Abstract
Existing self-protection frameworks so far hardly addressed the specification of autonomic security adaptation strategies which guide risk-aware selection or reconfiguration of security mechanisms. Domain-Specific Languages (DSL) present many benefits to achieve this goal in terms of simplicity, automated strategy verification, and run-time integration. This paper presents a DSL to describe security adaptation policies. The DSL is based on the condition-action approach and on a taxonomy of threats and applicable reactions. The DSL also allows to capture trade-offs between security and other concerns such as energy efficiency during the decision making phase. A translation mechanism to refine the DSL into a run-time representation, and integrate adaptation policies within legacy self-protection frameworks is also presented.
This work has been partially funded by the ANR SelfXL project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI). In: conjunction with Workshop on Foundations on Computer Security, FCS (2004)
Agosta, J., et al.: Towards Autonomic Enterprise Security: Self-Defending Platforms, Distributed Detection, and Adaptive Feedback. Intel. Technology Journal 10(4) (2006)
Agrawal, D., Lee, K.-W., Lobo, J.: Policy-Based Management of Networked Computing Systems. IEEE Communications Magazine 43(10), 69–75 (2005)
Alia, M., Lacoste, M., He, R., Eliassen, F.: Putting Together QoS and Security in Autonomic Pervasive Systems. In: International Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet) (2010)
Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: An Integrated Model for Access Control and Information Flow Requirements. In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 111–125. Springer, Heidelberg (2007)
Blanco, C., Lasheras, J., Valencia-Garcia, R., Fernandez-Medina, E., Alvarez, J., Piattini, M.: A Systematic Review and Comparison of Security Ontologies. In: International Conference on Availability, Reliability and Security (ARES) (2008)
Chebaro, O., Broto, L., Bahsoun, J.-P., Hagimont, D.: Self-TUNe-ing of a J2EE Clustered Application. In: International Workshop on Engineering of Autonomic and Autonomous Systems (EASe) (2009)
Chess, D., Palmer, C., White, S.: Security in an Autonomic Computing Environment. IBM Systems Journal 42(1), 107–118 (2003)
Claudel, B., De Palma, N., Lachaize, R., Hagimont, D.: Self-protection for Distributed Component-Based Applications. In: Datta, A.K., Gradinariu, M. (eds.) SSS 2006. LNCS, vol. 4280, pp. 184–198. Springer, Heidelberg (2006)
Coma, C., Cuppens-Boulahia, N., Cuppens, F., Cavalli, A.R.: Context Ontology for Secure Interoperability. In: International Conference on Availability, Reliability and Security (ARES) (2008)
Cuppens, F., Gombault, S., Sans, T.: Selecting Appropriate Counter-Measures in an Intrusion Detection Framework. In: IEEE Computer Security Foundations Workshop (CSFW) (2004)
Cuppens, N., Cuppens, F., Lopez de Vergara, J., Guerra, J., Debar, H., Vazquez, E.: An Ontology-based Approach to React to Network Attacks. In: International Conference on Risk and Security of Internet and Systems (CRiSIS) (2008)
Debar, H., Thomas, Y., Boulahia-Cuppens, N., Cuppens, F.: Using Contextual Security Policies for Threat Response. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 109–128. Springer, Heidelberg (2006)
He, R., Lacoste, M.: Applying Component-Based Design to Self-Protection of Ubiquitous Systems. In: 3rd ACM Workshop on Software Engineering for Pervasive Services (SEPS) (2008)
He, R., Lacoste, M., Leneutre, J.: A Policy Management Framework for Self-Protection of Pervasive Systems. In: International Conference on Autonomic and Autonomous Systems (ICAS) (2010)
He, R., Lacoste, M., Leneutre, J.: Virtual Security Kernel: A Component-Based OS Architecture for Self-Protection. In: IEEE International Symposium on Trust, Security and Privacy for Emerging Applications (TSP) (2010)
Kephart, J., Walsh, W.: An Artificial Intelligence Perspective on Autonomic Computing Policies. In: IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY) (2004)
Kim, A., Luo, J., Kang, M.: Security Ontology for Annotating Resources. In: International Conference on Ontologies, Databases, and Application of Semantics, ODBASE (2005)
Lacoste, M., Jarboui, T., He, R.: A Component-Based Policy-Neutral Architecture for Kernel-Level Access Control. Annals of Telecommunications 64(1-2), 121–146 (2009)
Mernik, M., Heering, J., Sloane, A.: When and How to Develop Domain-Specific Languages. ACM Computing Surveys 37(4), 316–344 (2005)
Muller, P.-A., Fleurey, F., Jézéquel, J.-M.: Weaving Executability into Object-Oriented Meta-languages. In: Briand, L.C., Williams, C. (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 264–278. Springer, Heidelberg (2005)
NIST. A Survey of Access Control Models. In: NIST Privilege (Access) Management Workshop (2009), http://csrc.nist.gov/news_events/privilege-management-workshop/
Serrano, M., van der Meer, S., Strassner, J., Paoli, S., Kerr, A., Storni, C.: Trust and Reputation Policy-Based Mechanisms for Self-protection in Autonomic Communications. In: González Nieto, J., Reif, W., Wang, G., Indulska, J. (eds.) ATC 2009. LNCS, vol. 5586, pp. 249–267. Springer, Heidelberg (2009)
Simmonds, A., Sandilands, P., van Ekert, L.: An Ontology for Network Security Attacks. In: Manandhar, S., Austin, J., Desai, U., Oyanagi, Y., Talukder, A.K. (eds.) AACC 2004. LNCS, vol. 3285, pp. 317–323. Springer, Heidelberg (2004)
Strassner, J., de Souza, J.N., Raymer, D., Samudrala, S., Davy, S., Barrett, K.: The Design of a New Policy Model to Support Ontology-Driven Reasoning for Autonomic Networking. In: Latin American Network Operations and Management Symposium (LANOMS) (2007)
Twidle, K., Dulay, N., Lupu, E., Sloman, M.: Ponder2: A Policy System for Autonomous Pervasive Environments. In: International Conference on Autonomic and Autonomous Systems (ICAS) (2009)
Undercoffer, J., Joshi, A., Pinkston, J.: Modeling Computer Attacks: An Ontology for Intrusion Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 113–135. Springer, Heidelberg (2003)
van Deursen, A., Klint, P., Visser, J.: Domain-Specific Languages: An Annotated Bibliography. ACM SIGPLAN Notices 35(6), 26–36 (2000)
Verma, D., Calo, S.B., Cirincione, G.: A State Transition Model for Policy Specification. IBM Research Report RC24766 (March 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
He, R., Lacoste, M., Pulou, J., Leneutre, J. (2011). A DSL for Specifying Autonomic Security Management Strategies. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cavalli, A., Leneutre, J. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2010 2010. Lecture Notes in Computer Science, vol 6514. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19348-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-19348-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19347-7
Online ISBN: 978-3-642-19348-4
eBook Packages: Computer ScienceComputer Science (R0)