An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.

Slides:

Advertisements

Similar presentations

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 14 Slide 1 Object-oriented Design 1.

Advertisements

Configuration management

Configuration management

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,

Component Oriented Programming 1 Chapter 2 Theory of Components.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.

Requirements Engineering n Elicit requirements from customer  Information and control needs, product function and behavior, overall product performance,

Towards a Generic Platform for Developing CSCL Applications Using Grid Infrastructure by Santi Caballé Open University of Catalonia Barcelona, Spain with.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

L4-1-S1 UML Overview © M.E. Fayad SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.

The Architecture Design Process

Verification & Validation.  Validation  are we building the right product?  Verification  are we building the product right?

Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.

UML Sequence Diagrams Eileen Kraemer CSE 335 Michigan State University.

Configuration Management

© 2008 Prentice Hall11-1 Introduction to Project Management Chapter 11 Managing Project Execution Information Systems Project Management: A Process and.

Project Execution.

Chapter 3 Object-Oriented Analysis of Library Management System(LMS)

UML Sequence Diagrams Michael L. Collard, Ph.D. Department of Computer Science Kent State University.

Chapter 7: The Object-Oriented Approach to Requirements

Chapter 7 Requirement Modeling : Flow, Behaviour, Patterns And WebApps.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

© Siemens AG, CT SE 1, Dr. A. Ulrich C O R P O R A T E T E C H N O L O G Y Research at Siemens CT SE Software & Engineering Development Techniques.

Requirements Analysis

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 6 Slide 1 Chapter 6 Requirements Engineering Process.

Database Technical Session By: Prof. Adarsh Patel.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 6 Slide 1 Requirements Engineering Processes l Processes used to discover, analyse and.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 2Slide 1 Chapter 2 Computer-Based System Engineering As modified by Randy Smith.

Software Requirements Engineering CSE 305 Lecture-2.

Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP.

The Grid Component Model: an Overview “Proposal for a Grid Component Model” DPM02 “Basic Features of the Grid Component Model (assessed)” -- DPM04 CoreGrid.

Configuration Management (CM)

Event Management & ITIL V3

Chapter 6 Use Cases. Use Cases: –Text stories Some “actor” using system to achieve a goal –Used to discover and record requirements –Serve as input to.

Lecture 11 Managing Project Execution. Project Execution The phase of a project in which work towards direct achievement of the project’s objectives and.

SWIM-SUIT Information Models & Services

Other Quality Attributes Other Important Quality attributes Variability: a special form of modifiability. The ability of a system and its supporting artifacts.

Lecture 7: Requirements Engineering

Page 1 WWRF Briefing WG2-br2 · Kellerer/Arbanowski · · 03/2005 · WWRF13, Korea Stefan Arbanowski, Olaf Droegehorn, Wolfgang.

1 Introduction to Software Engineering Lecture 1.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Copyright © 2010 National Institute of Information and Communications Technology. All Rights Reserved 1 R&D and Standardization Activities on Distributed.

Chapter 1 Introduction to Databases. 1-2 Chapter Outline   Common uses of database systems   Meaning of basic terms   Database Applications  

Software Engineering Prof. Ing. Ivo Vondrak, CSc. Dept. of Computer Science Technical University of Ostrava

Unified Modeling Language* Keng Siau University of Nebraska-Lincoln *Adapted from “Software Architecture and the UML” by Grady Booch.

L6-S1 UML Overview 2003 SJSU -- CmpE Advanced Object-Oriented Analysis & Design Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I College.

7 Systems Analysis and Design in a Changing World, Fifth Edition.

A new viewpoint for change management in RM-ODP systems Nesrine Yahiaoui 1,2, Bruno Traverson 1, Nicole Lévy 2 1 EDF R&D - 2 UVSQ PRiSM Workshop on ODP.

FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.

MODEL-BASED SOFTWARE ARCHITECTURES.  Models of software are used in an increasing number of projects to handle the complexity of application domains.

Csci 490 / Engr 596 Special Topics / Special Projects Software Design and Scala Programming Spring Semester 2010 Lecture Notes.

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

1 Technical & Business Writing (ENG-715) Muhammad Bilal Bashir UIIT, Rawalpindi.

UML (Unified Modeling Language)

1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.

21/1/ Analysis - Model of real-world situation - What ? System Design - Overall architecture (sub-systems) Object Design - Refinement of Design.

1 Chapter 2 Database Environment Pearson Education © 2009.

Engr 691 Special Topics in Engineering Science Software Architecture Spring Semester 2004 Lecture Notes.

Relying on Safe Distance to Achieve Strong Partitionable Group Membership in Ad Hoc Networks Authors: Q. Huang, C. Julien, G. Roman Presented By: Jeff.

Fall 2007 Week 9: UML Overview MSIS 670: Object-Oriented Software Engineering.

From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.

5. 2Object-Oriented Analysis and Design with the Unified Process Objectives  Describe the activities of the requirements discipline  Describe the difference.

Business Strategy Introduction to Strategy Session 1 1.

IoT Mashup as a Service: Cloud-based Mashup Service for the Internet of Things By: Benny Bazumnik Lidor Otmazgin Date: 21/05/14.

From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.

SQL Database Management

On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont.

From Use Cases to Implementation

Presentation transcript:

An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005

Background  Research assistant with TecO, Uni. Karlsruhe since Nov 2001: Topic := Security for Ubiquitous Computing  Co-organizer of 3 workshops on Security for UbiComp  Researcher with SAP Research: Topic := Security and Trust for “Virtual Organizations”

General contribution to workshop  Hypothesis: Application-led research should encompass both theory and practice (technology and scenarios)  Problem: How do we balance the emphasis placed on either of these research aspects?  Solution: Iterative Approach 1. Identify application scope of research and important questions to be answered 2. Determine a theoretical “ground model“ for generalizing the application 3. Analyse how technology affects different components of the ground model 4. Use scenarios to validate claims about technology 5. Continue to refine scope, theory and choices of technology

Why is this a problem for UbiComp?  Focus on theory: often leads to very abstract conceptual claims that make general-purpose statements, stop at an architecture description, but do not produce real-world experience. (e.g. many context-based trust and security papers)  Focus on practice: often leads to prototype bundling and papers that essentially describe the technical specifications of the selected hardware, language specifications (xml) and complex UML diagrams. (e.g. many SmartCard-based security papers)

General contribution to workshop  Hypothesis: Application-led research should encompass both theory and practice (technology and scenarios)  Problem: How do we balance the emphasis placed on either of these research aspects?  Solution: Iterative Approach Identify application scope of research and important questions to be answered Determine a theoretical “ground model“ for formalizing the application Analyse how technology affects different components of the ground model Use scenarios to validate claims about technology Continue to refine scope, theory and choices of technology

Difference between application and scenario  Application: the way in which processes, tasks and information are organized in order to optimally and consistently achieve specific objectives.  Scenario: a very specific instance of an application with very specific properties, assumptions and an optional “storyline”.

(1) Can “Security” be considered as an “Application”? AdminTargetSubject protect notify response request Yes. Security is concerned with organizing processes, tasks and information in the form of controllers, monitors, policies and profiles, in order to optimally and consistently achieve the protection objectives of a target resource.

(2) Theoretical model for security 1.Configure: initialize monitor and log for collecting particular information 2.Sense: collect events from sensors deployed at target 3.Classify: use profiling scheme to specify a class for the events detected 4.Trigger Alarm: if a state of the target is not “locally controllable”, then issue notification to authorities 5.Control: if unsafe state of the target is controllable, then perform control function 6.Recover: recover from the unsafe event and modify rules/ profiles

(3) Technology: UbiComp?  Targets {Physical items as well as electronic data (virtual items) that may have state and identity relations}  Rules and profiles {Refer to and must consider both physical and virtual changes in state and resultant events}  Monitor {Collection of events generated by different types of distributed sensors}  Controller {Distributed and special purposed. Availability is not always guaranteed}  Alarm {Must exploit different types of media for transmitting alerts. Media availabilities also change}

(4) Scenario = Logistics  Goods transported between holding areas  Origin requires regular, secure updates about status  However, each holding area has different services available  Too costly to integrate satellite communication in each item  Different items have different protection objectives

Conclusions  Theory: Abstract model for dynamic cooperative security system Model for automated configuration of collaborating security services, which dynamically change their availabilities  Practice: Specific technology considered for instantiating theoretical models Cost factors for resource usage and communication choices were used to refine the theoretical models