Abstract
In Systems Beyond 3G, protection fundamentally needs to be flexible. Due to heterogeneity of access networks and mobile devices, multiple security requirements (e.g., cryptographic algorithms, network security policies) must be addressed. The security infrastructure must also be reconfigurable (e.g., system patches to defeat new attacks) to cope with extremely dynamic conditions. Autonomic security applies the idea of flexibility to the security space itself. It goes a step further than simple adaptation by automating the entire reconfiguration process, thus making the security mechanisms self-responsive. We define an autonomic security framework to build such self-protecting systems. The framework is structured around the different steps of the reconfiguration activity: sense, analyze and respond. We show how flexible access control, authentication, and cryptographic security services can be built on top of our framework, illustrating how autonomic security can be implemented in the terminal and the network.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
IP Security Working Group, http://www.ietf.org/html.charters/ipsp-charter.html/
IST E2R II Project, http://e2r.motlabs.com/
Jena: A Semantic Web Framework for Java, http://jena.sourceforge.net/
Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI). In: FCS 2004. Conjunction with Workshop on Foundations on Computer Security (2004)
Al-Muhtadi, J., Mickunas, D., Campbell, R.: A Lightweight Reconfigurable Security Mechanism for 3G/4G Mobile Devices. IEEE Wireless Communications 9(2), 60–65 (2002)
Al-Muhtadi, J., Ranganathan, A., Campbell, R., Mickunas, M.: Cerberus: A Context-Aware Security Scheme for Smart Spaces. In: PerCom 2003. International Conference on Pervasive Computing and Communications (2003)
Almenárez, F., Marín, A., Campo, C., García, C.: PTM: A Pervasive Trust Management Model for Dynamic Open Environments. In: PSPT. Mobiquitous Workshop on Pervasive Security, Privacy and Trust (2004)
Almenárez, F., Marín, A., Campo, C., García, C.: TrustAC: Trust-Based Access Control for Pervasive Devices. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, Springer, Heidelberg (2005)
Astrom, K., Wittenmark, B.: Adaptive Control. Prentice-Hall, Englewood Cliffs (1994)
Bruneton, E., Coupaye, T., Leclerc, M., Quema, V., Stefani, J.B.: An Open Component Model and its Support in Java. In: Crnković, I., Stafford, J.A., Schmidt, H.W., Wallnau, K. (eds.) CBSE 2004. LNCS, vol. 3054, Springer, Heidelberg (2004)
Chess, D., Palmer, C., White, S.: Security in an Autonomic Computing Environment. IBM Systems Journal 42(1), 107–118 (2003)
Cook, D., Das, S.: Smart Environments: Technologies, Protocols, and Applications. Wiley, Chichester (2005)
Covington, M., Fogla, P., Zhan, Z., Ahamad, M.: A Context-Aware Security Architecture for Emerging Applications. In: ACSAC. Annual Computer Security Applications Conference (2002)
Covington, M., Long, W., Srinivasan, S., Dey, A., Ahamad, M., Abowd, G.: Securing Context-Aware Applications using Environment Roles. In: SACMAT 2001. Symposium on Access Control Models and Technologies (2001)
Covington, M., Moyer, M., Ahamad, M.: Generalized Role-Based Access control for Securing Future Applications. In: NISCC. National Information Systems Security Conference (2000)
David, P.C., Ledoux, T.: WildCAT: A Generic Framework for Context-Aware Applications. In: International Workshop on Middleware for Pervasive and Ad-Hoc Computing (2005)
E2R Deliverable D2.2. Equipment Management Framework for Reconfiguration: Architecture, Interfaces, and Functions (December 2005)
Fassino, J.P., Stefani, J.B., Lawall, J., Muller, G.: Think: A Software Framework for Component-Based Operating System Kernels. In: USENIX Annual Technical Conference (2002)
Ganek, A., Corbi, T.: The Dawning of the Autonomic Computing Era. IBM Systems Journal 42(1), 5–18 (2003)
Georganopoulos, N., Farnham, T., Burgess, R., Schöler, T., Sessler, J., Warr, P., Golubicic, Z., Platbrood, F., Souville, B., Buljore, S.: Terminal-Centric View of Software Reconfigurable System Architecture and Enabling Components and Technologies. IEEE Communications Magazine 42(5), 100–110 (2004)
Hager, C.: Context Aware and Adaptive Security for Wireless Networks. PhD thesis, Virginia Polytechnic Institute and State University (2004)
Jarboui, T., Lacoste, M., Wadier, P.: A Component-Based Policy-Neutral Authorization Architecture. In: CFSE 2006. French Conference on Operating Systems (2006)
Kim, A., Luo, J., Kang, M.: Security Ontology for Annotating Resources. In: ODBASE 2005. International Conference on Ontologies, Databases, and Application of Semantics (2005)
Klenk, A., Niedermayer, H., Masekowsky, M., Carle, G.: An Architecture for Autonomic Security Adaptation. Annals of Telecommunications 61(9-10) (2006)
Leithead, T., Nejdl, W., Oldmedilla, D., Seamons, K., Winslett, M., Yu, T., Zhang, C.: How to Exploit Ontologies in Trust Negotiation. In: Workshop on Trust, Security, and Reputation on the Semantic Web (2004)
Logg, C., Cottrell, L.: Characterization of the Traffic between SLAC and the Internet (2003), http://www.slac.stanford.edu/comp/net/slac-netflow/html/SLAC-netflow.html
MAGNET Deliverable D5.0. Impact of and Requirements on Reconfigurability (June 2004)
Mavinakayanahalli, A., Panchamukhi, P., Keniston, J., Keshavamurthy, A., Hiramatsu, M.: Probing the Guts of Kprobes. In: Proc. Linux Symposium, Ottawa, Canada, vol. 2, pp. 101–114 (2006)
Muñoz, L., Agüero, R., Choque, J., Irastorza, J., Sánchez, L., Petrova, M., Mähönen, P.: Empowering Next-Generation Wireless Personal Communication Networks. IEEE Communications Magazine 42(5), 64–70 (2004)
Román, M., Hess, C., Cerqueira, R., Ranganathan, A., Campbell, R., Nahrstedt, K.: Gaia: A Middleware Infrastructure to Enable Active Spaces. IEEE Pervasive Computing, 74–83 (October–December 2002)
Shankar, N., Balfanz, D.: Enabling Secure Ad-hoc Communication using Context-Aware Security Services. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, Springer, Heidelberg (2002)
Stajano, F.: Security for UbiquitousComputing. Wiley, Chichester (2002)
Trolltech. Introduction to D-Bus, http://doc.trolltech.com/4.2/intro-to-dbus.html/
Undercoffer, J., Perich, F., Cedilnik, A., Kagal, L., Joshi, A.: A Secure Infrastructure for Service Discovery and Access in Pervasive Computing. ACM Mobile Networks and Applications (MONET): Special Issue on Security in Mobile Computing Environments 8(2), 113–125 (2003)
W3C. SPARQL Query Language for RDF, W3C Working Draft (October 2006)
Wullems, C., Looi, M., Clark, A.: Towards Context-aware Security: An Authorization Architecture for Intranet Environments. In: PerCom 2004. International Conference on Pervasive Computing and Communications Workshops (2004)
Zhang, K., Kindberg, T.: An Authorization Infrastructure for Nomadic Computing. In: SACMAT 2002. Symposium on Access Control Models and Technologies (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Saxena, A., Lacoste, M., Jarboui, T., Lücking, U., Steinke, B. (2007). A Software Framework for Autonomic Security in Pervasive Environments. In: McDaniel, P., Gupta, S.K. (eds) Information Systems Security. ICISS 2007. Lecture Notes in Computer Science, vol 4812. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77086-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-77086-2_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77085-5
Online ISBN: 978-3-540-77086-2
eBook Packages: Computer ScienceComputer Science (R0)