CIISE Distinguished Seminar: Policy-Based Language for Autonomous and Adaptive Security

Dr. Frédéric Cuppens,
École Nationale Supérieure de l'Aéronautique et de l'Espace

Date: Jan. 23 (10:30-11:30)
Location: EV3.309

Abstract

Policy-based languages provide means to express various types of security requirements including access and usage control, privacy and trust. In this talk, we shall present our work in the context of policy-based systems where policies are used as the main form of adaptation. We shall first show how to model security requirements and discuss different approaches to be used by systems to deploy and manage these requirements. In particular, how can systems autonomously evaluate changes in their environment in order to adaptively reconfigure themselves? How to securely face unexpected risks and activate appropriate countermeasures to respond to new threats? How can we avoid specifying all the behaviours in advance? We shall also address how these systems can securely interact and interoperate using approaches based on policy and trust negotiation. The talk will finally discuss some challenges for future work in this context.

Biography

Frédéric Cuppens is a Full Professor at TELECOM Bretagne, Leader for Institut Mines-Telecom of the Thematic Network on Security of Digital Services and Systems and leader of the CNRS team SFIIS (security, reliability and integrity of information and systems). He holds an Engineering degree as well as a Ph.D. in computer science and an HDR (Habilitation to supervise research). He has been working for more 20 years on various topics of computer security including the definition of formal models for security policies, access control to network and information systems, intrusion detection, reaction and countermeasures, and formal techniques to refine security policies and prove security properties. He has published more than 200 technical papers in international refereed journals and conference proceedings. He served on several conference program committees as member or as General Chair. He was the Programme Committee Chair of several conferences including ESORICS 2000, IFIP SEC 2004, SAR-SSI 2006, SETOP 2008, CRISIS 2011, PST 2011, and DBSEC 2012.