Context Aware and Extendable Mobile Security Mechanisms

上下文感知和可扩展的移动安全机制

• 批准号: RGPIN-2017-05422
• 负责人: Talhi, Chamseddine
• 金额: $ 1.68万
• 依托单位: École de technologie supérieure
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2019
• 资助国家: 加拿大
• 起止时间: 2019-01-01 至 2020-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=679195
• 关键词: Context; Aware; Extendable; Mobile; Security

Thanks to the proliferation of ubiquitous devices as well as the wide adoption of virtualization, the ICT industry is more relying on small and limited-resources devices supported by virtualized services. This trend is challenging security solutions architects because of the high mobility of devices and the continuous changing of their execution context, especially the fluctuation of available computation resources. Consequently, there is an urgent need for novel context-aware, adaptable and fine-grained security enforcement solutions. If these solutions are enough optimised and fine-grained, they can benefit from the recent progress in software deployment and shipment technologies. We believe that it is time to rethink the design of security solutions towards a novel generation of enforcement mechanisms that are autonomous, context-aware, and extendable. These mechanisms should be able to (a) survive the starvation of resources and fluctuation of resource availability, (b) be context-aware in order to choose the best enforcement actions, and (c) be offloaded (shipped) where more resources are available in order to collaborate with nearby devices or remote infrastructure towards the achievement of security objectives.****First, this research will start by proposing novel specification languages that allow describing context-aware security policies. These languages permit describing different types of contexts including but not limited to resource availability, enforcement capabilities, and infrastructure topology. Second, it will propose novel security frameworks allowing adaptable enforcement of context-aware security policies. The target Frameworks will include (a) algorithms and tools for profiling resources consumption and other features related to the execution context, (b) mathematical models allowing decision making to select the best fit security mechanisms, and (c) optimized design and engineering of security mechanisms. Finally, the Security Frameworks will be leveraged towards extendable security mechanisms that are (a) autonomous to run standalone, (b) easily shippable to be offloaded for executing where more resources are available, and (c) collaborative to be composed with nearby and/or remote security mechanisms.****The proposed research will leverage recent development in software shipment technologies to enable fast deployment of efficient security mechanisms. This research program will provide novel approaches that will reduce the cost of security enforcement and speed up the deployment of security mechanisms. Consequently, it will allow better protection of IT infrastructures and personal mobile devices, while reducing response time to cyberattacks. It will support the Canadian ICT industry, help Canada maintaining its leadership in Cybersecurity and support the training of highly qualified personnel in this sector.***

由于无处不在的设备的激增以及虚拟化的广泛采用，ICT行业更加依赖虚拟化服务支持的小型且资源有限的设备。由于设备的高移动性及其执行上下文的不断变化，尤其是可用计算资源的波动，这种趋势对安全解决方案架构师提出了挑战。因此，迫切需要新颖的上下文感知、适应性强和细粒度的安全实施解决方案。如果这些解决方案足够优化和细粒度，它们可以从软件部署和运输技术的最新进展中受益。我们认为，现在是时候重新考虑安全解决方案的设计，以实现新一代自主、上下文感知和可扩展的执行机制。这些机制应该能够（a）经受住资源匮乏和资源可用性波动的考验，（b）具有上下文感知能力，以便选择最佳的执行行动，以及（c）在有更多可用资源的情况下卸载（运送）为了与附近的设备或远程基础设施协作以实现安全目标。****首先，这项研究将首先提出允许描述上下文感知安全策略的新颖规范语言。这些语言允许描述不同类型的上下文，包括但不限于资源可用性、执行能力和基础设施拓扑。其次，它将提出新颖的安全框架，允许适应性地执行上下文感知的安全策略。目标框架将包括（a）用于分析资源消耗和与执行上下文相关的其他功能的算法和工具，（b）允许决策者选择最适合的安全机制的数学模型，以及（c）安全的优化设计和工程机制。最后，安全框架将用于可扩展的安全机制，这些机制是（a）自主独立运行，（b）易于运输以在有更多资源可用的情况下执行，以及（c）与附近和/或组织协作或远程安全机制。****拟议的研究将利用软件运输技术的最新发展来实现高效安全机制的快速部署。该研究计划将提供新颖的方法，降低安全执行成本并加快安全机制的部署。因此，它将更好地保护 IT 基础设施和个人移动设备，同时减少对网络攻击的响应时间。它将支持加拿大信息通信技术行业，帮助加拿大保持其在网络安全领域的领先地位，并支持该领域高素质人才的培训。***