Arnaud Oglaza's research while affiliated with Paul Sabatier University - Toulouse III and other places

Publications (18)

Article
Full-text available
An effective network security requirement engineering is needed to help organizations in capturing cost-effective security solutions that protect networks against malicious attacks while meeting the business requirements. The diversity of currently available security requirement engineering methodologies leads security requirements engineers to an...
Conference Paper
Full-text available
To face disaster relief challenges, crisis management requires operational commitment and efficient coordination of all stakeholders. Deployment of new communication channels at the level of the infrastructure but also at the level of social media streams needs strengthened emergency response processes. We discuss open questions in building an effe...
Article
Full-text available
We describe how FIDO and W3C VCs can overcome the problems of existing identity management systems. We describe our conceptual model and architecture, and the protocol we used by extending FIDO's UAF in order to provide both strong authentication and strong authorization. We built a pilot implementation for U.K. NHS patients to validate our impleme...
Article
Full-text available
We present a dynamic security management framework where security policies are specified according to situations. Situation-based policies easily express complex dynamic security measures, are closer to business, and simplify the policy life cycle management. Situations are specified using complex event processing techniques. The framework is suppo...
Article
Full-text available
Today, permissions management solutions on mobile devices employ Identity Based Access Control (IBAC) models. If this approach was suitable when people had only a few games (like Snake or Tetris) installed on their mobile phones, the current situation is different. A survey from Google in 2013 showed that, on average, french users have installed 32...
Article
Full-text available
We are using more and more devices connected to the Internet. Our smartphones, tablets and now everyday items can share data to make our life easier. Sharing data may harm our privacy and there is a need to control them. However, this task is complex especially for non technical users. To facilitate this task, we present a decision support system,...
Article
Nous utilisons de plus en plus d’equipements informatique connectes a Internet. Nos telephones, nos tablettes, et maintenant les equipements de notre quotidien peuvent desormais partager des informations pour faciliter notre vie. Partager ces donnees peut porter prejudice a notre vie privee et il est necessaire de les controler. Cependant, cette tâ...
Conference Paper
Pervasive computing allows a world full of electronic devices connected to each other, autonomous, context aware and with a certain level of intelligence. They are deployed in our environment to ease our life. However today users don’t control the traffic around their data. The use of mobile devices might increase this problem because the system is...
Article
Making the Internet of Things (IoT) a reality will contribute to extend the context-aware ability of numerous sensitive applications. We can foresee that the context of users will include not only their own spatio-temporal conditions but also those of the things situated in their ambient environment and at the same time, thanks to the IoT, those th...
Conference Paper
Full-text available
Nowadays privacy in ambient system is a real issue. Users will have to control their data more and more in the future. Current security systems don't support a strong constraint: policy writers are non-technical users and not security experts. We propose in this paper to use Decision Support techniques and more specifically Multi-Criteria Decision...

Citations

... Requirements engineering generically covers activities related to software requirements (i.e., what the system should contain or what the software should do in general) [60]. Security requirements engineering specifically addresses security requirements based on risk analysis (i.e., what the system should contain or what the software should do to make it secure) [61]. It is especially important how a system is being designed strategically (i.e., keeping users of information systems in mind during all phases). ...
... In this paper, we propose an adaptive security framework that covers both dynamic risk assessment and situational driven security policy deployment. We extend a maritime-specific risk assessment methodology (MITIGATE [5,6]) to suggest adaptive security controls, and integrate it with a situation-driven security management framework (DynSMAUG [7][8][9]) to dynamically enforce adaptive security policies implementing the security controls. We will follow a situation-driven approach. ...
... To further breakdown the gathered papers' research focus in term of areas/domains so as to provide an understanding of the current popular research area, the following results on the areas/domains and the papers are gathered: • Financial Banking [62,63,81,87,100,101,124] • Education and certification [84,85,107] • Healthcare [46,82,95,127,130,[134][135][136][137]139] • National, e-Gov [57,65,69,72,79,91,96,132,138] • Transportation [137] • Internet of Things (IoT) [55,66,70,88,103,105,106,117,126,128] • Content Management [100,112,120,121,125] • SSI framework and components design [43, 47, 49, 54, 58, 59, 67, 75-77, 80, 83, 86, 93, 97, 98, 102, 104, 109, 110, 112, 114, 122] • Identity Management (IdM) [44, 45, 48, 50-53, 56, 60, 61, 68, 71, 73, 74, 89, 92, 94, 99, 108, 111, 113, 115, 116, 118, 119, 129, 131, 133] The focus on SSI framework and components design is on the improvement, extension, analysis and evaluation concerning existing and proposed new framework and its components (eg, user model and authentication, verifiable credential, cryptographic schemes, key management, digital wallet). The focus on content management is on resolving issues of digital rights management, data sharing, exchange and trading. ...
... DevOps and security engineers are usually mandated to comply and follow certain frameworks. FIDO is a fast, scalable and extensible authentication framework that supports NIST 800-63, GDPR[16], PSD2[12], KYC[72] and PCI-DSS compliance. Especially in the case of the latest release of NIST 800-63 guidelines, where different levels of authenticator assurance are introduced, the Authenticator Assurance Levels (AAL), FIDO's stakeholders such as Yubico, ...
... At present, there are only a few academic papers on the application of SSI in business scenarios. They include the application of SSI in know-your-customer processes in banking [22], remote management of industrial equipment [23], payback programs in retail [12], student exchange [24], epetitions [25], access to public health services [26], assigning medical information to persons without regular identity, e.g. to combat COVID-19 [27]. The majority of these studies represent typical business processes that consider in particular the Consumer-to-Business relationship and omit dealing with inter-organizational collaborations (i.e. ...
... In this paper, we propose an adaptive security framework that covers both dynamic risk assessment and situational driven security policy deployment. We extend a maritime-specific risk assessment methodology (MITIGATE [5,6]) to suggest adaptive security controls, and integrate it with a situation-driven security management framework (DynSMAUG [7][8][9]) to dynamically enforce adaptive security policies implementing the security controls. We will follow a situation-driven approach. ...
... In this paper, we propose an adaptive security framework that covers both dynamic risk assessment and situational driven security policy deployment. We extend a maritime-specific risk assessment methodology (MITIGATE [5,6]) to suggest adaptive security controls, and integrate it with a situation-driven security management framework (DynSMAUG [7][8][9]) to dynamically enforce adaptive security policies implementing the security controls. We will follow a situation-driven approach. ...
... In [46], the authors have discussed the role of user privacy in an android operating system based on mobile phones. Android applications, on average, request 11.4 permissions, out of which 5.12 directly affect privacy. ...
... This article summarizes all our previous works on Kapuer. In [6], we proved the benefit of recommender-based systems for writing policies. In [7], we introduced a first version of our problem solving model as well as the initial Andoid prototype. ...
... On the contrary, if the system learns preferences quickly, interactions with the user are less frequent, but, there is a risk of less accurate preferences, which might lead to irrelevant propositions. We have developed a simulator [26] that provides metrics to evaluate the accuracy and the number of interactions during a learning process. The simulator allows to specify a given user model through a set of predefined privacy policies. ...