1 / 11

An Application-led Approach for Security-related Research in Ubicomp

An Application-led Approach for Security-related Research in Ubicomp. Philip Robinson <philip@teco.edu> TecO, Karlsruhe University 11 May 2005. Background. Research assistant with TecO, Uni. Karlsruhe since Nov 2001: Topic := Security for Ubiquitous Computing

hreiber
Télécharger la présentation

An Application-led Approach for Security-related Research in Ubicomp

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Application-led Approach for Security-related Research in Ubicomp Philip Robinson <philip@teco.edu> TecO, Karlsruhe University 11 May 2005

  2. Background • Research assistant with TecO, Uni. Karlsruhe since Nov 2001: Topic := Security for Ubiquitous Computing • Co-organizer of 3 workshops on Security for UbiComp • Researcher with SAP Research: Topic := Security and Trust for “Virtual Organizations”

  3. General contribution to workshop • Hypothesis: Application-led research should encompass both theory and practice (technology and scenarios) • Problem: How do we balance the emphasis placed on either of these research aspects? • Solution: Iterative Approach • Identify application scope of research and important questions to be answered • Determine a theoretical “ground model“ for generalizing the application • Analyse how technology affects different components of the ground model • Use scenarios to validate claims about technology • Continue to refine scope, theory and choices of technology

  4. Why is this a problem for UbiComp? • Focus on theory: often leads to very abstract conceptual claims that make general-purpose statements, stop at an architecture description, but do not produce real-world experience. (e.g. many context-based trust and security papers) • Focus on practice: often leads to prototype bundling and papers that essentially describe the technical specifications of the selected hardware, language specifications (xml) and complex UML diagrams. (e.g. many SmartCard-based security papers)

  5. General contribution to workshop • Hypothesis: Application-led research should encompass both theory and practice (technology and scenarios) • Problem: How do we balance the emphasis placed on either of these research aspects? • Solution: Iterative Approach • Identify application scope of research and important questions to be answered • Determine a theoretical “ground model“ for formalizing the application • Analyse how technology affects different components of the ground model • Use scenarios to validate claims about technology • Continue to refine scope, theory and choices of technology

  6. Difference between application and scenario • Application: the way in which processes, tasks and information are organized in order to optimally and consistently achieve specific objectives. • Scenario: a very specific instance of an application with very specific properties, assumptions and an optional “storyline”.

  7. (1) Can “Security” be considered as an “Application”? notify request Admin Target Subject protect response Yes. Security is concerned with organizing processes, tasks and information in the form of controllers, monitors, policies and profiles, in order to optimally and consistently achieve the protectionobjectives of a target resource.

  8. (2) Theoretical model for security • Configure: initialize monitor and log for collecting particular information • Sense: collect events from sensors deployed at target • Classify: use profiling scheme to specify a class for the events detected • Trigger Alarm: if a state of the target is not “locally controllable”, then issue notification to authorities • Control: if unsafe state of the target is controllable, then perform control function • Recover: recover from the unsafe event and modify rules/ profiles

  9. Targets {Physical items as well as electronic data (virtual items) that may have state and identity relations} Rules and profiles {Refer to and must consider both physical and virtual changes in state and resultant events} Monitor {Collection of events generated by different types of distributed sensors} Controller {Distributed and special purposed. Availability is not always guaranteed} Alarm {Must exploit different types of media for transmitting alerts. Media availabilities also change} (3) Technology: UbiComp?

  10. (4) Scenario = Logistics • Goods transported between holding areas • Origin requires regular, secure updates about status • However, each holding area has different services available • Too costly to integrate satellite communication in each item • Different items have different protection objectives

  11. Conclusions • Theory: • Abstract model for dynamic cooperative security system • Model for automated configuration of collaborating security services, which dynamically change their availabilities • Practice: • Specific technology considered for instantiating theoretical models • Cost factors for resource usage and communication choices were used to refine the theoretical models

More Related