Security

Nowadays, complex software environments are built by assembling and integrating existing components and systems. This integration may happen in a loose or tight manner. It may cross organization boundaries and may bridge heterogeneous technologies and technical environments through, e.g., web services, widgets or portals. Such large and open environments raise serious security concerns. Classical security issues like authentication and authorization but also emerging issues like service availability, reliability and trust must coped with to guarantee secure operation, system integrity and stakeholders satisfaction and trust.

The aim of the Security PReCISE group is to design and implement innovative solutions that address critical issues in information systems security. PReCISE is mainly focusing on (1) user and identity management in large and heterogeneous environments, (2) authorization and access control to resources and services, (3) rights expression languages and (4) web service availability, reliability and reputation.

 

Themes

  • Standard-based interoperable authentication solutions. Beyond authentication, user and identity management becomes an issue due, notably, to environments where, for instance, access must be granted to users that do not authenticate and are not managed locally, but by a third-party that needs to be trusted. Protocols like SAML, OpenID… provide building blocks for designing higher-level protocols supporting such complex scenarios. PReCISE develops trustable and interoperable authentication solutions more particularly in complex web interactions, like widget-based environments.
  • Authorization and access control policies and mechanisms. Rules governing authorization decisions are often complex, and even after access has been granted, ensuring only acceptable use of the resources (also known as usage control) requires appropriate measures. PReCISE develops interoperable access and usage control mechanisms, based on and extending existing standards such as RBAC, OrBAC or P-RBAC, applied to various types of digital resources.
  • Rights expression languages. Access and usage control policies need to be expressed in an interoperable way. Rights Expression Languages (REL) makes it possible to describe complex policies, derived from the access control model, taking into account advanced conditions, obligations, and other types of constraints. PReCISE is an active contributor to the W3C ODRL Community, and explores application of the language to Privacy Rights Management, notably to medical data or mobile environment. Methodological aspects inspired from Privacy by Design are also included in the research spectrum.
  • Web service availability, reliability and reputation. Availability is the proportion of time a web service is in a functioning condition. Sustaining high availability of a web service is a challenging but crucial issue. For a web service, failing to respond with an acceptable quality of service would cause a negative satisfaction of the users, and hence a drop of the future number of requests. Intelligent techniques have been developed for ensuring high availability and reliability of services. These techniques include substitution, QoS monitoring and trust evaluation.

  

Resources

  •  Selected publications
  • Lim ERBIN, Philippe THIRAN, Zakaria MAAMAR. Towards Defining and Assessing the Non-Functional Properties of Communities of Web Services, in Proceedings of the 25th IEEE AINA, collection IEEE Proceedings. 2011.
  • KHOSRAVIFAR B., BENTAHAR J., MOAZIN A., THIRAN Ph. Analyzing Communities of Web Services Using Incentives. International Journal of Web Services Research, volume 7, issue 3, pages 30-51, 2010.
  • Lim ERBIN, Philippe THIRAN. Sustaining high-availability and Quality of Web services, in Current Trends in Web Engineering, collection LNCS, Springer. 2009.
  •  Softwares

Contributing projects

  • iTEC: Innovative Technologies for an Engaging Classroom (EU FP7 Project)
  • Application of DRM scheme to protection of nomad data (FUNDP/CERUNA funded project)
  • Communties of Web services (high-availability of Web services)

 

Senior members