Pervasive system was firstly introduced in 1991 by Mark Weiser in [147] to describe integration of back-end computing and communication to daily activities. A pervasive system is an environment in which human can ubiquitously interact with equipments embedded with capabilities of computing and communication. Therefore, information treatment by these equipments can guide and ameliorate daily activities of human being (e.g., usage of Global Position System to help driving). Advances in embedded systems and wireless communications turned pervasive systems into a reality. Miniaturization of computing equipments, particular that of embedded systems, makes human-machine interaction more invisible. Recent innovations in chip design and nano technology allow fewer consumption for embedded systems which facilitate their life-cycle management. Secondly, greatly improved wireless communication capabilities connect these embedded devices in an efficient and hidden manner. These two major technological advances have permitted the emergence of pervasive systems corresponding to the design of Mark Weiser. A pervasive system in this thesis refers to a network (consisting of terminals) which is:
• distributed and decentralized: terminals are physically distributed in one area and are connected through wireless communication. Despite their physical localization, wireless communication makes them logically available to others. Furthermore, the distributed architecture usually calls for decentralized coordination of terminals to meet execution environments.
• dynamic and open: terminals, especially mobile terminals, can join and leave pervasive networks at any time which characterizes openness of pervasive systems. The openness makes system architecture dynamic, i.e., system topology highly depends on time. The dynamic feature of system architecture calls for a highly flexible system modeling to support various conditions.
• large-scale and complex: the size of such systems may become huge with hundreds or thousands of terminals. Coordination of these terminals arrives a high level of complexity. It handles with these terminals, their connections, makes a part of them work together, etc. Instead of traditional solutions for a small number of terminals, large-scale pervasive systems should apply an efficient solution.
Motivation For Self-protecting Systems
Pervasive systems are more open, dynamic, and large-scale than traditional distributed systems. They unravel a whole new landscape of rapidly changing threats and of heterogenous security requirements, calling for strong and yet highly flexible security mechanisms. Managing protection “by-hand” in such a setting becomes far too complex. Thus, the autonomic approach to security management [47] is a major step forward to address those issues, a system now being able to protect itself without or with minimal human intervention. In this thesis, we are interested in the setting of self-protection for pervasive systems, addressing realizability of making a pervasive system self-protecting. Such systems should allow their terminals and network-side servers counteracting against threats ranging from hardware or OS attacks to network attacks. Unfortunately, ubiquitousness of threats and dynamism of pervasive systems make self-protection hardly easy. Within the autonomic approach, we apply autonomous control theories for conventional protection mechanisms, extending the infrastructure towards a framework where threats can be autonomously eliminated.
Some Background on Autonomic Computing
IBM firstly initiated the principle of autonomic computing defining as system self-management, freeing administrators from low-level task management while delivering more optimal system behavior [90]. Autonomic computing constitutes an effective set of technologies, models, architecture patterns, standards, and processes to mitigate the management complexity of dynamic computing systems using feedback control. It meets some IT system tendencies as:
Increasing Complexity of IT Systems IT applications together with their execution environments seem in a dramatic growth in terms of complexity, and manual administration can no more be effective. A huge IT system consisting of hundreds or thousands of applications calls for a terrible number of configurations for each administration which is out of control of human. Maintainability becomes a major bottle-neck. Autonomic computing provides tools to autonomously administer systems by enabling administrators to focus on high-level strategies rather than low-level operational tasks.
Continuous Evolution of Software Systems Software systems are under constant development, can never be fully specified, and are subject to constant adjustment and adaptation [141]. This involves two parts: evolution of design requirements which leads to system updates; and that of executing environment which results in system adaptation. The former asks for an extensible infrastructure to meet evolutional design requirements. The latter illustrates the fact that the execution environment is not known a priori at design time and, hence, the application environment cannot be statically anticipated [87]. This drives software adaptation. Autonomic computing takes care of both evolutions by autonomously reconfiguring its functionalities, architectures, and administration policies.
Increasing Overhead of Administration Administration overhead has already become a crucial factor for complex IT systems. The industry spends billions of dollars to maintain their systems. Configuration by hand may also induce disfunctions and dramatic loss. Autonomic computing is seen as a way of reducing total cost of ownership of complex IT systems by allowing reconfiguration and optimization driven by feedbacks on systems behavior. Formal verification and checking in autonomic computing also guarantees correctness of configurations and manipulations.
Self-protection Challenges
Self-protection was defined as one of the four main properties of autonomic computing [90]. It drives us to add autonomic functionalities in existing or emerging protection frameworks. In this thesis, we define a self-protection framework over which applicative systems can be implemented. As a matter of fact, the whole execution system, ranging from the hardware level to the application level, is protected by the framework. However, several challenges exist in the setting of self-protection.
End-to-End Security for the Framework Such open pervasive systems become increasingly vulnerable to malicious activities covering different aspects from the hardware level to the application level. This is also called ubiquitousness of threats. Therefore, an effective protection framework should cover all these aspects and defend against threats from all the levels.
Flexibility of Control over Applications A self-protection framework usually acts as a separated framework cooperating with an applicative system. It protects applications by applying some supplementary mechanisms. Therefore, this calls for run-time control over applications. We need a flexible platform enabling dynamic reconfiguration over the applicative system.
Efficiency of Protection Mechanisms Overhead of existing protection frameworks remain high. This overhead includes two parts, respectively that of computing and communication. The former refers to computing resources allocation for complementary checking control. The latter targets communication traffics of protection coordination. An efficient protection framework should thus mitigate all these two kinds of overhead.
Feasibility for Self-management Systems In several domains such as context-aware system or cloud computing, whole systems run in an autonomic manner without user intervention. Consequently, their protection should become autonomic. We cannot manually mitigate threats of systems which are autonomously executing.
1 Introduction |