Skip to Main content Skip to Navigation

Architectures et mécanismes de sécurité pour l'auto-protection des systèmes pervasifs

Abstract : Our work applies autonomic computing to conventional authorization infrastructure. We illustrate that autonomic computing is not only useful for managing IT infrastructure complexity, but also to mitigate continuous software evolution problems. However, its application in pervasive systems calls for a collection of design building blocks, ranging form overall architecture to terminal OS design. In this thesis, we propose: - A three-layer abstract architecture: a three-layer self-protection architecture is applied to the framework. A lower execution space provides running environment for applications, a control plane controls the execution space, and an autonomic plane guides the control behavior of the control plane in taking into account system status, context evolution, administrator strategy and user preferences. - An attribute-based access control model: the proposed model (Generic Attribute-Based Access Control) is an attribute-based access control model which improves both the policy-neutrality to specify other access control policies and flexibility to enable ne-grain manipulations on one policy. - A policy-based framework for authorization integrating autonomic computing: the policy-based approach has shown its advantages when handling complex and dynamic systems. In integrating autonomic functions into this approach, an Autonomic Security Policy Framework provides a consistent and decentralized solution to administer G-ABAC policies in large-scale distributed pervasive systems. Moreover, the integration of autonomic functions enhances user-friendliness and context-awareness. - A terminal-side access control enforcement OS: the distributed authorization policies are then enforced by an OS level authorization architecture. It is an efficient OS kernel which controls resource access through a dynamic manner to reduce authorization overhead. On the other hand, this dynamic mechanism improves the integrability of dierent authorization policies. - An adaptation policy specication Domain Specic Language (DSL): all the adaptations of this end-to-end self-protection framework are controlled by some high-level strategies called adaptation policies. A specication DSL for such policies is given which takes into account various aspects for adaptation decision.
Document type :
Complete list of metadatas

Cited literature [144 references]  Display  Hide  Download
Contributor : Ruan He <>
Submitted on : Thursday, March 24, 2011 - 11:17:53 PM
Last modification on : Friday, July 31, 2020 - 10:44:07 AM


  • HAL Id : pastel-00579773, version 1



Ruan He. Architectures et mécanismes de sécurité pour l'auto-protection des systèmes pervasifs. Informatique ubiquitaire. Télécom ParisTech, 2010. Français. ⟨pastel-00579773⟩



Record views


Files downloads