Subventions et des contributions :

Subvention ou bourse octroyée s'appliquant à plus d'un exercice financier. (2017-2018 à 2022-2023)

Thanks to the proliferation of ubiquitous devices as well as the wide adoption of virtualization, the ICT industry is more relying on small and limited-resources devices supported by virtualized services. This trend is challenging security solutions architects because of the high mobility of devices and the continuous changing of their execution context, especially the fluctuation of available computation resources. Consequently, there is an urgent need for novel context-aware, adaptable and fine-grained security enforcement solutions. If these solutions are enough optimised and fine-grained, they can benefit from the recent progress in software deployment and shipment technologies. We believe that it is time to rethink the design of security solutions towards a novel generation of enforcement mechanisms that are autonomous, context-aware, and extendable. These mechanisms should be able to (a) survive the starvation of resources and fluctuation of resource availability, (b) be context-aware in order to choose the best enforcement actions, and (c) be offloaded (shipped) where more resources are available in order to collaborate with nearby devices or remote infrastructure towards the achievement of security objectives.

First, this research will start by proposing novel specification languages that allow describing context-aware security policies. These languages permit describing different types of contexts including but not limited to resource availability, enforcement capabilities, and infrastructure topology. Second, it will propose novel security frameworks allowing adaptable enforcement of context-aware security policies. The target Frameworks will include (a) algorithms and tools for profiling resources consumption and other features related to the execution context, (b) mathematical models allowing decision making to select the best fit security mechanisms, and (c) optimized design and engineering of security mechanisms. Finally, the Security Frameworks will be leveraged towards extendable security mechanisms that are (a) autonomous to run standalone, (b) easily shippable to be offloaded for executing where more resources are available, and (c) collaborative to be composed with nearby and/or remote security mechanisms.

The proposed research will leverage recent development in software shipment technologies to enable fast deployment of efficient security mechanisms. This research program will provide novel approaches that will reduce the cost of security enforcement and speed up the deployment of security mechanisms. Consequently, it will allow better protection of IT infrastructures and personal mobile devices, while reducing response time to cyberattacks. It will support the Canadian ICT industry, help Canada maintaining its leadership in Cybersecurity and support the training of highly qualified personnel in this sector.