DOCSLIB.ORG

Analyzing, Designing & Implementing a Secure, Centralized, Generic

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Analyzing, Designing & Implementing a Secure, Centralized, Generic Analyzing, Designing & Implementing a Secure, Centralized, Generic, Extensible, Input-Sanitizing, Intuitive Configuration Management Station Master’s Thesis, November 2015 E. Ton i <<Page left blank intentionally>> ii Analyzing, Designing & Implementing a Secure, Centralized, Generic, Extensible, Input-Sanitizing, Intuitive Configuration Management Station THESIS Submitted in the partial fulfillment of The requirements for the degree of MASTER OF SCIENCE in COMPUTER SCIENCE TRACK INFORMATION ARCHITECTURE by E. Ton Born in The Hague, the Netherlands Web Information Systems Fox-IT Department of Software Technology Faculty, EEMCS, Delft University of Technology Olof Palmestraat 6 Delft, the Netherlands Delft, the Netherlands http://wis.ewi.tudelft.nl http://www.fox-it.com iii Analyzing, Designing &Implementing a Secure, Centralized, Generic, Extensible, Input-Sanitizing, Intuitive Configuration Management Station Author: E. Ton Student ID: 1344862 Email: [email protected] Abstract This thesis describes the analysis, design and implementation of a management station that is able to support different security network products. It is designed to be centralized so it can support multiple devices from one interface. The management station is generic and extensible, to support a range of different products. As the management station could be used in high assurance organizations, security of the product is taken into account during the whole process. For usability we looked into ways to make the usage more intuitive to users. It also contains a model that improves the quality of configurations used by connected devices by sanitizing user input on correctness. Keywords: security, management station, centralized, genericity, extensibility, input sanitation checking, intuitive, configuration management Future work: extending functionalities of FMS, hardening the device in the network Graduation Committee: Prof. dr. ir. G.J. Houben, Faculty EEMCS1, TU Delft Dr. ir. A.J.H. Hidders, Faculty EEMCS, TU Delft Dr.ir. J.H. Weber, Faculty EEMCS, TU Delft ir. A.N.de Jong, Fox-IT 1 Electrical Engineering, Mathematics and Computer Science i Preface I have been interested in information security for a long time. When I got the chance to do my Master's thesis at Fox-IT, it was a really nice opportunity to be able to combine my security interests with work experience. I have worked during the first part of this project part-time at Fox-IT. There I got the chance to use professional security products, had interesting security related discussions and learned new useful technologies. During the second part of this project where I had to write the thesis, I worked as a freelance software developer and later as security specialist at another company. This combination was far from optimal and finishing the thesis took me therefore a lot of time. I am very happy to finally finish this thesis. From Fox-IT I want to thank my supervisor Adriaan de Jong for his help during the project and feedback on this thesis. From the TU Delft I want to thank my supervisor Jan Hidders for his guidance, help and input. Finally I want to thank my boyfriend, friends and family for their support. ii Contents Preface .................................................................................................................................. ii List of Figures .................................................................................................................... vii 1. Introduction .................................................................................................................. 1 1.1. About Fox-IT .......................................................................................................... 1 1.2. Problem description ............................................................................................... 2 1.2.1. Introduction .................................................................................................... 2 1.2.2. Research problem, goal& objectives ............................................................... 3 1.2.3. Deliverables .................................................................................................... 3 1.3. Approach ................................................................................................................ 4 1.3.1. Methodology .................................................................................................... 4 1.3.2. Research approach and outline ...................................................................... 4 1.3.3. Validation ........................................................................................................ 5 2. Related work ................................................................................................................. 6 2.1. Secure systems ....................................................................................................... 6 2.1.1. High Assurance demands & classifications ................................................... 7 2.1.2. Secure software development: CLASP& SDL ................................................ 8 2.1.3. Validating the security of a system ...............................................................11 2.2. Generic and extensible software ..........................................................................13 2.2.1. Approach for analysis and architectural design. ..........................................13 2.2.2. Implementation .............................................................................................14 2.3. Sanity testing of user input ..................................................................................15 3. Environment analysis ..................................................................................................16 3.1. Security demands & development process ...........................................................16 3.2. Genericity & extensibility: analysis current Fox-IT Security Devices ................17 3.2.1. Approach ........................................................................................................17 3.2.2. General description of the different devices ..................................................17 3.2.3. Analysis security devices ...............................................................................19 3.3. Usability analysis: current problems with devices experienced by customers ...23 3.3.1. Stakeholders & user roles..............................................................................23 3.3.2. Analysis / interviews outcomes .....................................................................23 3.4. General requirements ...........................................................................................24 3.4.1. Requirements by Fox-IT and problem statement (chapter 1) ......................24 iii 3.4.2. Requirements by literature survey (chapter 2) .............................................24 3.4.3. Requirements by analysis (chapter 3) ...........................................................25 3.5. Functional specification ........................................................................................26 3.5.1. Overall concept: Improving the configuration process for the user ..............26 3.5.2. Concept 1: Configuring multiple devices centralized....................................27 3.5.3. Concept 2: Sanity checking of device configurations ....................................27 3.5.4. Concept 3: Extensibility & genericity of the management station ...............28 3.5.5. Concept 4: Security ........................................................................................28 4. General design of the management system ................................................................30 4.1. High level design ..................................................................................................30 4.1.1. General context ..............................................................................................30 4.1.2. Overview of the system ..................................................................................31 4.1.3. General design decisions ...............................................................................31 4.1.4. General workflow ...........................................................................................32 4.1.5. Example of FMS with other devices ..............................................................33 4.2. Containers & interactions ....................................................................................35 4.3. Major components & interactions ........................................................................37 4.3.1. Specification of components ...........................................................................37 4.3.2. Workflows ......................................................................................................38 5. Security Architecture (target) .....................................................................................40 5.1. Security Problem ..................................................................................................40 5.1.1. Assets .............................................................................................................40 5.1.2. Data flow between components .....................................................................42 5.1.3. Threat analysis ..............................................................................................43
Load more

Recommended publications
  • Digital Safety & Security Lt Cdr Mike Rose RN ©
    RNIOA Article 15 [17/05/2020] characteristics linked to their IP address to enable ‘tracking.’ Where internet-based criminality is Digital Safety & Security involved, the acquisition of banking and credit card Lt Cdr Mike Rose RN © data is often the main objective. Introduction The aim of this article is to help people understand Prior to the introduction of the internet, personal the risks they face and how to attempt to mitigate computers for home use were self-contained in that them. So, whether you’re accessing the internet the operating system was bought and installed by with your mobile phone, PC, tablet or laptop, you’re the supplier/user, and external communications potentially exposed to every hacker, digital thief and using the PC were not yet technically developed. spammer across the globe. Not to mention that The most likely risk therefore was the possibility of viruses, trojan horses, spyware and adware are someone switching on unattended, non-password- always just one click away. You wouldn’t drive protected computers and copying sensitive without insurance, a seat belt and a GPS device, information onto an external memory device. so, similarly, when you “surf the net”, you need to Essentially, users were in control of their computing make sure that you are well “buckled up” and well- equipment and paid real money for the services informed. This article is written as a guide to “safe and software they used to a known vendor. surfing” and is just as important for personal users as it is for large tech companies. Malicious websites Spyware, which is software that steals your sensitive data without consent, lurks in many corners of the internet; often in places where you'd least expect it.
    [Show full text]
  • Tunnel Broker Ipv4/Ipv6 Mediante Openvpn
    Trabajo Fin de Grado Grado en Ingeniería de Tecnologías de Telecomunicación Tunnel Broker IPv4/IPv6 mediante OpenVPN Autor: José Luis Peña Higueras Tutor: Francisco José Fernández Jiménez Equation Chapter 1 Section 1 Dpto. de Telemática Escuela Técnica Superior de Ingeniería Universidad de Sevilla Sevilla, 2019 Trabajo Fin de Grado Grado en Ingeniería de Tecnologías de Telecomunicación Tunnel Broker IPv4/IPv6 mediante OpenVPN Autor: José Luis Peña Higueras Tutor: Francisco José Fernández Jiménez Profesor Colaborador Dpto. de Ingeniería Telemática Escuela Técnica Superior de Ingeniería Universidad de Sevilla Sevilla, 2019 Trabajo Fin de Grado: Tunnel Broker IPv4/IPv6 mediante OpenVPN Autor: José Luis Peña Higueras Tutor: Francisco José Fernández Jiménez El tribunal nombrado para juzgar el Trabajo arriba indicado, compuesto por los siguientes miembros: Presidente: Vocales: Secretario: Acuerdan otorgarle la calificación de: Sevilla, 2019 El Secretario del Tribunal A mi familia A mis maestros Agradecimientos En primer lugar, agradecer a mis padres, José Luis Peña Martínez y Francisca Higueras Ruiz por haberme ayudado durante todos los años de carrera y durante la realización de este proyecto. Ellos han estado en los buenos y malos momentos durante el paso por la carrera y me han proporcionado todo lo necesario para poder impartir estos estudios. Además me gustaría agradecer a mi hermano Francisco Javier por el apoyo durante la realización del proyecto. En segundo lugar, quiero agradecer a todos los profesores que han estado a lo largo de la carrera por darme todo el conocimiento necesario tanto en el ámbito académico como en el ámbito laboral. En especial, me gustaría agradecer a mi profesor Francisco José Fernández Jiménez por toda su ayuda durante todo el proyecto, por haber adaptado su horario a las necesidades que en muchas ocasiones tenía y sobre todo, por la orientación que me ha dado a lo largo de todo el proyecto.
    [Show full text]
  • Comparison of Virtual Networks Solutions for Community Clouds
    KTH Royal Institute of Technology Bachelor Thesis Comparison of Virtual Networks Solutions for Community Clouds Examiner: Vladimir Vlassov Author: Albert Avellana Supervisors: Paris Carbone, Hooman Peiro Information and Communication Technology School February 2014 KTH Royal Institute of Technology Abstract Information and Communication Technology School Bachelor Thesis Comparison of Virtual Networks Solutions for Community Clouds by Albert Avellana Cloud computing has a huge importance and big impact nowadays on the IT world. The idea of community clouds has emerged recently in order to satisfy several user expectations. Clommunity is a European project that aims to provide a design and implementation of a self-configured, fully distributed, decentralized, scalable and robust cloud for a community of users across a commmunity network. One of the aspects to analyze in this design is which kind of Virtual Private Network (VPN) is going to be used to interconnect the nodes of the community members interested in access cloud services. In this thesis we will study, compare and analyze the possibility of using Tinc, IPOP or SDN-based solutions such as OpenFlow to establish such a VPN. Acknowledgements I would like to express my gratitude to all those who gave me the possibility to do this thesis in KTH. Firstly, I would like to thank Vlad for the opportunity he gave me to do this thesis and for his support. Secondly, thanks to my thesis supervisors: Paris Carbone and Hooman Peiro, who guided me through the research, helped me and gave me recommendations during this period. Also, I would like to thank F´elixFreitag and Leandro Navarro from Universitat Polit`ecnica de Catalunya for supporting me from Barcelona and make this stay in Stockholm possi- ble.
    [Show full text]
  • SEMOS: a Middleware for Providing Secure and Mobility-Aware Sessions Over a P2P Overlay Network
    SEMOS: A Middleware for Providing Secure and Mobility-Aware Sessions over a P2P Overlay Network B Daouda Ahmat1,2( ), Mahamat Barka2, and Damien Magoni3 1 Virtual University of Chad, N’Djamena, Chad [email protected] 2 University of N’Djamena, N’Djamena, Chad [email protected] 3 University of Bordeaux – LaBRI, Bordeaux, France [email protected] Abstract. Mobility and security are major features for both current and future network infrastructures. Nevertheless, the integration of mobility in traditional virtual private networks is difficult due to the costs of re-establishing broken secure tunnels and restarting broken connections. Besides session recovery costs, renegotiation steps also present inherent vulnerabilities. In order to address these issues, we propose a new dis- tributed mobile VPN system called SEcured MObile Session (SEMOS). Based upon our CLOAK peer-to-peer overlay architecture, SEMOS pro- vides security services to the application layer connections of mobile users. Secure and resilient sessions allow user connections to survive net- work failures as opposed to regular transport layer secured connections used by traditional VPN protocols. Keywords: Connectivity · Mobility · Overlay · P2P · VPN · Security 1 Introduction Mobile devices and wireless networks have progressively provided increased con- nectivity for users. However, such extended connectivity often comes at the expense of vulnerabilities to attacks such as eavesdropping. Malicious users can infiltrate public open networks and attack legitimate traffic. Virtual Pri- vate Networks (VPN) are offering high security to the network traffic [1]. Tra- ditionally, these systems allow the user to securely and remotely communicate with its Intranet through insecure public networks such as the Internet.
    [Show full text]
  • Free Windows Vpn
    Free windows vpn click here to download Start surfing securely with Betternet VPN for Windows. Download our Windows client software and connect within seconds to our VPN servers and protect yourself. Our VPN client comes with many useful features to protect your online safety. During an active VPN connection the application deletes the default gateway, so it is impossible. Free VPN, free and safe download. Free VPN latest version: Free VPN means secure web surfing. This free VPN is an indispensable tool for general browsing; internet fraud is on the rise, and t. Download VPN Unlimited client for Windows and enjoy high-speed, safe and anonymous VPN connection, no matter where you find yourself. Feel the power of total privacy and protect yourself from the public networks threats. Download a VPN for Windows PC with a single click. Any free VPN for PC in this article will keep your data secure and allow you to unblock content. It is also worth keeping in mind that if you require bigger download limits, the VPNs on our best five VPNs for Windows 7 & Windows 10 have money-back guarantees. That means you can test the free plan as. List of over 10 best free VPN software & service providers for Windows 10/8/7 computers. Browse anonymously & protect your Internet connection at all times. It's simplicity makes BetterNet one of the more popular free VPN services for first-timers. The “free-forever” promise means you can use its VPN for as long as you want with no data caps. No logging policy; “Free-forever” promise – you can use its VPN for as long as you want; No data caps; Available for Mac, Windows.
    [Show full text]
  • SEMOS: a Middleware for Providing Secure and Mobility-Aware Sessions Over a P2P Overlay Network Daouda Ahmat, Mahamat Barka, Damien Magoni
    SEMOS: A Middleware for Providing Secure and Mobility-aware Sessions over a P2P Overlay Network Daouda Ahmat, Mahamat Barka, Damien Magoni To cite this version: Daouda Ahmat, Mahamat Barka, Damien Magoni. SEMOS: A Middleware for Providing Secure and Mobility-aware Sessions over a P2P Overlay Network. 8th EAI International Conference on e-Infrastructure and e-Services for Developing Countries, Dec 2016, Ouagadougou, Burkina Faso. pp.111-121, ฀10.1007/978-3-319-66742-3_11฀. ฀hal-01436602฀ HAL Id: hal-01436602 https://hal.archives-ouvertes.fr/hal-01436602 Submitted on 16 Jan 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. SEMOS: A Middleware for Providing Secure and Mobility-aware Sessions over a P2P Overlay Network Daouda Ahmat1,2, Mahamat Barka2, and Damien Magoni3 1 Virtual University of Chad, Chad [email protected] 2 University of N’Djamena, Chad [email protected] 3 University of Bordeaux – LaBRI, France [email protected] Abstract. Mobility and security are major features for both current and future network infrastructures. Nevertheless, the integration of mo- bility in traditional virtual private networks is difficult due to the costs of re-establishing broken secure tunnels and restarting broken connec- tions.
    [Show full text]
  • Mobile VPN Schemes: Technical Analysis and Experiments Daouda Ahmat, Mahamat Barka, Damien Magoni
    Mobile VPN Schemes: Technical Analysis and Experiments Daouda Ahmat, Mahamat Barka, Damien Magoni To cite this version: Daouda Ahmat, Mahamat Barka, Damien Magoni. Mobile VPN Schemes: Technical Analysis and Experiments. 8th EAI International Conference on e-Infrastructure and e-Services for Developing Countries, Dec 2016, Ouagadougou, Burkina Faso. pp.88-97, 10.1007/978-3-319-66742-3_9. hal- 01436612 HAL Id: hal-01436612 https://hal.archives-ouvertes.fr/hal-01436612 Submitted on 16 Jan 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Mobile VPN Schemes: Technical Analysis and Experiments Daouda Ahmat1;2, Mahamat Barka2, and Damien Magoni3 1 Virtual University of Chad, Chad [email protected] 2 University of N'Djamena, Chad [email protected] 3 University of Bordeaux { LaBRI, France [email protected] Abstract. A new class of Virtual Private Networks (VPN), which sup- ports both security and mobility, has recently emerged. Called mobile VPN, these systems provide not only secure tunnels but also session con- tinuity mechanisms despite location change or connection disruptions. These mechanisms enable secure sessions to survive in dynamic/mobile environments without requiring a renegotiation of security keys during the session resumption phase.
    [Show full text]
  • Mobile VPN Schemes: Technical Analysis and Experiments
    Mobile VPN Schemes: Technical Analysis and Experiments B Daouda Ahmat1,2( ), Mahamat Barka2, and Damien Magoni3 1 Virtual University of Chad, N’Djamena, Chad [email protected] 2 University of N’Djamena, N’Djamena, Chad [email protected] 3 University of Bordeaux – LaBRI, Bordeaux, France [email protected] Abstract. A new class of Virtual Private Networks (VPN), which sup- ports both security and mobility, has recently emerged. Called mobile VPN, these systems provide not only secure tunnels but also session con- tinuity mechanisms despite location change or connection disruptions. These mechanisms enable secure sessions to survive in dynamic/mobile environments without requiring a renegotiation of security keys during the session resumption phase. In this paper, we compare four open-source mobile VPNs in terms of functionality and performance. Keywords: Mobile VPN · Resilient session · Seamless resumption 1 Introduction A Virtual Private Network (VPN) provides increased security between two remote entities that exchange data through untrusted networks such as the Internet [1]. VPN systems prevent against various attacks such eavesdropping or replay. However, traditional VPNs fail to support the mobility of users. Indeed, network failures automatically break-up secure tunnels and involve a subsequent renegotiation that is then necessary to reestablish broken tunnels. Such a nego- tiation involves expensive computational operations in order to restore tunnels as well as transport and application layers connections. This phase of nego- tiation causes not only significant latency but also presents risks of Man-In- The-Middle attacks. Traditional VPNs can not therefore effectively operate in dynamic and/or mobile environments. Mobile devices and dynamic environments become pervasive in the Internet.
    [Show full text]
  • Bootstrapping P2P VPN
    Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Bootstrapping P2P VPN Felix Weißl Chair for Network Architectures and Services Department for Computer Science Technische Universität München April 3, 2014 Outline 1 Motivation 2 Network Classification 3 Terms 4 Bootstrapping 1 In unstructured Peer-to-Peer networks 2 In structured Peer-to-Peer-networks 5 Related work 6 Conclusion Felix Weißl: Bootstrapping P2P VPN 2 Motivation Client / Server Peer-to-Peer centralized decentralized server dependent self-organizing single point of failure robust shared resources (bandwidth, CPU) server is bottle-neck scalable secure standard protocols privacy / security issues easy connection establishment bootstrapping problem easy file management network speed usually low source: http://upload.wikimedia.org/wikipedia/commons/f/fb/Server-based-network.svg http://upload.wikimedia.org/wikipedia/commons/3/3f/P2P-network.svg Felix Weißl: Bootstrapping P2P VPN 3 Network Classification Virtual Private Networks Unstructured Structured: Distributed Hash Table e.g. GroupVPN, BitTorrent's distributed tracker Centralized Decentralized e.g. OpenVPN e.g. Tinc Hybrid: Super Nodes e.g. N2N Felix Weißl: Bootstrapping P2P VPN 4 Terms “P2P VPN”: - decentralized virtual private network - popular applications: Hamachi, N2N, P2PVPN, Wippien, freelan Bootstrapping: process of a new peer joining the network Felix Weißl: Bootstrapping P2P VPN 5 Bootstrapping 1. Peer discovery: - discover the network - request one or more
    [Show full text]
  • Open Source Vpn Software Windows
    Open source vpn software windows OpenVPN - The Open Source VPN. Privacy Policy · Terms of Use · About · Jobs · News · Contact · Partners/Clients · Support. © OpenVPN Inc. Why would you trust a closed, proprietary software with your most-sensitive data? Freelan is open-source and completely free. You know everything about its. Without further ado, here are 9 Open Source VPN that can be used with . The VPN server runs on Windows, Linux, FreeBSD, Solaris and Mac. The Shrew Soft VPN Client for Windows is an IPsec Remote Access VPN Client open source VPN gateways that utilize standards compliant software such as. Free open source enterprise distributed VPN server. Virtualize your private networks across datacenters and provide simple remote access in minutes. Unlike enterprise VPN solutions, using a open source VPN software will not It's is an open source GUI for BSD, Windows and Linux operating. Windows 10 incl. certificate support; Import existing configurations. Export encrypted configuration; Service for VPN Connections without. The AnyConnect desktop client runs on Windows, Linux, and Mac OS X, while a OpenVPN is SSL-based open source VPN software. Windows (XP+), OpenVPN Because open source OpenVPN clients require configuration files to be downloaded from a VPN provider and imported into the The two most useful features found in custom VPN clients are. Freelan is a free, open sourced VPN server software that comes with no GUI but great customization features, It lets you abstract LAN network. Tunnelblick | Free open source OpenVPN VPN client server software for Mac OS X and macOS. A VPN based on OpenVPN and operated by activists and hacktivists in defence of net Using our client Eddie - Choose your flavor Open Source, on GitHub.
    [Show full text]
  • A Software-Defined Overlay Virtual Network with Self-Organizing Small-World Topology and Forwarding for Fog Computing
    A SOFTWARE-DEFINED OVERLAY VIRTUAL NETWORK WITH SELF-ORGANIZING SMALL-WORLD TOPOLOGY AND FORWARDING FOR FOG COMPUTING By KENSWORTH C. SUBRATIE A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY UNIVERSITY OF FLORIDA 2019 © 2019 Kensworth C. Subratie This dissertation enshrines the memories of your love, aspirations, and selfless sacrifices. Dedicated to Myrtle Doocran. ACKNOWLEDGMENTS I acknowledge and thank the many people who have influenced and contributed to my progress throughout my doctoral studies. Foremost, I thank my advisor Dr. Renato Figueiredo for his ongoing guidance through this journey. Next, I thank Dr. Jose Fortes for presenting the opportunities that have challenged me to grow as a researcher. I also thank the rest of my PhD committee for their valuable comments, feedback and time. To my peers in the ACIS Lab, both its current and graduated members, with whom I worked alongside over the years, I thank you for making my time at UF a very enjoyable experience. I would like to thank Dr. Paul Hansen, Dr. Cayelan Carey and the members of the PRAGMA and CENTRA groups whose collaborations and support have broadened my insight. Additionally, the experience I garnered from internships with the IBM, Intel and NICT research groups has been invaluable and is sincerely appreciated. Finally, I must express my heartfelt gratitude to my family and loved ones for their ongoing patience, encouragement, support and willingness to attempt to understand what I do and why I chose to do it. This material is based upon work supported in part by the National Science Foundation under Grants No.
    [Show full text]
  • Définition D'une Infrastructure De Sécurité Et De Mobilité Pour Les Réseaux Pair-À-Pair Recouvrants
    Définition d’une infrastructure de sécurité et de mobilité pour les réseaux pair-à-pair recouvrants Ahmat Mahamat Daouda To cite this version: Ahmat Mahamat Daouda. Définition d’une infrastructure de sécurité et de mobilité pourles réseaux pair-à-pair recouvrants. Informatique. Université de Bordeaux, 2014. Français. NNT : 2014BORD0186. tel-01132381 HAL Id: tel-01132381 https://tel.archives-ouvertes.fr/tel-01132381 Submitted on 17 Mar 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE PRÉSENTÉE À UNIVERSITÉ DE BORDEAUX COLLÈGE SCIENCES & TECHNOLOGIES ÉCOLE DOCTORALE DE MATHÉMATIQUES ET D’INFORMATIQUE LABORATOIRE BORDELAIS DE RECHERCHE EN INFORMATIQUE (LaBRI) par DAOUDA AHMAT MAHAMAT POUR OBTENIR LE GRADE DE : DOCTEUR SPÉCIALITÉ : INFORMATIQUE F Définition d’une Infrastructure de Sécurité et de Mobilité pour les Réseaux Pair-à-Pair Recouvrants Soutenue publiquement le : 29 septembre 2014 Après avis des rapporteurs : Anne Fladenmuller, UPMC - LIP6, Maître de Conférences HDR Philippe Owezarski, CNRS - LAAS, Directeur de Recherche HDR Devant la commission d’examen composée de : Présidente du jury : Francine Krief, ENSEIRB - LaBRI, Professeur des Universités Directeur de thèse : Damien Magoni, UB - LaBRI, Professeur des Universités Examinateur : Gwendal Simon, Telecom Bretagne - IRISA, Maître de Conférences ii Abstract — Securing communications in distributed dynamic environments, that lack a central coordination point and whose topology changes constantly, is a major challenge.
    [Show full text]