by Laborde, Romain; Kamel, Michel; Barrère, François; Benzekri, Abdelmalek

Security mechanisms enforcement consists in configuring devices with the aim that they cooperate and guarantee the defined security goals. In the network context, this task is complex due to the number, the nature, and the interdependencies of the devices to consider.In previous papers, we have proposed a formal framework that focuses on network security information management refinement. The framework includes three abstraction levels: the network security objectives, the network security tactics, and the network security device configurations. The information models of each abstraction level (consistency, correctness and feasibility) are formally specified and analyzed.In this paper we present the integration of this formal refinement process in the WBEM initiative in order to provide a management infrastructure that guarantees the validity of the deployed security configurations.

DOI: 10.1007/s10922-007-9063-z
Online Date: 3/15/2007
Print publication date: 6/1/2007
View article on SpringerLink

by Paradis, Lilia; Han, Qi

Wireless sensor networks are resource-constrained self-organizing systems that are often deployed in inaccessible and inhospitable environments in order to collect data about some outside world phenomenon. For most sensor network applications, point-to-point reliability is not the main objective; instead, reliable event-of-interest delivery to the server needs to be guaranteed (possibly with a certain probability). The nature of communication in sensor networks is unpredictable and failure-prone, even more so than in regular wireless ad hoc networks. Therefore, it is essential to provide fault tolerant techniques for distributed sensor applications. Many recent studies in this area take drastically different approaches to addressing the fault tolerance issue in routing, transport and/or application layers. In this paper, we summarize and compare existing fault tolerant techniques to support sensor applications. We also discuss several interesting open research directions.

DOI: 10.1007/s10922-007-9062-0
Online Date: 3/13/2007
Print publication date: 6/1/2007
View article on SpringerLink

by Zarpelão, Bruno Bogaz; Mendes, Leonardo de Souza; Proença Jr., Mario Lemes

Detecting anomalies accurately is fundamental to rapid diagnosis and repair of problems. This paper proposes a novel Anomaly detection system based on the comparison of real traffic and DSNS (Digital Signature of Network Segment), generated by BLGBA (Baseline for Automatic Backbone Management) model, within a hysteresis interval using the residual mean and on the correlation of the detected deviations. Extensive experimental results on real network servers confirmed that our system is able to detect anomalies on the monitored devices, avoiding the high false alarms rate.

DOI: 10.1007/s10922-007-9064-y
Online Date: 3/11/2007
Print publication date: 6/1/2007
View article on SpringerLink

by Bernstein, Lawrence; Yuhas, C. M.

DOI: 10.1007/s10922-007-9061-1
Online Date: 3/2/2007
Print publication date: 6/1/2007
View article on SpringerLink

by Koshutanski, Hristo; Massacci, Fabio

Autonomic computing and communication has become a new paradigm for dynamic service integration and resource sharing in today’s ambient networks. Devices and systems need to dynamically collaborate and federate with little known or even unknown parties in order to perform everyday tasks. Those devices and systems act as independent nodes that autonomously manage and enforce their own security policies.Thus in autonomic pervasive communications clients may not know a priori what access rights they need in order to execute a service nor service providers know a priori what credentials and privacy requirements clients have so that they can take appropriate access decisions.To solve this problem we propose a negotiation scheme that protects security and privacy interests with respect to information disclosure while still providing effective access control to services. The scheme proposes a negotiation protocol that allows entities in a network to mutually establish sufficient access rights needed to grant a service.

DOI: 10.1007/s10922-006-9057-2
Online Date: 3/2/2007
Print publication date: 3/1/2007
View article on SpringerLink