Abstract
INTER-TRUST is a framework for the specification, negotiation, deployment and dynamic adaptation of interoperable security policies, in the context of pervasive systems where devices are constantly exchanging critical information through the network. The dynamic adaptation of the security policies at runtime is addressed using Aspect-Oriented Programming (AOP) that allows enforcing security requirements by dynamically weaving security aspects into the applications. However, a mechanism to guarantee the correct adaptation of the functionality that enforces the changing security policies is needed. In this paper, we present an approach with monitoring and detection techniques in order to maintain the correlation between the security policies and the associated functionality deployed using AOP, allowing the INTER-TRUST framework automatically reacts when needed.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)
FP7 European Project INTER-TRUST: Interoperable Trust Assurance Infrastructure. http://www.inter-trust.eu/
Ayed, S., Idrees, M.S., Cuppens-Boulahia, N., Cuppens, F., Pinto, M., Fuentes, L.: Security aspects: a framework for enforcement of security policies using AOP. In: Signal-Image Technology & Internet-Based Systems, SITIS, pp. 301–308 (2013)
Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C., Loingtier, J.M., Irwin, J.: Aspect-oriented programming. In: Akşit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)
Kalam, A., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: Policies for Distributed Systems and Networks (2003)
Autrel, F., Cuppens, F., Cuppens, N., Coma, C.: MotOrBAC 2: a security policy tool. In: Third Joint Conference on Security in Networks Architectures and Security of Information Systems, SARSSI (2008)
Morales, G., Maag, S., Cavalli, A., Mallouli, W., de Oca, E., Wehbi, B.: Timed extended invariants for the passive testing of web services. In: IEEE International Conference on Web Services, pp. 592–599 (2010)
Mallouli, W., Wehbi, B., de Oca, E.M., Bourdelles, M.: Online network traffic security inspection using MMT tool. In: System Testing and Validation (2012)
Wehbi, B., de Oca, E., Bourdelles, M.: Events-based security monitoring using MMT Tool. In: Software Testing, Verification and Validation (2012)
Howard, M., Lipner, S.: Inside the windows security push. IEEE Secur. Priv. 1(1), 57–61 (2003)
Cavalli, A., de Oca, E., Mallouli, W., Lallali, M.: Two complementary tools for the formal testing of distributed systems with time constraints. In: Distributed Simulation and Real-Time Applications(2008)
Andrade, R., Rebelo, H., Ribeiro, M., Borba, P.: AspectJ-based idioms for flexible feature binding. In: VII Brazilian Symposium on Software Components, Architectures and Reuse, SBCARS, pp. 59–68 (2013)
Mouelhi, T., Fleurey, F., Baudry, B., Le Traon, Y.: A model-based framework for security policy specification, deployment and testing. In: Czarnecki, K., Ober, I., Bruel, J.-M., Uhl, A., Völter, M. (eds.) MODELS 2008. LNCS, vol. 5301, pp. 537–552. Springer, Heidelberg (2008)
De Borger, W., De Win, B., Lagaisse, B., Joosen, W.: A permission system for secure AOP. In: Aspect-Oriented Software Development (2010)
Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium, NDSS, pp. 107–121 (2003)
Zhang, S., Zhao, J.: On identifying bug patterns in aspect-oriented programs.In: 31st Annual International Computer Software and Applications Conference, COMPSAC 2007, vol. 1, pp. 431–438 (2007)
De Win, B., Piessens, F., Joosen, W.: How secure is AOP and what can we do about it? In: Software Engineering for Secure Systems, pp. 27–34 (2006)
Serme, G., De Oliveira, A.S., Guarnieriy, M., El Khoury, P.: Towards assisted remediation of security vulnerabilities. In: 6th International Conference on Emerging Security Information, Systems and Technologies, SECURWARE (2012)
Padayachee, K., Eloff, J.: An aspect-oriented model to monitor misuse. In: Sobh, T. (ed.) Innovations and Advanced Techniques in Computer and Information Sciences and Engineering, pp. 273–278. Springer, Netherlands (2007)
Pinto, M., Gámez, N., Fuentes, L., Amor, M., Horcas, J.M., Ayala, I.: Dynamic reconfiguration of security policies in wireless sensor networks. Sens. 15(3), 5251 (2015)
Horcas, J.-M., Pinto, M., Fuentes, L.: Runtime enforcement of dynamic security policies. In: Avgeriou, P., Zdun, U. (eds.) ECSA 2014. LNCS, vol. 8627, pp. 340–356. Springer, Heidelberg (2014)
Acknowledgment
Work funded by the European INTER-TRUST FP7–317731 and the Spanish TIN2012–34840, FamiWare P09-TIC-5231, and MAGIC P12-TIC1814 projects.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Horcas, JM., Pinto, M., Fuentes, L., Mallouli, W., de Oca, E.M. (2015). Dynamic Deployment and Monitoring of Security Policies. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-22906-5_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22905-8
Online ISBN: 978-3-319-22906-5
eBook Packages: Computer ScienceComputer Science (R0)