POSSET – Policy-Driven Secure Session Transfer

Robinson, Philip; Schaefer, Christian; Walter, Thomas

doi:10.1007/978-3-540-31979-5_2

POSSET – Policy-Driven Secure Session Transfer

Philip Robinson²⁰,
Christian Schaefer²¹ &
Thomas Walter²¹

Conference paper

957 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3439))

Abstract

Ubiquitous networks and seamless terminals are potential enablers for session mobility and session transfer. In a business environment, session mobility is restricted by the security requirements set forth by corporate security policies to protect corporate assets. Session mobility can be supported to the extent that specified corporate assets are still protected even though a session is transferred to another mobile device. We describe a policy-driven approach for secure session transfers. Secure session transfer mechanisms validate whether or not a session transfer is allowed, establish secure interaction channels with target devices, perform security context negotiation and, if all previous steps are successful, facilitate transferring a session from a source to a target device. The protocol is supported by security policies and digitally signed assertion tokens. Policies define the constraints to be met before (i.e. decision whether transfer is possible or not) and after session transfer (i.e. respective security context.), while tokens are utilized to identify suitable mobile devices that claim trustworthiness, which may be target of a session transfer.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Kouadri Mostéfaoui, G., Brézillon, P.: A Generic Framework for Context-Based Distributed Authorizations. In: Blackburn, P., Ghidini, C., Turner, R.M., Giunchiglia, F. (eds.) CONTEXT 2003. LNCS, vol. 2680, pp. 204–217. Springer, Heidelberg (2003)
Chapter Google Scholar
Bagrodia, R., Bhattacharyya, S., Cheng, F., et al.: iMASH: Interactive Mobile Application Session Handoff. In: ACM International Conference on Mobile Systems, Applications, and Services (MobiSys 2003) (May 2003)
Google Scholar
Skow, E., Kong, J., Phan, T., Cheng, F., et al.: A Security Architecture for Application Session Handoff. In: International Conference on Communications (ICC 2002), April 28 - May 2 (2002)
Google Scholar
ITU-T Recommendation X.511: Abstract Service Definition (1993)
Google Scholar
Berndt, H., et al.: The TINA Book. Prentice Hall, Europe (1999)
Google Scholar
NTT DoCoMo: All-IP Mobile Network Platform supporting a Ubiquitous Society – cover page. NTT DoCoMo Technical Journal 4(4) (March 2003)
Google Scholar
Shirey, R.: Internet Security Glossary. In: IETF International Request for Comments, vol. 2828 (May 2000)
Google Scholar
Robinson, P., Rits, M., Kilian-Kehr, R.: An Aspect of Application Security Management. In: AOSD Workshop on Application-level security (AOSDSEC), Lancaster, UK (March 2004)
Google Scholar
Thakolsri, S., Kellerer, W.: Application-layer mobility, DoCoMo Euro-Labs Internal Technical Report (January 2004)
Google Scholar
Handley, M., Jacobson, V.: Session Definition Protocol, IETF RFC 2327 (April 1998)
Google Scholar
Walter, T., Bussard, L., Roudier, Y., Haller, J., Kilian-Kehr, R., Posegga, J., Robinson, P.: Secure Mobile Business Applications – Framework. Architecture and Implementation, Information Security Technical Report 9(4) (2004)
Google Scholar
Schulzrinne, H., Wedlund, E.: Application-Layer Mobility Using SIP. ACM Mobile Computing and Communications Review 4(3) (July 2000)
Google Scholar
Rosenberg, J., et al.: SIP: Session Initiation Protocol, IETF RFC 3261 (June 2002)
Google Scholar
Dulay, N., Lupu, E., Sloman, M., Damianou, N.: A Policy Deployment Model for the Ponder Language. In: IFIP/IEEE Symposium on Integrated Network Management, Seattle, USA (2001)
Google Scholar
Bussard, L., Roudier, Y., Kilian-Kehr, R., Crosta, S.: Trust and Authorization in Pervasive B2E Scenarios. In: 6th Information Security Conference, Bristol, UK (October 2003)
Google Scholar

Download references

Author information

Authors and Affiliations

SAP, Vincenz-Priessnitz-Str. 1, 76131, Karlsruhe, Germany
Philip Robinson
DoCoMo Euro-Labs, Landsberger Str. 312, 80687, Munich, Germany
Christian Schaefer & Thomas Walter

Authors

Philip Robinson
View author publications
You can also search for this author in PubMed Google Scholar
Christian Schaefer
View author publications
You can also search for this author in PubMed Google Scholar
Thomas Walter
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Information Systems, Singapore Management University, Singapore
Robert H. Deng
Institute for Infocomm Research, 119613, Singapore
Feng Bao
School of Information Systems, Singapore Management University,
HweeHwa Pang
Cryptography and Security Department Institute for Infocomm Research, Singapore
Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Robinson, P., Schaefer, C., Walter, T. (2005). POSSET – Policy-Driven Secure Session Transfer. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31979-5_2

Download citation

DOI: https://doi.org/10.1007/978-3-540-31979-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25584-0
Online ISBN: 978-3-540-31979-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics