1 / 83

Policy-Guided Flexible Negotiation for Safe Interoperation in Ubiquitous Computing Systems

This dissertation prospectus outlines a solution for safe spontaneous interoperability in ubiquitous computing, addressing the challenges of pre-established trust relationships and rigid protocols. The proposed negotiation protocol is generic and flexible, guided by local policy, allowing for dynamic service discovery and access control. It discusses key issues in system design, research plans, and related work, illustrating scenarios such as web service interactions and smart devices. The approach aims to enhance user experience while ensuring security and privacy in diverse computing environments.

clay
Télécharger la présentation

Policy-Guided Flexible Negotiation for Safe Interoperation in Ubiquitous Computing Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Policy-Guided Interactions in Ubiquitous Computing SystemsA Dissertation Prospectus V. Ramakrishna Advisor:Dr. Peter Reiher Laboratory for Advanced Systems Research Department of Computer Science, UCLA

  2. Problem Safe spontaneous interoperation in ubiquitous computing without pre-established trust relationships or rigid protocols Solution A generic and flexible negotiation protocol guided by local policy Proposal

  3. Outline • Problem Introduction • Proposed Solution • System Research Issues • Design Approach • Research Plan • Related and Complementary Research

  4. Problem Introduction

  5. Scenario – Web Service I have NO TIME to read this list of policies, and I don’t know what they mean! Why do I need to give up all this info? Come to think of it, I don’t really need all this stuff he is promising! Membership Request Your Name, Date of Birth, School, Email? My Privacy Policy: Blah…blah…blah…. Here’s all my info Selected info Web Client News Service Access GRANTED Access REFUSED Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  6. Internet Scenario – Conference Room Allow display access to display only to attendees. Allow access to printer only to journal subscribers. No sound during presentations! Advertise journal! COMMITTEE MEMBER PRIVILEGED ACCESS Require: Web access, Projector display, Printer. Ring during emergency! PDA – CELL PHONE Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  7. Internet Scenario – Car on Freeway GPS High bandwidth connection for streaming video Provide Internet Connection service. Monitor traffic for the city. Identity info, credit card WiMAX BASE STATION Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  8. Motivations • Scenarios support limited ways of interaction • Ubicomp scenarios will have more variations • Rigid policies not desirable • Cannot guarantee pre-established security relationships • Cannot enforce uniform interaction protocols Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  9. The Ubiquitous Computing Vision Computing services everywhere and at any time – Mark Weiser, 1991 Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  10. Ubicomp Goals and Characteristics PHYSICAL INTEGRATION Coffee Shop Personal Network Grocery Time ! Location (GPS) • Characteristics • Decentralized control • Heterogeneity • Ad hoc interactions Home Network No Milk ! Internet SPONTANEOUS INTEROPERATION Video Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  11. Ubicomp Research • Mature research areas • Seamless mobile networking • Open systems and interfaces • Smart space projects; e.g. Intelligent Room, GAIA • Not enough consideration given to • Bottom-up growth of infrastructure • Security and privacy issues Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  12. ALICE BOB Internet Device  Network Device  Device Ubicomp Interoperation Coffee Shop Personal Network Where is Bob? Connectivity? Location? Grocery Time ! GPS • Nature and Purpose • Discovery of external services • Resource usage and access • Intertwined processes of discovery and access control No Milk ! Tell Alice. Display Device? Video Home Network Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  13. Barriers to Interoperation • Concerns • Security and privacy • Dynamism and context changes • Roadblocks • Middleware and security frameworks do not scale • Cannot force particular architectures or security preferences as standards • Cannot guarantee pre-established security relationships

  14. Problems and Challenges • Hard problems • Match service demands to local resources within policy constraints and context • Reach flexible agreements in an automated fashion • Challenges in a ubicomp environment • Heterogeneous devices and communication features • Diversity in resources possessed and exported • Diversity in capabilities, desires and security policies • Huge number of contexts and context-sensitive constraints that cannot be anticipated in advance Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  15. In Ubicomp Environments ….. • Every device and every domain will not support every service or protocol • All pairs of computing entities will not be compatible Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  16. Drawbacks in Existing Approaches • Based on rigid and static policies • Cannot resolve all conflicts • Falls short of autonomic computing • Inadequate security and access control models • Scalability and flexibility issues • Lack of support for non-identity based trust relationships Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  17. Proposed Solution

  18. Service or application layer agreements • Based on policy • Through a process of negotiation Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  19. Platform and Assumptions APPLICATIONS Semantic Web NEGOTIATION SEMANTIC WEB Internet / World Wide Web TCP/IP (RDF/XML) MAC TCP/IP TCP/IP PHYSICAL MAC MAC PHYSICAL PHYSICAL Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  20. Policy-Based Management • Policy describes state and desired behavior • Governs all actions within bounded domains • Wide expressive power • Guides following system aspects • Resource management • Security and access control • Context awareness • Interactions between domains • Discovery and access are the constants • Policy is the only domain dependent variable Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  21. Thesis Summary • Enable negotiation-driven interaction without: • Pre-established trust relationships • Common set of service access protocols • The negotiation protocol: • Guided by local policy that constrains use and export of services • Relies on common resource semantics Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  22. Why Policy? • Minimum necessary for interaction and agreement • Why not specialized applications? • Difficult to make changes and to control • Cannot anticipate all requirements and contexts • Inter-modular dependencies difficult to handle Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  23. Interaction through Negotiation • Bidirectional stateful protocol • Strategic messaging • Constant re-evaluation of goals • Meta-policies and heuristics designed to reach an agreement or compromise A decentralized process of policy resolution and conflict management Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  24. Q1 R2 Q2 R1 Negotiation model D1 D2 R1 R2 P1 P2 S1 S2 Resources Applications Policies Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  25. Internet Scenario – Conference Room Allow display access to display only to attendees. Allow access to printer only to journal subscribers. No sound during presentations! Advertise journal! REQUEST: Display; Web Access; Printer Sorry! I am just a Student Attendee OK I have ACM membership, as a UCLA student COMMITTEE MEMBER PRIVILEGED ACCESS PERMISSION: Projector display, web access OFFER: Journal membership for privileged access PROOF: Committee Member POLICY: No sounds permitted! OFFER: Privileged access Require: Web access, Projector display, Printer. Ring during emergency! PDA – CELL PHONE Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  26. Research Contributions • Interoperation approached top-down • General purpose negotiation framework • Context-sensitive access control • Verification of security properties • Non-intrusive and autonomic • Enhances Panoply ubicomp middleware Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  27. System Research Issues

  28. Protocol Structure • Flexibility • Independent of application and domain characteristics • Identify a tight set of common objects and operations • Only task for users – write high level policies • Extensibility • Strike a useful balance by experimenting with characteristic applications Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  29. Policy Language and Reasoning Engine • An expressive policy language • Must be based on logic • Support declarative cross-domain semantics • Supports formal reasoning • Must manage conflicts and maintain consistency • Support efficient indexing and retrieval Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  30. Candidate Logical Framework • First order logic • Ontology includes objects and relationships • Augment with deontic concepts • Can be augmented (or restricted) to deal with contextual and trust parameters • Reasoning framework and querying algorithms Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  31. Security Aspects • Key research aspects • Security benefits to ubicomp • Secure negotiation protocol from compromise • Security benefits • Concerns proper use of security mechanisms rather than propose new ones • Promotes a paradigm that ensures safety is taken into consideration before interaction • Allows static and dynamic detection of security conflicts • Protocol security • Cryptographic mechanisms, SSL, TLS • Can the nature of the protocol itself be used to compromise security? Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  32. Trust and Access Control • Access control framework targets • Scalability and flexibility • Based on a general notion of trust • Trust model • Based on identity, provable relationships, properties and actions • Domain and application independent • Provides heuristics to compare among choices and make negotiation decisions • Negotiation is a way of doing fine-grained, dynamic and context-sensitive access control • Can be used to build webs of trust Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  33. Negotiation Strategies and Heuristics • Negotiation protocol • Series of messaging rounds • Directed towards a perceived goal • Strategies to choose among various options • Eager and lazy: two extreme ends • Heuristics as decision-making aid • Compute and re-evaluate goals • Must work within policy constraints extrapolated to the current context • Use trust and utility functions Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  34. Theoretical Aspects • Correctness • Completeness • Optimality Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  35. System Design Issues • Resource management, interfaces and access mechanisms • Context Awareness • Performance • Fault tolerance and reliability • Working with low capability devices and networks • Negotiation with legacy devices and software Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  36. Design, Implementation and Evaluation

  37. Panoply Ubicomp Infrastructure • Middleware for ubiquitous computing • Building and management of device communities (spheres of influence) • Spheres of influence • Boundaries around sets of devices and resources • Criteria could be geography (physical location, common LAN), tasks, social group • Scopes policy, which guides interactions • Communication based on an event model Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  38. Panoply Architecture SPHERE MANAGER APPLICATIONS PANOPLY MIDDLEWARE POLICY MANAGER OPERATING SYSTEM NETWORK My Research Associated Research External Components Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  39. Messaging Interface (To other system components, remote computers) FRONT END Protocol State Machine Message Multiplexer/De-multiplexer Event Listener CONTROLLER Semantic Interpretation of Messages Heuristics/Metrics Security/Trust Model POLICY ENGINE Knowledge engineering Mechanisms (Forward Chaining, Backward Chaining, Conflict Resolution, etc.) Policy Database Policy Manager - Functional View Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  40. Negotiation Protocol • Minimal number of message types • Requests • Offers • Policies • Protocol state machine • Based on message types • Independent of message content • Content interpreted by lower layers Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  41. Policy Model • Prolog used for writing policies • Subset of first order logic • Declarative syntax • Fast algorithms for logical reasoning • State information and rules written as predicates • Designated predicates for high-level understanding • External functions (Java) for non-logical tasks • Develop richer ontology Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  42. Current Negotiation Model • Security model • Permit actions or accesses in a conservative manner • Negotiation goals and strategies • Fixed goals and alternatives • Fixed strategy, based on satisfaction of relevant policies Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  43. Future Models • Trust model • Use advanced RBAC mechanisms • Trust levels for comparison of alternatives • Negotiation strategy • Heuristics that allow risk-benefit analysis • Use game-theoretic notions • Utility model than can infer and compare utilities of objects and actions Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  44. Implementation • Policy Manager • Implemented in Java • Policy Engine based on SWI-Prolog • Description of entities, resources and properties • XML and RDF • Security mechanisms • X.509 certificates • Panoply vouchers Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  45. Current Status • Basic policy manager implemented • Front end • Implements protocol state machine • Supports multiple threads • Policy engine • Query the policy database • Add, remove and replace statements • Controller • Adopts simple, cautious negotiation strategy • Requests, offers and checks for alternatives • Integrated within a Panoply sphere • Uses events for negotiation and to obtain and update state information • Principal task performed: Negotiate for membership within a sphere Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  46. Research Plan

  47. Basic Policy Manager and Evaluation • Experiment with policy manager within the Panoply context • Performance evaluations • Overhead measurements • Scalability • Explore benefits through applications • Location sensitive interactive fiction • LACMA gallery experience Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  48. Modeling Issues • Policy Language and Reasoning Engine • Trust Model • Resource Utility Model • Negotiation Strategy and Heuristics Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  49. Complete Policy Manager • Incorporate models into negotiation heuristics • Enhance controller with strategic decision making capability • Augment spheres by adding • Resources and services • Context sensors Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

  50. Analysis and evaluation • Generate real ubicomp scenarios • Theoretical Analysis • Correctness and completeness • Efficacy of strategies • Performance Evaluations • Overhead measurements • Scalability with respect to • Policy database size • Multi-session load Introduction – Solution – Research Issues – System Design – Research Plan – Related Work

More Related