Samenvatting
Systems of systems are coalitions of autonomous and heterogeneous systems that collaborate to achieve a common goal. The component systems of a system of systems often belong to different security domains, which are governed by different authorities (hereafter called parties). Furthermore, systems of systems are mostly dynamic, with systems joining and leaving a coalition at runtime. An example of system of systems is the anti-piracy operation headed by the European Union
(EU) that is currently taking place in the Horn of Africa, which involves ships from different EU countries.
The security challenges in systems of systems are different from those affecting centralized systems. In a dynamic, inter-organizational coalition of systems, parties might not "know" each other beforehand, might employ different data and organizational models and speak different languages. Nevertheless, they must be able to collaborate for the success of the coalition. We identify four main requirements that an access control framework for systems of systems should satisfy: (1) regulate the access to sensitive information exchanged within a coalition and protect the confidentiality of the collaborating parties’ security policies, (2) preserve the autonomy of parties in the choice of organizational models and vocabulary, and (3) guarantee interoperability among parties. In addition, (4) the framework must be easy to use and to deploy into existing systems of systems.
Several security frameworks for systems of systems have been proposed in the literature.
These frameworks can be divided into two categories: semantic frameworks and trust management (TM) frameworks. Semantic frameworks rely on ontologies for the specification of access control policies and the definition of domain knowledge and context information. This enables interoperability among parties at the cost of limiting the expressive power of the policy language, which does not allow the specification of several types of security constraints (e.g., separation of duty).
On the other hand, TM frameworks rely on an attribute-based approach to access control where access decisions are based on digital certificates, called credentials.
TM frameworks employ expressive policy languages to regulate the access to sensitive information. However, they either assume all parties in a system of systems to use the same vocabulary, or do not provide a mechanism to align different vocabularies.
Furthermore, most TM frameworks compromise the confidentiality of the parties’ security policies in the process of deriving the credentials required for an access decision. Thus, none of the existing frameworks satisfies all the security requirements of systems of systems.
In this thesis we present an access control framework for systems of systems satisfying all the aforementioned requirements. The framework regulates the access to sensitive information by combining context-aware access control models with TM.
Autonomy and interoperability are enabled by the use of ontology-based services.
More precisely, parties may refer to different ontologies in the specification of their policies and to describe domain knowledge and context information; this allows each party to employ the organizational model and terminology that they consider more appropriate within their system. A semantic alignment technique is then employed to align their vocabularies, allowing for mutual understanding. A novel distributed algorithm enables parties to derive the credentials required for an access decision without compromising the confidentiality of their policies.
The applicability of the proposed framework is demonstrated by a prototype implementation for a scenario in the maritime safety and security domain. In the prototype, all components and services have been implemented following the serviceoriented architecture paradigm to facilitate their integration and deployment into existing systems of systems. The modularity of the framework allows for the integration of additional services to support the evaluation of policies and provide
additional functionalities (e.g., a key performance indicator service). Even though our solution has been mainly tested in the maritime safety and security domain, its characteristics make it suitable for many other domains. For example, we have deployed a prototype implementation of the framework also in systems of systems in the e-health and the employability domains. Furthermore, the integration of the framework with ontology-based services makes it a valid candidate for the protection of information on the semantic web.
Originele taal-2 | Engels |
---|---|
Kwalificatie | Doctor in de Filosofie |
Toekennende instantie |
|
Begeleider(s)/adviseur |
|
Datum van toekenning | 28 nov. 2012 |
Plaats van publicatie | Eindhoven |
Uitgever | |
Gedrukte ISBN's | 978-90-386-3251-3 |
DOI's | |
Status | Gepubliceerd - 2012 |