Nowadays technologies make it quick and easy to build and deploy different types of computer networks, or to join existing ones. This ease of use will continue to improve, and more user-friendly communication technologies are likely to emerge. This will result in different kinds of complex, heterogeneous, decentralized networks, built or extended by non-expert users. Such networks need to be able to manage themselves, because human intervention for network administration is expected to be more and more undesired, expensive, inefficient, or at least time-consuming, according to the application field.

In the security context, self-managing networks should be able to protect themselves and their resources against both internal and external potential attacks. In case of a successful attack, a network should be able to heal over the damage by itself. In other words, the security system of a self-managing network must be a self managing system. In addition to providing self-protection and self-healing properties to the network in which it is implemented, such a security system should be able to reconfigure and optimize itself. In order to achieve self-protection, self-healing, self configuration and self-optimization, a computing system needs rules telling when and how to react, using what tools and on which assets. In other words, a self-managing system needs policies. According to the application field, a self-managing system might need to depend on policies specified directly by end users in the form of high level objectives. It should be able to enforce such high-level policies, and to apply self-management operations on them to adapt them to changes in its context.

Our general objective is to propose security solutions specific to autonomic networks. The need for self-management solutions had been recognized by several specialists in different relevant domains, and many corresponding initiatives were launched, as elaborated in [55] and [41]. Our work is based on the initiative of IBM [51] about Autonomic Computing. In our research, we study the realization of the Autonomic Computing vision [56], to build a platform for an autonomic security system for infrastructureless networks. We believe that such a platform would be a step Toward a Security Administration System for Autonomic Networks.

The thesis is divided into three parts. It achieves its goal at the end of the second part, while the first one puts the reader in the exact context of the presented research, and the third part tries to convince her/him of the feasibility of the proposed solutions. In the first part, a theoretical background is provided before giving our view of autonomic networks and their security, and eventually the definition of our network model. The second part first introduces an access control model for autonomic networks, and eventually proposes the bases of an autonomic system for access control administration.

The autonomic network model and the autonomic security platform, which are introduced in the first part, constitute bases for many research challenges. In order to emphasize the important aspect of policy management in autonomic computing systems, in addition to several other interesting concepts, we opted for working on an access control system for autonomic networks. In the second part, we detail our solution, which is an access control model and its administrative model, proposed as foundations of an autonomic security system for infrastructureless networks.

As the title of the thesis, “Toward a Security Administration System for Autonomic Networks”, indicates, we intend to make contributions in two fields, namely “Security Administration” and “Autonomic Networks”. Because the security administration solution that we will propose is dedicated to autonomic networks, it turns to be a contribution in the field of “Autonomic Security”. We present a set of concepts and definitions in this area, but we mainly try to contribute to the domain of “Access Control”. It was however important to begin the title of our thesis with “Toward”. This is because we do not claim that we propose a complete solution for an autonomic security system. More specifically, this thesis proposes a groundwork for such a system, which we believe to be indispensable in future networks.

Autonomic Networks: A first minor but basic contribution is a generic definition of autonomic networks . Based on this definition, we introduce a set of features defining an Infrastructureless Organizational Autonomic Network (IOrgAutoNet) . The IOrg AutoNet model is mainly characterized by an evolving organizational structure and its evolution scheme . The IOrgAutoNet model is our another contribution in the domain of autonomic networks. We already presented our first trials for defining autonomic networks and a corresponding evolving organizational model in early publications .

Actually, the essential contributions in this thesis are specifically in the field of access control. Hence, we define an access control model for IOrg-AutoNets. A complete chapter is dedicated to this model . We do not claim however that we propose a completely new access control model. Our model is a variant of RBAC [89] adapted to the requirements of the organizational and autonomic computing aspects in IOrg AutoNets . Nevertheless, this adaptation implied a set of enhancements to the RBAC model and to a related policy specification language. We consider those enhancements as contributions to the access control field.