171 |
Italian foreign policy: trends for the twenty-first centuryFaherty, Douglas M. 06 1900 (has links)
Approved for public release, distribution is unlimited / Since the end of the Second World War, foreign policy goals have rarely become the lead issue for any Italian administration, and the desire to maintain the "special relationship" between the United States and Italy has generally muted any dispute The collapse of the Soviet Union and a growing concept of national interest in Italy have combined to change the basis of Italian-American cooperation. With increasing speed and fervor, Italian society and its political leadership continue to develop goals and ideas that are less dependant on foreign influence or reaction than has been the case in the past. The events of the 1990s made many Italians reflect on what their values and principles were. Italians feel increasingly able to voice their opinion, even when it differs with that of the United States. While as partners there is still an inequality of means, the developing independent agenda in Italy will reduce American influence to be an equally competing perspective in the national policy debate. Although it is uncertain how far future foreign policy aims will diverge from American interests, the trend certainly shows that Italians will feel less restraint in voicing their disagreements when they arise. / Major, United States Army
|
172 |
An Analysis of the Impact of Information Security Policies on Computer Security Breach Incidents in Law FirmsHeikkila, Faith M. 01 January 2009 (has links)
Law firms maintain and store voluminous amounts of highly confidential and proprietary data, such as attorney-client privileged information, intellectual properties, financials, trade secrets, personal, and other sensitive information. There is an ethical obligation to protect law firm client data from unauthorized access. Security breaches jeopardize the reputation of the law firm and could have a substantial financial impact if these confidential data are compromised. Information security policies describe the security goals of a law firm and the acceptable actions and uses of law firm information resources.
In this dissertation investigation, the author examined the problem of whether information security policies assist with preventing unauthorized parties from accessing law firm confidential and sensitive information. In 2005, Doherty and Fulford performed an exploratory analysis of security policies and security breach incidents that highlighted the need for research with different target populations. This investigation advanced Doherty and Fulford's research by targeting information security policies and security breach incidents in law firms. The purpose of this dissertation investigation was to determine whether there is a correlation between the timing of security policy development (proactive versus reactive policy development) and the frequency and severity of security breach incidents in law firms of varying sizes.
Outcomes of this investigation correlated with Doherty and Fulford's general findings of no evidence of statistically significant relationships between the existence of a written information security policy and the frequency and severity of security breach incidents within law firms. There was also a weak relationship between infrequency of information security policy updates and increase of theft resources. Results demonstrated that, generally, written information security policies in law firms were not created in response to a security breach incident. These findings suggest that information security policies generally are proactively developed by law firms.
Important contributions to the body of knowledge from this analysis included the effectiveness of information security policies in reducing the number of computer security breach incidents of law firms, an under represented population, in the information assurance field. Also, the analysis showed the necessity for law firms to become more immersed in state security breach notification law requirements.
|
173 |
Militariseringen av EU : Varför valde Sverige att ingå i Pesco?Walldén, Dean, Woxö, Martin January 2019 (has links)
Med anledning av den förändrade säkerhetsmiljön i Europa startade en process som syftade till att öka samarbetet inom säkerhets- och försvarsområdet inom EU. Detta försvarssamarbete kallas det Permanenta strukturerade samarbetet (Pesco) och innebär ett mer upptrappat och konkret militärt samarbete än tidigare inom EU. Genom ett medlemskap i Pesco förbinder sig medlemmarna till att mer intensivt utveckla sin egen försvarskapacitet inom forskning och anskaffning av försvarsmateriel, men även att uppbringa och bibehålla en stark försvarsbudget. Vidare ska även medlemstater bidra med stridsgrupper i beredskap för insatser inom EU:s ram. Hur kan vi förstå logiken i att Sverige ingår med i ett mer bindande försvarssamarbete som Pesco. Syftet med denna studie är att identifiera bakomliggande drivkrafter för att förstå varför Sverige beslutade att ingå i Pesco. Denna fallstudie har nyttjat ett teoretiskt perspektiv som utgått ifrån Graham Allisons konceptuella modeller för att identifiera dessa bakomliggande drivkrafter. Genom en kvalitativ textanalys studeras materialet i denna fallstudie bestående av regeringens proposition gällande deltagande i Pesco, Försvarsutskottets betänkande gällande Pesco och förvarspolitisk inriktning 2016-2020. För att komplettera textmaterialet har även mailintervjuer genomförts med strategiskt utvalda informanter i form av riksdagsledamöter och stabsofficerare i Försvarsmakten. Studiens slutsatser påvisar att de bakomliggande drivkrafterna för beslutet var flera. Den främsta drivkraften var att Sverige sedan tidigare ratificerat EU:s solidaritetsklausul och uttalat en solidaritetsförklaring gentemot övriga medlemstater i EU. Genom att ingå i Pesco förväntas det öka Sveriges trovärdighet som medlemsstat i EU. En ytterligare drivkraft var att ingå i Pesco i ett tidigt skede i syfte att forma samarbetet och ha inflytande i den riktning som Sverige anser var förenliga med militär alliansfrihet, samt att fortsatt driva den mellanstatliga prägel som samarbetet nu innehar. En drivkraft var också att bygga upp det nationella försvaret, öka den operativa förmågan och stärka totalförsvaret genom försvarssamarbetet. En majoritet av Riksdagens partier var överens om Sveriges ingående i Pesco, detta på grund av tidigare beslutad Försvarsinriktningsperiod 2016-2020 som också var en bärande drivkraft till varför Sverige valde att ingå i Pesco. / In response to the changing security environment in Europe a process started aimed at increasing cooperation in the security and defence area within the EU. This defence cooperation is called the Permanent structured cooperation (Pesco) and means a more gradual and substantial military cooperation than before in the EU. Through a membership in Pesco, the members commit to more intensively develop of its own defence capabilities in research and acquisition of defence equipment, but also to obtain and maintain a strong defence budget. In addition, the member states should also contribute with battle groups ready for military missions within the framework of the EU. How can we understand the logic of Sweden joining more binding defence cooperation like Pesco. The purpose of this study is to identify the underlying driving forces to understand why Sweden decided to join Pesco. This case study uses a theoretical perspective based on Graham Allison's conceptual models to achieve this purpose. Through a qualitative text analysis, the data that is studied in this case study consisting of Swedish government proposition and Defence committee report regarding Pesco and Defence bill 2016-2020. In order to widen the study, mail interviews were conducted with strategically selected informants. Those were members of the Swedish parliament and staff officers in the Swedish Armed Forces. The study concludes that the underlying driving forces for the decision were several. The main driving force was that Sweden previously ratified the EU solidarity clause and stated a declaration of solidarity in relation to other member states of the EU. By joining Pesco is also expected to boost Sweden's credibility as a member state of the EU. An additional driving force was to join Pesco at an early stage in order to forge cooperation and have influence in the direction in which Sweden considers compatible with own military nonalignment, and also to continue to drive the intergovernmental nature that Pesco now holds. An additional driving force was also building up the national defence, increase the operational capacity and strengthen the armed forces through the defence cooperation. A majority of the parliamentary parties agreed on joining Pesco because of the previously decided defence bill 2016-2020, which also considers as a driving force for why Sweden chose to join Pesco.
|
174 |
MOS - Modelo Ontológico de Segurança para negociação de política de controle de acesso em multidomínios. / MOS - Ontological Security Model for access control policy negotiation in multi-domains.Venturini, Yeda Regina 07 July 2006 (has links)
A evolução nas tecnologias de redes e o crescente número de dispositivos fixos e portáteis pertencentes a um usuário, os quais compartilham recursos entre si, introduziram novos conceitos e desafios na área de redes e segurança da informação. Esta nova realidade estimulou o desenvolvimento de um projeto para viabilizar a formação de domínios de segurança pessoais e permitir a associação segura entre estes domínios, formando um multidomínio. A formação de multidomínios introduziu novos desafios quanto à definição da política de segurança para o controle de acesso, pois é composto por ambientes administrativos distintos que precisam compartilhar seus recursos para a realização de trabalho colaborativo. Este trabalho apresenta os principais conceitos envolvidos na formação de domínio de segurança pessoal e multidomínios, e propõe um modelo de segurança para viabilizar a negociação e composição dinâmica da política de segurança para o controle de acesso nestes ambientes. O modelo proposto é chamado de Modelo Ontológico de Segurança (MOS). O MOS é um modelo de controle de acesso baseado em papéis, cujos elementos são definidos por ontologia. A ontologia define uma linguagem semântica comum e padronizada, viabilizando a interpretação da política pelos diferentes domínios. A negociação da política ocorre através da definição da política de importação e exportação de cada domínio. Estas políticas refletem as contribuições parciais de cada domínio para a formação da política do multidomínio. O uso de ontologia permite a composição dinâmica da política do multidomínio, assim como a verificação e resolução de conflitos de interesses, que refletem incompatibilidades entre as políticas de importação e exportação. O MOS foi validado através da análise de sua viabilidade de aplicação em multidomínios pessoais. A análise foi feita pela definição de um modelo concreto e pela simulação da negociação e composição da política de controle de acesso. Para simulação foi definido um multidomínio para projetos de pesquisa. Os resultados mostraram que o MOS permite a definição de um procedimento automatizável para criação da política de controle de acesso em multidomínios. / The evolution in the network technology and the growing number of portable and fixed devices belonging to a user, which shares resources, introduces new concepts and challenges in the network and information security area. This new reality has motivated the development of a project for personal security domain formation and security association between them, creating a multi-domain. The multi-domain formation introduces new challenges concerning the access control security policy, since multi-domains are composed by independent administrative domains that share resources for collaborative work. This work presents the main concept concerning the personal security domains and multi-domains, and proposes a security model to allow the dynamic security policy negotiation and composition for access control in multi-domain. The proposed model is called MOS, which is an ontological security model. The MOS is a role-based access control model, which elements are defined by an ontology. The ontology defines a semantic language, common and standardized, allowing the policy interpretation by different domains. The policy negotiation is made possible by the definition of the policy importation and exportation in each domain. These policies mean the partial contributions of each domain for the multi-domain policy formation. The use of ontology allows the dynamic multi-domain policy composition, as well as the verification and resolution of interest conflicts. These conflicts mean incompatibilities between the importation and exportation policy. The MOS was validated through the viability analysis for personal multi-domain application. The analysis was made through the definition of a factual model and the simulation of access control policy negotiation and composition. The simulation was taken place through the definition of a collaborative research projects multi-domain. The results demonstrate the MOS is feasible for implementation in automatic procedures for multi-domain access control policy creation.
|
175 |
Analyse de codes auto-modifiants pour la sécurité logicielle / Self-modifying code analysis for software securityReynaud, Daniel 15 October 2010 (has links)
Les programmes auto-modifiants fonctionnent de manière singulière car ils sont capables de réécrire leur propre code en cours d'exécution. Absents des modèles de calcul théoriques, ils sont pourtant omniprésents dans les ordinateurs et les systèmes d'exploitations actuels. Ils sont en effet utilisés par les chargeurs d'amorçages, pour la compilation à la volée ou encore l'optimisation dynamique de code. Ils sont également omniprésents dans les programmes malveillants, dont les auteurs ont bien compris qu'ils constituaient des objets complexes à analyser. Ils sont également virtuellement présents dans tous les autres programmes mais de manière non-intentionnelle. En effet, on peut voir certaines classes de vulnérabilités, par exemple les failles par débordement de tampon, comme la possibilité d'exécuter accidentellement des données -- ce qui est un comportement caractéristique des programmes auto-modifiants.Au cours de cette thèse, nous avons proposé un modèle théorique permettant de caractériser un certain nombre de comportements auto-modifiants avancés. Nous avons également mis au point un prototype, TraceSurfer, permettant de détecter efficacement ces comportements à partir de l'analyse de traces et de les visualiser sous forme de graphes d'auto-référence. Enfin, nous avons validé par l'expérience à la fois le modèle théorique et l'outil en les testant sur un grand nombre de programmes malveillants / Self-modifying programs run in a very specific way: they are capable to rewrite their own code at runtime. Remarkably absent from theoretical computation models, they are present in every modern computer and operating system. Indeed, they are used by bootloaders, for just-in-time compilation or dynamic optimizations. They are also massively used by malware authors in order to bypass antivirus signatures and to delay analysis. Finally, they are unintentionally present in every program, since we can model code injection vulnerabilities (such as buffer overflows) as the ability for a program to accidentally execute data.In this thesis, we propose a formal framework in order to characterize advanced self-modifying behaviors and code armoring techniques. A prototype, TraceSurfer, allows us to detect these behaviors by using fine-grained execution traces and to visualize them as self-reference graphs. Finally, we assess the performance and efficiency of the tool by running it on a large corpus of malware samples
|
176 |
Přístup Velké Británie k politické integraci Evropy / Great Britain's Attitude towards the political integration in EuropeKuchařová, Alžběta January 2011 (has links)
Britain's attitude towards the European integration has been an uneasy one since its' inception and it thus represents one of the spheres of British politics that has attracted the most attention and that has been one of the most divisive issues of the domestic politics. The British attitude has however responded to the dynamical development of the political integration in Europe. The aim of the thesis is to assess Britain's attitude towards the political integration in Europe and to prove that, despite its dynamical development, the elements of Euroscepticism prevail over the elements of Europeanization. With respect to the aim, the thesis is divided into three chapters. The first one explains the political integration and charts its development and defines the modern concept of Euroscepticism and Europeanization. The second chapter deals with Britain's attitude towards the European integration, its historical background and its development immediately after the Second World War. Substantial part of the chapter is devoted to the analysis of the British attitude towards the milestones of the political integration. The final chapter looks at the stance of the governments of Tony Blair and the current Conservative-led coalition on the political integration and compares them so as to study its development.
|
177 |
Políticas de defesa e segurança colombiana de Álvaro Uribe e Juan Manuel Santos (2002 - 2012): análise sobre mudanças e continuidades para solução do conflito armadoAbumansur, Rochele Karina Costa de Moraes 19 June 2013 (has links)
Made available in DSpace on 2015-09-25T12:22:57Z (GMT). No. of bitstreams: 1
PDF - Rochele Karina Costa de Moraes Abumansur.pdf: 1483891 bytes, checksum: e373865c9cd6ef2ba01b81624e3f2177 (MD5)
Previous issue date: 2013-06-19 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / This research has as its central objective comparative analysis of defense and security plans adopted by the Colombian government of Alvaro Uribe and Juan Manuel Santos, as well as its political and security agendas. This study considers the common defense and security as State Policy which is part of the common foreign to consider as the main threat to state security to Colombian guerilla activity, production of drug trafficking and human rights abuses suffered by the population. The time frame relevant to the purposes of the research extends the Alvaro Uribe government (2002 - 2010) to half of the first term of the government of Juan Manuel Santos (2010 - 2012), in as much as in the previous period only serves to support historic for understanding of recent events. The main conclusion of this study focuses on detecting differences and / or similarities between the security plans of both governments to resolve the matter then whether there is progress or setbacks in the solution of the Colombian conflict and the search for peace in that country. / Esta pesquisa tem como objetivo central a análise comparativa dos planos de defesa e segurança da Colômbia adotados pelos governos de Álvaro Uribe e Juan Manuel Santos, assim como suas políticas e agendas de segurança. Este estudo entende a política de defesa e segurança como Política de Estado da qual faz parte a política externa para segurança e considera como principal ameaça à segurança estatal colombiana a ação das guerrilhas, a produção do narcotráfico e o desrespeito aos direitos humanos sofridos pela população. O recorte temporal pertinente aos propósitos da pesquisa estende-se do governo Álvaro Uribe (2002 2010) à metade do primeiro mandato do governo de Juan Manuel Santos (2010 2012), na medida em que o período anterior apenas nos serve de suporte histórico para entendimento dos acontecimentos recentes. A principal conclusão deste estudo incide em detectar diferenças e/ou semelhanças entre os planos de segurança de ambos os governos para então solucionar a questão de saber se há progressos ou retrocessos na solução do conflito colombiano e na busca pela pacificação daquele país.
|
178 |
MOS - Modelo Ontológico de Segurança para negociação de política de controle de acesso em multidomínios. / MOS - Ontological Security Model for access control policy negotiation in multi-domains.Yeda Regina Venturini 07 July 2006 (has links)
A evolução nas tecnologias de redes e o crescente número de dispositivos fixos e portáteis pertencentes a um usuário, os quais compartilham recursos entre si, introduziram novos conceitos e desafios na área de redes e segurança da informação. Esta nova realidade estimulou o desenvolvimento de um projeto para viabilizar a formação de domínios de segurança pessoais e permitir a associação segura entre estes domínios, formando um multidomínio. A formação de multidomínios introduziu novos desafios quanto à definição da política de segurança para o controle de acesso, pois é composto por ambientes administrativos distintos que precisam compartilhar seus recursos para a realização de trabalho colaborativo. Este trabalho apresenta os principais conceitos envolvidos na formação de domínio de segurança pessoal e multidomínios, e propõe um modelo de segurança para viabilizar a negociação e composição dinâmica da política de segurança para o controle de acesso nestes ambientes. O modelo proposto é chamado de Modelo Ontológico de Segurança (MOS). O MOS é um modelo de controle de acesso baseado em papéis, cujos elementos são definidos por ontologia. A ontologia define uma linguagem semântica comum e padronizada, viabilizando a interpretação da política pelos diferentes domínios. A negociação da política ocorre através da definição da política de importação e exportação de cada domínio. Estas políticas refletem as contribuições parciais de cada domínio para a formação da política do multidomínio. O uso de ontologia permite a composição dinâmica da política do multidomínio, assim como a verificação e resolução de conflitos de interesses, que refletem incompatibilidades entre as políticas de importação e exportação. O MOS foi validado através da análise de sua viabilidade de aplicação em multidomínios pessoais. A análise foi feita pela definição de um modelo concreto e pela simulação da negociação e composição da política de controle de acesso. Para simulação foi definido um multidomínio para projetos de pesquisa. Os resultados mostraram que o MOS permite a definição de um procedimento automatizável para criação da política de controle de acesso em multidomínios. / The evolution in the network technology and the growing number of portable and fixed devices belonging to a user, which shares resources, introduces new concepts and challenges in the network and information security area. This new reality has motivated the development of a project for personal security domain formation and security association between them, creating a multi-domain. The multi-domain formation introduces new challenges concerning the access control security policy, since multi-domains are composed by independent administrative domains that share resources for collaborative work. This work presents the main concept concerning the personal security domains and multi-domains, and proposes a security model to allow the dynamic security policy negotiation and composition for access control in multi-domain. The proposed model is called MOS, which is an ontological security model. The MOS is a role-based access control model, which elements are defined by an ontology. The ontology defines a semantic language, common and standardized, allowing the policy interpretation by different domains. The policy negotiation is made possible by the definition of the policy importation and exportation in each domain. These policies mean the partial contributions of each domain for the multi-domain policy formation. The use of ontology allows the dynamic multi-domain policy composition, as well as the verification and resolution of interest conflicts. These conflicts mean incompatibilities between the importation and exportation policy. The MOS was validated through the viability analysis for personal multi-domain application. The analysis was made through the definition of a factual model and the simulation of access control policy negotiation and composition. The simulation was taken place through the definition of a collaborative research projects multi-domain. The results demonstrate the MOS is feasible for implementation in automatic procedures for multi-domain access control policy creation.
|
179 |
Verification and test of interoperability security policies / Vérification et test des politiques de sécurité d'interopérabilitéEl Maarabani, Mazen 29 May 2012 (has links)
De nos jours, divers systèmes ou organisations peuvent collaborer et échanger des informations ou des services. Ainsi grâce à cette collaboration, ces derniers vont pouvoir travailler ensemble et mener des échanges afin d'atteindre un but commun. Ceci ne peut pas être réalisé sans des problèmes de sécurité. Pour collaborer chaque participant doit définir une politique d'interopérabilité. Cette politique sera en charge de : (i) définir les informations et les ressources partageables et (ii) définir les privilèges d'accès des utilisateurs qui participent à un projet commun qui nécessite une collaboration. Pour garantir un certain niveau de sécurité, il est indispensable de vérifier si le comportement des systèmes des différents participants respecte bien leurs politiques de sécurité. Pour atteindre cet objectif, nous proposons une méthode pour tester les politiques d'interopérabilité en se basant sur deux approches différentes de test : l'approche active et l'approche passive. Le principe de test actif consiste à générer automatiquement une suite de scenarios de test qui peuvent être appliqués sur un système sous test pour étudier sa conformité par rapport à ses besoins en matière de sécurité. Quant au test passif, il consiste à observer passivement le système sous test sans interrompre le flux normal de ses opérations. Dans notre étude nous avons remarqué que les techniques de test actif et passif sont complémentaires pour tester les politiques d'interopérabilité contextuelles. Une politique est dite contextuelle si l'activation de chacune de ses règles est conditionnée par des contraintes qui peuvent être liées à l'environnement de la collaboration ou à chaque participant. Afin de pouvoir générer automatiquement les scenarios de test, il est indispensable de modéliser les politiques d'interopérabilité et le comportement fonctionnel des participants. Dans cette thèse, nous proposons une méthode pour intégrer les politiques d'interopérabilité dans les modèles fonctionnels des participants afin d'obtenir un modèle sécurisé des participants. Le comportement fonctionnel des participants est modélisé par un modèle formel basé sur des automates à états finis. Tandis que les besoins de sécurité sont spécifiés en utilisant le modèle formel OrBAC et son extension O2O. De plus, nous proposons une méthode fondée sur la technique de model checking pour vérifier si le comportement des modèles utilisés dans notre processus de test respecte bien les politiques de sécurité. La génération de cas de test est ensuite effectuée en utilisant un outil développé dans notre laboratoire. Cet outil permet d'obtenir des cas de test abstraits décrits dans des notations standards (TTCN) facilitant ainsi leur portabilité. Dans l'approche de test passif, nous spécifions la politique d'interopérabilité que le système doit respecter en utilisant un langage temporel de premier ordre. Nous analysons ensuite les traces d'exécutions des participants afin d'élaborer un verdict sur leur conformité par rapport à la politique d'interopérabilité. Finalement, nous avons appliqué nos méthodes sur un cas d'usage d’un réseau hospitalier. Cette application permet de démontrer l’efficacité et la fiabilité des approches proposées / Nowadays, there is an increasing need for interaction in business community. In such context, organizations collaborate with each other in order to achieve a common goal. In such environment, each organization has to design and implement an interoperability security policy. This policy has two objectives: (i) it specifies the information or the resources to be shared during the collaboration and (ii) it define the privileges of the organizations’ users. To guarantee a certain level of security, it is mandatory to check whether the organizations’ information systems behave as required by the interoperability security policy. In this thesis we propose a method to test the behavior of a system with respect to its interoperability security policies. Our methodology is based on two approaches: active testing approach and passive testing approach. We found that these two approaches are complementary when checking contextual interoperability security policies. Let us mention that a security policy is said to be contextual if the activation of each security rule is constrained with conditions. The active testing consists in generating a set of test cases from a formal model. Thus, we first propose a method to integrate the interoperability security policies in a formal model. This model specifies the functional behavior of an organization. The functional model is represented using the Extended Finite Automata formalism, whereas the interoperability security policies are specified using OrBAC model and its extension O2O. In addition, we propose a model checking based method to check whether the behavior of a model respects some interoperability security policies. To generate the test cases, we used a dedicated tool developed in our department. The tool allows generating abstract test cases expressed in the TTCN notation to facilitate its portability. In passive testing approach, we specify the interoperability policy, that the system under test has to respect, with Linear Temporal logics. We analyze then the collected traces of the system execution in order to deduce a verdict on their conformity with respect to the interoperability policy. Finally, we show the applicability of our methods though a hospital network case study. This application allows to demonstrate the effectiveness and reliability of the proposed approaches
|
180 |
A trust framework for multi-organization environments / Un système de confiance pour les environnements multi-organisationnelsToumi, Khalifa 01 April 2014 (has links)
De nos jours, la propagation rapide des technologies de communication, de stockage de données et des web services encouragent les entreprises à collaborer entre elles formant ainsi un environnement multi-organisationnels. Ces entreprises participent à cet environnement afin de profiter des opportunités offertes tels que: (1) la possibilité d'utilisation des ressources et des services externes et professionnels (2) la réduction du temps de production et (3) les bénéfices résultant des effets de synergie. Toutefois, cette collaboration n'est pas parfaite. Des nombreux problèmes peuvent apparaître tels que l'utilisation malveillante des ressources, la divulgation des données ou des services inadéquats. Par conséquent, la sécurité est une préoccupation importante des participants. Les principaux défis de sécurité pour un participant sont la gestion de la confiance et le contrôle d'accès. Dans cette thèse, nous avons abordé en particulier ces deux domaines et nous proposons une nouvelle approche de gestion de la confiance pour les systèmes mutli-organisationnels. Notre approche est divisée en quatre parties. Tout d'abord, nous avons défini un modèle de confiance basé sur la notion des vecteurs. Ces derniers sont composés d'un ensemble de paramètres qui permettent de fournir un degré de confiance sous certaines conditions. Dans notre approche, nous envisageons deux types de vecteurs. D'une part, un vecteur lié à une relation entre un utilisateur et une organisation et d'autre part un vecteur qui relie deux organisations. De plus, nous avons montré comment évaluer et partager ces vecteurs entre les organisations, et comment utiliser les informations évaluées pour améliorer la sécurité. Concernant notre deuxième contribution, nous avons intégré ce nouveau modèle de confiance dans le modèle de contrôle d'accès OrBAC (Organization Based Access Control). Cette intégration a donné naissance à notre modèle TRUST-OrBAC. En outre, nous avons appliqué cette solution à un cas d'étude de collaboration entre des entreprises. Troisièmement, nous avons proposé une nouvelle ontologie de confiance basée sur des concepts de contrôle d'accès. Cette ontologie sera utilisée pour partager les degrés de confiance entre les participants et pour définir l'équivalence entre leurs objectifs. Ainsi, comment définir cette relation de confiance, comment comprendre l'objectif de la confiance d'un demandeur, et comment évaluer la valeur de la recommandation sont toutes des problématiques auxquelles nous avons essayé de répondre dans le cadre de ce travail. Quatrièmement, nous avons amélioré notre travail par la conception d'une approche de test passif afin d'évaluer le comportement d'un utilisateur. Cette contribution a été basée sur l'outil de test MMT (Montimage Monitoring Tool). Finalement, nous avons conçu une architecture sécurisée d'un système distribué en se basant sur nos contributions / The widespread of inexpensive communication technologies, distributed data storage and web services mechanisms currently urge the collaboration among organizations. Partners are participating in this environment motivated by several advantages such as: (1) the ability to use external and professional resources, services and knowledge, (2) the reduction of time-consuming requirements and (3) the benefaction of experts experience. However, this collaboration is not perfect since several problems can arise such as the misuse of resources, disclosure of data or inadequate services. Therefore, security is an important concern of the participants. In particular trust management and access control are one of the major security issues for an organization. This thesis addresses these two areas in particular. It proposes a novel and comprehensive trust framework for Multi-Organization Environments. Our approach is organized in four parts. First, we propose a vector based model approach for defining trust vectors. These vectors evaluate a set of requirements, under conditions, and provide a degree of confidence. In our approach, we consider two different types of vectors. On the one hand, a vector that links a user to an organization and, on the other hand, a vector that links two organizations. We also show how these vectors are evaluated and shared among the different organizations, and how we combine the provided trust information in order to enhance the security. Second, the TRUST-OrBAC model was designed to add the previous trust approach to the ORBAC model. Moreover, this solution was applied with a real collaboration network between companies. Third, we present a trust ontology methodology based on access control concepts. This ontology will be used to share the trust beliefs between participants and to make equivalence between their trust objectives. How to define this trust relationship, how to understand the trust objective of a requester, and how to evaluate the recommendation value is addressed in this thesis. Fourth, we improve our work by designing a passive testing approach in order to evaluate the behavior of a user. This contribution is based on the monitoring tool MMT. Finally the entire architecture of our system is proposed
|
Page generated in 0.0554 seconds