GSoC 2018 Ideas List

IoT Security module for trusted machines

Develop a security module for an IoT-like (very) resource-constrained device that communicates over MQTT and/or CoAP communication protocol, with OAuth/OpenID Connect-based authentication, and XACML-based [1] authorization using AuthzForce open source XACML framework. The Security module should be programmed preferrably with safe/secure-by-design technologies. Therefore, the student should use a safe-by-design programming-language or framework such as Rust, Micropython (safe mode), Javolution or Ada/SPARK. The student is free to propose other alternatives that will be reviewed by our organization before approval. A possible usage of this module will be to be embedded inside a drone or a smart vehicule and implement the GeoXACML extension that allows to control access based on geolocation using a standard XACML extension.

[1] Attribute Based Access Control
[2] eXtensible Access Control Markup Language OASIS standard

Security Policy Design Center

Develop a user-friendly desktop application (compatible with Linux/Ubuntu at least) that provides a GUI for ABAC [1] policy editing and testing. The application should support XACML [2] PolicySet import/export, enable the user to edit the policy, and test the policy evaluation with XACML Requests against an embedded XACML PDP (authorization decision service) based on AuthzForce engine. Therefore, the application should provide a XACML Request editor as well, and a XACML Response viewer. To help mitigate the complexity of policies, the application should provide some wizards or templates for creating policies from scratch. The student is free to choose a GUI framework and submit its choice to our organization for approval. However, preferred solutions at the moment are the following: Eclipse framework, JavaFX or QT (with Java binding). Note that AuthzForce API are in Java.

[1] Attribute Based Access Control
[2] eXtensible Access Control Markup Language OASIS standard