Vers un système d'administration de la sécurité pour les réseaux autonomes. (toward a security administration system for autonomic networks).

By the beginning of the twenty-first century, academia and industry decided to work more on better solutions for computer system administration, in response to the increasing complexity and heterogeneity in modern applications [51]. The need for self-managing systems arose, and the IBM’s perspective of Autonomic Computing [56] has become one of the well-known solutions in this field. A considerable number of research challenges were identified by time [55], and recent specific studies focused on such challenges in the communication domain [41]. Our work concerns security in autonomic networks. Infrastructureless networks present several complexity issues in terms of network administration. The lack of a preestablished infrastructure, the possibility of evolution of the topology and the heterogeneity of nodes are the main reasons. Besides, administrators may not be available in certain application fields of infrastructureless networking. Therefore, we opted for working in the context of infrastructureless networks, where autonomic administration is more likely to be needed. Our work aims at establishing the bases of an autonomic access control system for infrastructureless networks, as a step toward a security administration system for autonomic networks. In a first part presenting the research context, and after discussing the theoretical background and certain interesting related work, we point out our research objectives through a certain vision of autonomic networks and certain autonomic security bases. Afterward, we introduce a definition and an organizational structure for infrastructureless autonomic networks. We call an autonomic network having this structure IOrg-AutoNet (Infrastructureless Organizational Autonomic Network). The IOrg-AutoNet structure classifies the network nodes with respect to certain attributes based on the network context. These attributes are trustworthiness, availability and heterogeneity. Such a classification helps assigning different roles to certain nodes, which allows them to collaborate to manage the network instead of humans. The second part of the thesis describes the autonomic access control system that we propose for IOrg-AutoNets. A first chapter defines a collaborative access control model. It concerns a communicating couple of nodes aiming to share certain resources, in the context of a secure relation binding them. We call it Secure Relation Based Access Control (SRBAC). The contribution of SRBAC model is the adaptation of the well-recognized Role Based Access Control (RBAC) model [89] to the requirements of evolution and selfmanagement in an IOrg-AutoNet. Besides, in terms of policy specification, we make another contribution by extending the OASIS RBAC profile of XACML v2.0 [15] with SRBAC-specific entities. We define the Administrative counterpart of SRBAC (ASRBAC) in the second chapter of the access control system part. The ASRBAC model extends the distributed ARBAC02 model [73] with a support for autonomic computing. ASRBAC is expressed using SRBAC itself, which essentially provides the basis for the autonomic administration. We may summarize the contributions of ASRBAC as an extension of ARBAC02 by the following: 1. The network nodes that have administration privileges collaborate to accomplish administration tasks related to the whole network while managing their respective administration domains.