by allowing users to combine verifiable identity attributes issued by different organizations

A User-Centric Identity Management Framework based on the W3C Verifiable Credentials and the FIDO Universal Authentication Framework

We present a user-centric and decentralized digital identity system that allows anyone to easily benefit from an enriched digital identity made of multi-purpose and multi-origin attributes. It increases usability by the elimination of user passwords. It also makes this digital identity highly trustworthy both for the user (in terms of privacy and sovereignty) and the service provider who requires highly certified information about the user being enrolled to and/or authenticated on its services. We built our system based on the Universal Authentication Framework specified by the FIDO Alliance and the data model proposed by the W3C Verifiable Credentials WG. The whole system has been implemented in a banking scenario

Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker

A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the Certification Authority (CA), the certificate holder (or subject) and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However on the Internet, PKI technology is currently facing many obstacles that slow down its global adoption. In this paper, we argue that most of these obstacles boil down to one problem, which is the trust issue, i.e. how can an RP trust an unknown CA over the Internet? We demonstrate that the original X.509 trust model is not appropriate for the Internet and must be extended to include a new entity, called the Trust Broker, which helps RPs make trust decisions about CAs. We present an approach to assess the quality of a certificate that is related to the quality of the CA’s policy and its commitment to it. The Trust Broker, which is proposed for inclusion in the 2016 edition of X.509, could follow this approach to give RPs trust information about CAs. Finally, we present a prototype Trust Broker that demonstrates how RPs can make informed decisions about certificates in the context of the Web, by using its services

TLS Connection Validation by Web Browsers: Why do Web Browsers still not agree?

The TLS protocol is the primary technology used for securing web transactions. It is based on X.509 certificates that are used for binding the identity of web servers’ owners to their public keys. Web browsers perform the validation of X.509 certificates on behalf of web users. Our previous research in 2009 showed that the validation process of web browsers is inconsistent and flawed. We showed how this situation might have a negative impact on web users. From 2009 until now, many new X.509 related standards have been created or updated. In this paper, we performed an increased set of experiments over our 2009 study in order to highlight the improvements and/or regressions in web browsers’ behaviours