Gestion des risques dans les architectures orientées services

Link to publication: thèse Vincent Lalanne (Alban Gabillon, dir.), (Manuel Munier, co-dir.)

Jury (PhD defense December 19, 2013)

  • Jean-Philippe Domenger (PR), LaBRI, Bordeaux (→ president of the jury)
  • Jean-Jacques Lemouland (PR), CRAJ, UPPA
  • Serge Dulucq (PR), LaBRI, Bordeaux
  • Benoît Le Blanc (MC HDR), ENSC, Bordeaux
  • Manuel Munier (MC), LIUPPA, UPPA
  • Philippe Aniorté (PR), LIUPPA, UPPA

Extended abstract

Vincent Lalanne

In this thesis we discuss the application of risk management to distributed information systems. We handle problems of interoperability and securisation of the exchanges within DRM systems and we propose the implementation of this system for the company: it needs to permit the distribution of self-protected contents. We then present the (our) participation in the creation of an innovative company which emphasizes on the security of information, in particular the management of risks through the ISO/IEC 27005:2011 standard. We present risks related to the use of services, highlighting in particular the ones which are not technological: we approach inheritent risks in clouds (provider failure, etc…) but also the more insidious aspects of espionage and intrusion in personal data (case PRISM in June 2013). In the last section, we present a concept of a DRM company which uses metadata to deploy settings in usage control models. We propose a draft formalization of metadata necessary for the implementation of a security policy and guarantee respect of regulations and legislation.

Keywords

ISO/IEC 27005:2011, Web Services, WS Security, SOA, Cloud, metadata, personal data, information security, innovative, digital forensics