Skip to main content
SpringerLink
Log in

A situation-driven framework for dynamic security management

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

We present a dynamic security management framework where security policies are specified according to situations. Situation-based policies easily express complex dynamic security measures, are closer to business, and simplify the policy life cycle management. Situations are specified using complex event processing techniques. The framework is supported by a modular event–based infrastructure where a dedicated situation manager maintains active situations allowing the command center to take dynamic situation–based authorization and obligation decisions. The whole framework has been implemented and showed good performance by simulation. Finally, we detail two real experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. http://www.espertech.com/esper/

  2. https://github.com/wso2/balana

  3. http://www.polestar.eu/

  4. http://www.android-x86.org/

  5. https://github.com/mobile-event-processing/Asper

References

  1. Harkins M (2012) Managing risk and information security: protect to enable Apress

  2. Laborde R, Oglaza A, Barrère F, Benzekri A (2017) dynsmaug: a dynamic security management framework driven by situations. In: Cyber Security in Networking Conference (CSNet), 2017. IEEE, pp 1–8

  3. Agrawal D, Lee K-W, Lobo J (2005) Policy-based management of networked computing systems. IEEE Commun Mag 43(10):69–75

    Article  Google Scholar 

  4. Westerinen A, Strassner J, Scherling M, Quinn B, Herzog S, Huynh A, Carlson M, Perry J, Waldbusser S (2001) Terminology for policy-based management ietf rfc 3198

  5. Chadwick D, Zhao G, Otenko S, Laborde R, Su L, Nguyen TA (2008) PERMIS: a modular authorization infrastructure. Concurrency and Computation: Practice and Experience 20(11):1341–1357

    Article  Google Scholar 

  6. Barrėre F, Benzekri A, Frasset F, Laborde R (2002) A multi-domain security policy distribution architecture for dynamic IP based VPN management. In: 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), pp 224–227

  7. Lymberopoulos L, Lupu E, Sloman M (2003) An adaptive policy-based framework for network services management. J Netw Syst Manag 11(3):277–303

    Article  Google Scholar 

  8. Dey AK (2001) Understanding and using context. Pers Ubiquit Comput 5(1):4–7

    Article  Google Scholar 

  9. Barwise J, Perry J (1980) The situation underground. Stanford University Press, Stanford

    Google Scholar 

  10. Endsley MR (1988) Design and evaluation for situation awareness enhancement. In: Proceedings of the human factors and ergonomics society annual meeting, vol 132, no 2. SAGE Publications, pp 97–101

  11. Adi A, Etzion O (2004) Amit - the situation manager. The VLDB Journal—The International Journal on Very Large Data Bases 13(2):177–203

    Article  MATH  Google Scholar 

  12. Luckham D (2008) The power of events: an introduction to complex event processing in distributed enterprise systems. In: Workshop on Rules and Rule Markup Languages for the Semantic Web. Springer, p 3

  13. OASIS (2013) eXtensible access control markup language (XACML) Version 3.0, Tech. Rep. [Online]. Available: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-en.pdf

  14. Hu VC, Ferraiolo D, Kuhn R, Schnitzer A, Sandlin K, Miller R, Scarfone K (2016) Guide to attribute based access control (ABAC) definition and considerations, NIST, Tech. Rep. SP 800–162

  15. Laborde R, Barrère F, Benzekri A (2013) Toward authorization as a service: a study of the xacml standard. In: Proceedings of the 16th Communications & Networking Symposium. SCS, p 9

  16. Oglaza A, Laborde R, Zaraté P (2013) Authorization policies: using decision support system for context-aware protection of user’s private data. In: International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, pp 1639–1644

  17. Giambiagi P, Nair SK, Brossard D (2015) Abbreviated language for authorization Version 1.0. [Online]. Available: https://www.oasis-open.org/committees/download.php/55228/alfa-for-xacml-v1.0-wd01.doc

  18. Bonatti P, Galdi C, Torres D (2015) Event-driven RBAC. J Comput Secur 23(6):709–757

    Article  Google Scholar 

  19. Son J, Kim J-D, Na H-S, Baik D-K (2015) CBDAC: context-based dynamic access control model using intuitive 5w1h for ubiquitous sensor network, International Journal of Distributed Sensor Networks

  20. Kim Y-G, Lim J (2007) Dynamic activation of role on RBAC for ubiquitous applications. In: 2007 International Conference on Convergence Information Technology. IEEE, pp 1148–1153

  21. Yau SS, Yao Y, Banga V (2005) Situation-aware access control for service-oriented autonomous decentralized systems. In: Autonomous Decentralized Systems, 2005. ISADS 2005, Proceedings. IEEE, pp 17–24

  22. Kayes ASM, Han J, Colman A (2015) An ontological framework for situation-aware access control of software services. Inf Syst 53:253–277

    Article  Google Scholar 

  23. Kabbani B, Laborde R, Barrere F, Benzekri A (2014) Specification and enforcement of dynamic authorization policies oriented by situations. In: 2014 6th International Conference on New Technologies Mobility and Security (NTMS). IEEE, pp 1–6

  24. Kabbani B, Laborde R, Barrère F, Benzekri A (2014) Managing Break-The-Glass using Situation-oriented authorizations. In: 9ème conférence sur la sécurité des Architectures réseaux et systèmes d’Information-SAR-SSI 2014

  25. Marie P, Desprats T, Chabridon S, Sibilla M, Taconet C (2015) From ambient sensing to iot-based context computing: an open framework for end to end qoc management. Sensors 15(6):14180–14206

    Article  Google Scholar 

Download references

Acknowledgment

We would like to thank PoleStar for their indoor position technology.

Funding

This work, part of the Box@PME project, was funded by BpiFrance and Région Occitanie.

Author information

Authors and Affiliations

  1. University Paul Sabatier, 118 Route de Narbonne, F-31062, Toulouse CEDEX 9, France

    Romain Laborde, Arnaud Oglaza, Ahmad Samer Wazan, François Barrère & Abdelmalek Benzekri

Authors
  1. Romain Laborde
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arnaud Oglaza
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ahmad Samer Wazan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. François Barrère
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Abdelmalek Benzekri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Romain Laborde.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Laborde, R., Oglaza, A., Wazan, A.S. et al. A situation-driven framework for dynamic security management. Ann. Telecommun. 74, 185–196 (2019). https://doi.org/10.1007/s12243-018-0673-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-018-0673-0

Keywords

Search

Navigation