Context Aware and Extendable Mobile Security Mechanisms

上下文感知和可扩展的移动安全机制

• 批准号: RGPIN-2017-05422
• 负责人: Talhi, Chamseddine
• 金额: $ 1.68万
• 依托单位: École de technologie supérieure
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2019
• 资助国家: 加拿大
• 起止时间: 2019-01-01 至 2020-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=679195
• 关键词: Context; Aware; Extendable; Mobile; Security

Thanks to the proliferation of ubiquitous devices as well as the wide adoption of virtualization, the ICT industry is more relying on small and limited-resources devices supported by virtualized services. This trend is challenging security solutions architects because of the high mobility of devices and the continuous changing of their execution context, especially the fluctuation of available computation resources. Consequently, there is an urgent need for novel context-aware, adaptable and fine-grained security enforcement solutions. If these solutions are enough optimised and fine-grained, they can benefit from the recent progress in software deployment and shipment technologies. We believe that it is time to rethink the design of security solutions towards a novel generation of enforcement mechanisms that are autonomous, context-aware, and extendable. These mechanisms should be able to (a) survive the starvation of resources and fluctuation of resource availability, (b) be context-aware in order to choose the best enforcement actions, and (c) be offloaded (shipped) where more resources are available in order to collaborate with nearby devices or remote infrastructure towards the achievement of security objectives.****First, this research will start by proposing novel specification languages that allow describing context-aware security policies. These languages permit describing different types of contexts including but not limited to resource availability, enforcement capabilities, and infrastructure topology. Second, it will propose novel security frameworks allowing adaptable enforcement of context-aware security policies. The target Frameworks will include (a) algorithms and tools for profiling resources consumption and other features related to the execution context, (b) mathematical models allowing decision making to select the best fit security mechanisms, and (c) optimized design and engineering of security mechanisms. Finally, the Security Frameworks will be leveraged towards extendable security mechanisms that are (a) autonomous to run standalone, (b) easily shippable to be offloaded for executing where more resources are available, and (c) collaborative to be composed with nearby and/or remote security mechanisms.****The proposed research will leverage recent development in software shipment technologies to enable fast deployment of efficient security mechanisms. This research program will provide novel approaches that will reduce the cost of security enforcement and speed up the deployment of security mechanisms. Consequently, it will allow better protection of IT infrastructures and personal mobile devices, while reducing response time to cyberattacks. It will support the Canadian ICT industry, help Canada maintaining its leadership in Cybersecurity and support the training of highly qualified personnel in this sector.***

由于无处不在的设备的激增以及虚拟化的广泛采用，ICT行业更多地依赖于由虚拟化服务支持的小型且资源有限的设备。这一趋势对安全解决方案架构师提出了挑战，因为设备的高度移动性及其执行环境的不断变化，特别是可用计算资源的波动。因此，迫切需要新的上下文感知、可适应和细粒度的安全实施解决方案。如果这些解决方案足够优化和细粒度，它们可以从软件部署和发货技术的最新进展中受益。我们认为，现在是时候重新考虑安全解决方案的设计，以实现自主、上下文感知和可扩展的新一代执行机制。这些机制应该能够(A)在资源匮乏和资源可用性波动中幸存下来，(B)能够感知上下文，以便选择最佳的执行行动，以及(C)在有更多可用资源的地方卸载(运输)，以便与附近的设备或远程基础设施协作以实现安全目标。*首先，这项研究将从提出允许描述上下文感知安全策略的新的规范语言开始。这些语言允许描述不同类型的上下文，包括但不限于资源可用性、实施能力和基础设施拓扑。其次，它将提出新的安全框架，允许自适应地实施情景感知安全策略。目标框架将包括(A)用于分析资源消耗和与执行环境有关的其他特征的算法和工具，(B)使决策能够选择最合适的安全机制的数学模型，以及(C)安全机制的优化设计和工程。最后，安全框架将被用于可扩展的安全机制，这些安全机制是(A)自主地独立运行，(B)易于卸载以在有更多可用资源的地方执行，以及(C)与附近和/或远程安全机制协作。*拟议的研究将利用软件运输技术的最新发展，以实现高效安全机制的快速部署。这项研究计划将提供新的方法，降低安全执法的成本，并加快安全机制的部署。因此，它将允许更好地保护IT基础设施和个人移动设备，同时减少对网络攻击的响应时间。它将支持加拿大的信息和通信技术行业，帮助加拿大保持其在网络安全方面的领导地位，并支持该部门高素质人员的培训。