Security enforcement for resource-constrained systems

资源受限系统的安全实施

• 批准号: 402233-2011
• 负责人: Talhi, Chamseddine
• 金额: $ 1.38万
• 依托单位: École de technologie supérieure
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2015
• 资助国家: 加拿大
• 起止时间: 2015-01-01 至 2016-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=573208
• 关键词: Security; enforcement; resource; constrained; systems

Context: The majority of efforts devoted to improve security enforcement architectures have been characterized by sacrificing system resources. However, such approach is no longer appropriate for information systems dedicated to mobile devices (e.g., mobile phones and smartphones), which are characterized by strict memory and power limitations. Objectives: The long-term objective is the exploration of new approaches to allow efficient enforcement of security policies on resource constrained systems. The short-term objectives are (1) analyzing the security of mobile systems to evaluate the vulnerabilities and assess the underlying risks, understand security policies that should be enforced, and identify opportunities for efficient enforcement, (2) formally characterizing security enforcement to investigate enforceable security policies and constrained security enforcement, and (3) defining domain-specific languages for specifying security policies and providing the appropriate mechanisms required for enforcing them efficiently. Scientific Approach: This research program targets the investigation of important issues related to the security of resource-constrained systems. One important issue targeted by the research is analyzing the security of these systems. The objective is to reach the most complete vision of (1) the security attacks threatening mobile systems, (2) the vulnerabilities facilitating their achievement, and (3) the underlying risks. The results of such analysis will be leveraged to generate a classification of security policies to be enforced. The target enforcement mechanisms will be built on top of formal foundations allowing the evaluation of required resources as well as identification of optimization opportunities. In addition, a bridge will be built between the proposed formal models and high-level security policies specification languages. Appropriate languages will be defined to allow specifying security policies and their efficient enforcement on mobile systems. Generic enforcement mechanisms will be generated and optimized when embedded inside mobile applications.