|
|
SERVAL SERvices and networks
security and VALidation (SécuRité et Validation des réseaux et services)
Presentation of SERVAL team
SERVAL is a research team of Telecom Bretagne which focuses on models and tools to design and assess the trust of communicating systems. The confidence we have in a system is tightly coupled with the quality of the validation and on the efficiency of security mechanims which are deployed. Systems are now built using service-oriented approaches (SOA). This tackled new issues on the way functionality can be validated and on the confidence we can have on security mechanims. Systems are now going to be adaptive, in the sense services are delivered by communicating objects. The networking dimension, the voloatility of nodes, impacts the robustness of deployed services and the related security policy. In the field of modelling, model-driven engineering (MDE) appears as a promising approach both to rationalize a development process (model transformations, metamodelling) and to provide interoperability bridges between several concerns (functional, performances, security, dependability), which are often called aspects. Metamodels and theirs associated treatments allow to produce the testing artefacts automatically for security policies and security fault models. MDE technology appears as a good candidate to model the expected features of a resilient system, and automatically derive the testing and vigilance artefacts. |
|
|
||
|
Adresse/Address : 2,
rue de la Châtaigneraie 35576 Cesson Sévigné Cedex
Téléphone/Phone : 33 (0)2 99
12 70 47 |
Responsable Scientifique / Team Leader
Yves
Le Traon Yves.LETRAON-att-telecom-bretagne.eu Chercheurs et Enseignants-Chercheurs / Researchers
Ahmed Bouabdallah Maître de conférences Ahmed.Bouabdallah-att-telecom-bretagne.eu
Maître de conférences Sylvain.Gombault-att-enst-bretagne.fr
Jean-Pierre Le Narzul Maître de conférences JP.LeNarzul-att-enst-bretagne.fr
Chercheurs Doctorants / PhD Students
Jean-François Capuron
Thomas Demongeot
Tejeddine Mouelhi
Vincent Ferru
|
|
|||
GoalsThree complementary technologies are now converging around the notion of “resilient” and adaptive systems, which are the communication and network technologies, the service-oriented requirements and architectures, and the model-driven approaches. The economic pressure and the difficulty to build such systems enforce the use of practical solutions based on these three main technologies. In the communications and network technologies, the recent trends consist of allowing many nodes to participate or leave a given network (social networks, P2P systems, ad-hoc networks, delay tolerant networks), potentially at a very large scale. The issue is to guarantee the dependability of such networks and their ability to deliver their services. The problem is that they are highly adaptive so that their robustness (dependability and security) is questionable. The first results on the validation of P2P systems on a Grid ([ASVT08, ASTV08]) reveal that the volatility of nodes is a threat to the performances and dependability of such systems. Currently P2P protocols do not embed the capacity of reorganizing themselves under high volatility. Thus, the link between nodes volatility and the capacity to evolve in a resilient way is not yet demonstrated and testing appears as a good technique to check the resilience of communication platforms and protocols. When considering security, the In the field of service-oriented requirements, the new systems are built based on the services they are required to provide to the final user. This user-centric (or marketing-centric) vision of systems tackles the difficult question of how to compose services in a trustable manner (security and dependability). The collaboration/communication between services is crucial due to the need for coupling the client definition of a service to its provider. Such coupling is done based on the most recent communication and network technologies. One can wonder whether the resulting services can be trusted. The solution we explore is the use of contracts attached to the services, and dedicated to security and dependability properties. Service-oriented architectures thus become vigilant. Indeed, vigilance can be defined as the quality or state of being wakeful and alert. This notion can be extended to the software and network domains as the ability of a system to dynamically detect an unexpected internal state (error or intrusion). The idea of using contracts for improving the vigilance of the final system has been already explored both from theoretical and empirical points of views [LBJ06]. Indeed, Design by Contract is a lightweight technique for embedding elements of formal specification (such as invariants, pre- and post-conditions) into a design, in general for object-oriented programs. Executable contracts allow components to be responsive to erroneous states, and thus may help in detecting and locating faults. The objective is to adapt contracts for security and dependability as a possible technique for detecting intrusions, security violations and erroneous states. We expect to enhance the detection capability by inserting the detection mechanisms directly inside the software. Vigilance is thus a basic mechanism to embed in services (and even communication nodes) a “consciousness” that something is going wrong. Vigilance thus allows detection and a detection leads to a reaction (fault recovery, reconfiguration, self-adaptation). This mechanism is needed to allow reconfiguration mechanisms of resilient systems to be applied dynamically. In the field of modelling, model-driven engineering appears as a very promising approach both to rationalize a development process (model transformations, metamodelling) and to provide bridges to build interoperability between several concerns (functional, performances, security, dependability), which are often called aspects. The issue of merging aspects and models is a crucial dimension of this new technology and a real scientific challenge. However, the interoperability between the models and their associated semantics opens the possibility to express both the service-oriented architectures and the underlying communication models in the same manipulable environment. The metamodels and treatments proposed in [MFBT08a, MFBT08a, BTM08] for security policies and security fault models allowed to produce the testing artefacts automatically. Such an approach could be generalized to usage control and dependability. MDE technology appears as a good candidate to model the expected features of a resilient system, and automatically derive the testing and vigilance artefacts. The main solutions we explore to make systems built with such technologies resilient are: - Model-based testing (MBT). Testing is an activity that aims at both demonstrating discrepancies between a systems actual and intended behaviours and increasing the confidence that there is no such discrepancy. One of the main features of a system to test is the security of the system, especially for those which are safety or business critical. The security of a system classically relates to the confidentiality and integrity of data as well as the availability of systems and the non-repudiation of transactions. Testing security properties is a real challenge, especially for resilient systems which have the capability to dynamically evolve to improve the security attributes. - Vigilance based on dependability and security contracts. Vigilance contributes to the robustness against faulty states (fault tolerance and dependability) and attacks (security). Each node or service (depending on the technological paradigm) being vigilant allows the overall large scale system to be aware of runtime anomalies and thus is a good basis to guide automated reconfigurations. Vigilance is used for detection before reaction and reconfiguration. - Model-driven engineering as the key technology to combine both approaches and relate them to service-oriented and communication-based technologies.
|
|||||
|
|
|||||
|
|
|||||
