A Policy Management Framework for Self-Protection of Pervasive Systems

Although highly promising to meet the challenges of pervasive network security, self-managed protection has been little addressed in this setting. This paper adopts a policy-based management approach to the problem, and presents a policy-driven security framework called ASPF. Enforced authorization policies in a device are adapted according to the security context, both at the network and device levels. ASPF describes how an autonomic security manager may control OS-level authorization mechanisms supporting multiple classes of policies. Evaluationof an ASPF implementation shows that the design is applicable for effective and yet flexible self-protection of pervasive systems.

[1]  Aaron B. Brown,et al.  Measuring the Effectiveness of Self-Healing Autonomic Systems , 2005, Second International Conference on Autonomic Computing (ICAC'05).

[2]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[3]  Noel De Palma,et al.  Autonomic management policy specification in Tune , 2008, SAC '08.

[4]  Marc Lacoste,et al.  A component-based policy-neutral architecture for kernel-level access control , 2009, Ann. des Télécommunications.

[5]  Ian T. Foster,et al.  A Flexible Attribute Based Access Control Method for Grid Computing , 2008, Journal of Grid Computing.

[6]  Jeffrey O. Kephart,et al.  An artificial intelligence perspective on autonomic computing policies , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[7]  Nazim Agoulmine,et al.  FOCALE: A Novel Autonomic Networking Architecture , 2006 .

[8]  José Neuman de Souza,et al.  The Design of a New Policy Model to Support Ontology-Driven Reasoning for Autonomic Networking , 2007, LANOMS.

[9]  Sushil Jajodia,et al.  Access control policies and languages , 2007, Int. J. Comput. Sci. Eng..

[10]  Saeed Parsa,et al.  Survey on access control models , 2010, 2010 2nd International Conference on Future Computer and Communication.

[11]  Emil C. Lupu,et al.  Ponder2: A Policy System for Autonomous Pervasive Environments , 2009, 2009 Fifth International Conference on Autonomic and Autonomous Systems.

[12]  John C. Strassner,et al.  Policy-based network management - solutions for the next generation , 2003, The Morgan Kaufmann series in networking.

[13]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[14]  Marc Lacoste,et al.  Applying component-based design to self-protection of ubiquitous systems , 2008, SEPS '08.

[15]  Noel De Palma,et al.  Self-protection for Distributed Component-Based Applications , 2006, SSS.

[16]  Marc Lacoste,et al.  Brief Announcement: An OS Architecture for Device Self-protection , 2009, SSS.

[17]  Maxime Louvel,et al.  Think: View-Based Support of Non-functional Properties in Embedded Systems , 2009, 2009 International Conference on Embedded Software and Systems.

[18]  John Mark Agosta Towards Autonomic Enterprise Security: Self-Defending Platforms, Distributed Detection, and Adaptive Feedback , 2006 .

[19]  E. Damiani,et al.  New paradigms for access control in open environments , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[20]  Jean-Marc Jézéquel,et al.  Weaving executability into object-oriented meta-languages , 2005, MoDELS'05.

[21]  Jorge Lobo,et al.  Policy-based management of networked computing systems , 2005, IEEE Communications Magazine.

[22]  Charles C. Palmer,et al.  Security in an autonomic computing environment , 2003, IBM Syst. J..

[23]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.