Adapting the Model Driven Security strategy to generate contextual security policy for multi-cloud systems (W.F. Ouedraogo, Frédérique Biennier, Parisa Ghodous)
Abstract
To fit the renewed globalised economical environment, enterprises, and mostly SMEs, have to develop new networked and collaborative strategies, focusing on networked value creation (instead of the classical value chain vision), fitting the blue ocean context for innovative products and service development. Such collaborative networks are by now often based on trusted and well known communities. Developing large scale networked and collaborative strategies involve increasing both enterprise and information system agility and interoperability in order to allow their interconnection. This requires paying attention on an end-to end security and on the way information and process are used during their full life-cycle. As traditional security approaches and methodologies provide only an “instant” and rather static protection, they do not fit the dynamicity nor the life-cycle long protection constraints involved by such collaborative organisation.
To overcome this limit, we propose to adapt the Digital Right Management approach (first defined for multimedia contents) to collaborative information systems.
After proposing a semi-distributed architecture used to manage usage rights, we propose a security policy model including both usage rights and related obligations. This leads us to extend the security policy descriptions, including a dedicated syntax and semantics to model both policy organisation, usage and obligations before paying attention on the “collaborative environment constraints”.
Paying attention on the way collaborative organisations are set and evolve, we have proposed an integration algebra to manage the way security and usage policies are composed depending on the way partners join and quit the collaborative context. This composition process and integration algebra analyse the collaborative business processes to identify the way policies are composed and negotiated.
A short bio
Frédérique Biennier is a Professor at INSA Lyon, Computer Science Dept. She passed her MSc in Computer Science in 1988 and got a Ph. D in Computer Science and Automatics in 1990. After creating and managing the Service Oriented Enterprise research group, she joined the LIRIS Service Oriented Computing research team. Her main research topics focus on service and cloud ecosystems models, business process management, service technology and security management. She is a member of the IFIP WG5.5 and WG5.7 working groups.
