Security service adaptation for embedded service systems in changing environments

Distributed embedded applications increasingly operate in changing environments where the application security depends on the type and properties of the currently used communication services and employed devices. While vulnerabilities, threats, and available security function processing power are changing, the applications, however, should automatically adapt to the varying conditions in order to maintain the necessary security without endeavor of users. We report on the security management subproject of the SIRENA project where we apply a special combination of policy-based management with model-based management in order to support fully automated security management functions at runtime as well as tool-assisted security requirement definition and system design. Within an application model, the definition of the application's high-level security policy is of special importance. It represents the abstract security requirements and forms the starting point for the automated derivation of suitable security subsystem configurations which enforce the policy under changing environment conditions. The abstract policy representation relies on the generalized role based access control model (GRBAC)

[1]  Mustaque Ahamad,et al.  Generalized Role-Based Access Control for Securing Future Applications , 2000 .

[2]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[3]  Srinivas Devadas,et al.  Proxy-based security protocols in networked mobile devices , 2002, SAC '02.

[4]  Ingo Lück,et al.  Model-based configuration of VPNs , 2002, NOMS 2002. IEEE/IFIP Network Operations and Management Symposium. ' Management Solutions for the New Communications World'(Cat. No.02CH37327).

[5]  Morris Sloman,et al.  Policies Hierarchies for Distributed Systems Management , 1993, IEEE J. Sel. Areas Commun..

[6]  Morris Sloman,et al.  Policy driven management for distributed systems , 1994, Journal of Network and Systems Management.

[7]  Heiko Krumm,et al.  Model-Based Tool-Assistance for Packet-Filter Design , 2001, POLICY.

[8]  Mustaque Ahamad,et al.  Generalized role-based access control , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[9]  Richard Baskerville Designing information systems security , 1988 .