Abstract
We present a dynamic security management framework where security policies are specified according to situations. Situation-based policies easily express complex dynamic security measures, are closer to business, and simplify the policy life cycle management. Situations are specified using complex event processing techniques. The framework is supported by a modular event–based infrastructure where a dedicated situation manager maintains active situations allowing the command center to take dynamic situation–based authorization and obligation decisions. The whole framework has been implemented and showed good performance by simulation. Finally, we detail two real experiments.
Similar content being viewed by others
References
Harkins M (2012) Managing risk and information security: protect to enable Apress
Laborde R, Oglaza A, Barrère F, Benzekri A (2017) dynsmaug: a dynamic security management framework driven by situations. In: Cyber Security in Networking Conference (CSNet), 2017. IEEE, pp 1–8
Agrawal D, Lee K-W, Lobo J (2005) Policy-based management of networked computing systems. IEEE Commun Mag 43(10):69–75
Westerinen A, Strassner J, Scherling M, Quinn B, Herzog S, Huynh A, Carlson M, Perry J, Waldbusser S (2001) Terminology for policy-based management ietf rfc 3198
Chadwick D, Zhao G, Otenko S, Laborde R, Su L, Nguyen TA (2008) PERMIS: a modular authorization infrastructure. Concurrency and Computation: Practice and Experience 20(11):1341–1357
Barrėre F, Benzekri A, Frasset F, Laborde R (2002) A multi-domain security policy distribution architecture for dynamic IP based VPN management. In: 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), pp 224–227
Lymberopoulos L, Lupu E, Sloman M (2003) An adaptive policy-based framework for network services management. J Netw Syst Manag 11(3):277–303
Dey AK (2001) Understanding and using context. Pers Ubiquit Comput 5(1):4–7
Barwise J, Perry J (1980) The situation underground. Stanford University Press, Stanford
Endsley MR (1988) Design and evaluation for situation awareness enhancement. In: Proceedings of the human factors and ergonomics society annual meeting, vol 132, no 2. SAGE Publications, pp 97–101
Adi A, Etzion O (2004) Amit - the situation manager. The VLDB Journal—The International Journal on Very Large Data Bases 13(2):177–203
Luckham D (2008) The power of events: an introduction to complex event processing in distributed enterprise systems. In: Workshop on Rules and Rule Markup Languages for the Semantic Web. Springer, p 3
OASIS (2013) eXtensible access control markup language (XACML) Version 3.0, Tech. Rep. [Online]. Available: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-en.pdf
Hu VC, Ferraiolo D, Kuhn R, Schnitzer A, Sandlin K, Miller R, Scarfone K (2016) Guide to attribute based access control (ABAC) definition and considerations, NIST, Tech. Rep. SP 800–162
Laborde R, Barrère F, Benzekri A (2013) Toward authorization as a service: a study of the xacml standard. In: Proceedings of the 16th Communications & Networking Symposium. SCS, p 9
Oglaza A, Laborde R, Zaraté P (2013) Authorization policies: using decision support system for context-aware protection of user’s private data. In: International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, pp 1639–1644
Giambiagi P, Nair SK, Brossard D (2015) Abbreviated language for authorization Version 1.0. [Online]. Available: https://www.oasis-open.org/committees/download.php/55228/alfa-for-xacml-v1.0-wd01.doc
Bonatti P, Galdi C, Torres D (2015) Event-driven RBAC. J Comput Secur 23(6):709–757
Son J, Kim J-D, Na H-S, Baik D-K (2015) CBDAC: context-based dynamic access control model using intuitive 5w1h for ubiquitous sensor network, International Journal of Distributed Sensor Networks
Kim Y-G, Lim J (2007) Dynamic activation of role on RBAC for ubiquitous applications. In: 2007 International Conference on Convergence Information Technology. IEEE, pp 1148–1153
Yau SS, Yao Y, Banga V (2005) Situation-aware access control for service-oriented autonomous decentralized systems. In: Autonomous Decentralized Systems, 2005. ISADS 2005, Proceedings. IEEE, pp 17–24
Kayes ASM, Han J, Colman A (2015) An ontological framework for situation-aware access control of software services. Inf Syst 53:253–277
Kabbani B, Laborde R, Barrere F, Benzekri A (2014) Specification and enforcement of dynamic authorization policies oriented by situations. In: 2014 6th International Conference on New Technologies Mobility and Security (NTMS). IEEE, pp 1–6
Kabbani B, Laborde R, Barrère F, Benzekri A (2014) Managing Break-The-Glass using Situation-oriented authorizations. In: 9ème conférence sur la sécurité des Architectures réseaux et systèmes d’Information-SAR-SSI 2014
Marie P, Desprats T, Chabridon S, Sibilla M, Taconet C (2015) From ambient sensing to iot-based context computing: an open framework for end to end qoc management. Sensors 15(6):14180–14206
Acknowledgment
We would like to thank PoleStar for their indoor position technology.
Funding
This work, part of the Box@PME project, was funded by BpiFrance and Région Occitanie.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Laborde, R., Oglaza, A., Wazan, A.S. et al. A situation-driven framework for dynamic security management. Ann. Telecommun. 74, 185–196 (2019). https://doi.org/10.1007/s12243-018-0673-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-018-0673-0