Cerberus: A Context-Aware Security Scheme for Smart Spaces presented by L.X.Hung u-Security Research Group 2005.10.10 The First IEEE International Conference.

Slides:

Advertisements

Similar presentations

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

Advertisements

A Pervasive Reminder System for Smart Homes Sylvain GIROUX and Simon GUERTIN Département d’informatique, Université de Sherbrooke 2500 boul. Université,

Martin Wagner and Gudrun Klinker Augmented Reality Group Institut für Informatik Technische Universität München December 19, 2003.

Secure Context-sensitive Authorization Kazuhiro Minami and David Kotz Dartmouth College.

SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.

Context-Awareness on Mobile Devices – the Hydrogen Approach Sangkeun Lee.

Gaia: A Middleware Platform for Active Spaces Summarized by Dongjoo Lee, IDS Lab., Seoul National University.

Ch. 7. Architecture Standardization for WoT

Towards Security and Privacy for Pervasive Computing Author ： Roy Campbell,Jalal Al-Muhtadi, Prasad Naldurg,Geetanjali Sampemane M. Dennis Mickunas.(2002)

Gaia Context and Location-Aware Encryption for Pervasive Computing Environments Jalal Al-MuhtadiRaquel Hill Roy Campbell Dennis Mickunas University of.

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Software Engineering and Middleware: a Roadmap by Wolfgang Emmerich Ebru Dincel Sahitya Gupta.

Ambient Intelligence through Ontologies Vassileios Tsetsos P-comp Research Group

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

ISIS Katrinebjerg i n t e r a c t i v e s p a c e s. n e t 1 Frank Allan Hansen, Representing Context in Hypermedia Data Models International.

Community Manager A Dynamic Collaboration Solution on Heterogeneous Environment Hyeonsook Kim  2006 CUS. All rights reserved.

報告日期 :2012/03/07 指導教授 : 蔡亮宙報告者 : 吳烱華自製率 :100%.

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

A Survey on Context-aware System Authors: Matthias Baldauf, Schahram Dustdar, and Florian Rosenberg Haifeng Xu Nov. 19, 2013.

An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

A Survey on Context-Aware Computing Center for E-Business Technology Seoul National University Seoul, Korea 이상근, 이동주, 강승석, Babar Tareen Intelligent Database.

The Gaia System Spring 2004: Gaia Larry Rudolph Not Invented Here Lots of Pervasive Computing Projects Carnegie Mellon Univ. U. Washington Georgia.

Advances in Technology and CRIS Nikos Houssos National Documentation Centre / National Hellenic Research Foundation, Greece euroCRIS Task Group Leader.

Quality Assurance for Component- Based Software Development Cai Xia (Mphil Term1) Supervisor: Prof. Michael R. Lyu 5 May, 2000.

Social Computing Networks: A New Paradigm for Engineering Pervasive Software Systems Naeem Esfahani Sam Malek 32th International Conference on Software.

Web services: Why and How OOPSLA 2001 F. Curbera, W.Nagy, S.Weerawarana Nclab, Jungsook Kim.

IT 351 Mobile &Wireless Computing Semester 2, Dr. Hala Mokhtar Room 79- 2nd floor.

Software Architecture Framework for Ubiquitous Computing Divya ChanneGowda Athrey Joshi.

1 Virtualisation and Validation of Smart City Data Dr Sefki Kolozali Institute for Communication Systems Electronic Engineering Department University of.

A service-oriented middleware for building context-aware services Center for E-Business Technology Seoul National University Seoul, Korea Tao Gu, Hung.

Linked-data and the Internet of Things Payam Barnaghi Centre for Communication Systems Research University of Surrey March 2012.

A Study of Context-Awareness - CASS, Hydrogen Context Team Summarized and Presented by Seungseok Kang.

A Survey on Programming Model Context Toolkit Gaia ETC (of Equator Project) Tentaculus.

The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:

1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.

A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School.

POLICY ENGINE Research: Design & Language IRT Lab, Columbia University.

Protection Models Yeong-Tay Timothy Sun September 27, Dennis Kafura – CS5204 – Operating Systems.

CASS – Middleware for Mobile Context-Aware Applications Patrick Fahy Siobhan Clarke Trinity College Dublin, Ireland Summarized by Babar Tareen,

Introduction Infrastructure for pervasive computing has many challenges: 1)pervasive computing is a large aspect which includes hardware side (mobile phones,portable.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

A policy-based per-flow mobility management system design

An Architecture to Support Context-Aware Applications

A Study of Context-Awareness: Gaia & SOCAM Presented by Dongjoo Lee IDS Lab., Seoul National University Gaia: A Middleware Infrastructure to.

Egocentric Context-Aware Programming in Ad Hoc Mobile Environments Christine Julien Gruia-Catalin Roman Mobile Computing Laboratory Department of Computer.

Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]

Jabber Technical Overview Presenter: Ming-Wei Lin.

UBICOMP SYSTEMS: TOPICS & CHALLENGES. New computing model  Heterogeneous devices  Interaction:  Many-to-many  Possibly implicit, invisible, through.

CoCA: A Collaborative Context- Aware Service Platform for Pervasive Computing Dejene Ejigu, Marian Scuturici, Lionel Brunie Laboratoire LIRIS-UMR-CNRS.

Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.

DS - Spring 2006 Ontology & Pervasive Computing 1 ONTOLOGY & PERVASIVE COMPUTING Elham Paikari Distributed Systems – Spring 2006 Computer Engineering Department.

1/14/ :59 PM1/14/ :59 PM1/14/ :59 PM Research overview Koen Victor, 12/2007.

Providing web services to mobile users: The architecture design of an m-service portal Minder Chen - Dongsong Zhang - Lina Zhou Presented by: Juan M. Cubillos.

Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.

Computer Science and Engineering 1 Mobile Computing and Security.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

Smart Instant HKU Context-aware Instant Messenger for Mobile Users Supervisor: Dr.Cho-Li Wang CS Final Year Project (Year )

An Intelligent Expert System for Proactive Services Deploying Ubiquitous Computing Technologies IEEE 2005 Proceedings of the 38th Hawaii International.

1 An infrastructure for context-awareness based on first order logic 송지수 ISI LAB.

Semantic Web in Context Broker Architecture Presented by Harry Chen, Tim Finin, Anupan Joshi At PerCom ‘04 Summarized by Sungchan Park

Gaia Ubiquitous Computing Directions Roy Campbell University of Illinois at Urbana-Champaign.

System Software for Ubiquitous Computing Pervasive Computing 2002 Tim Kindberg, Armando Fox 2003 년 11 월 26 일 박준호.

University of Maryland College Park

Presented by: Saurav Kumar Bengani

World-Leading Research with Real-World Impact!

Distributed Systems Bina Ramamurthy 12/2/2018 B.Ramamurthy.

JINI ICS 243F- Distributed Systems Middleware, Spring 2001

3rd Studierstube Workshop TU Wien

Presentation transcript:

Cerberus: A Context-Aware Security Scheme for Smart Spaces presented by L.X.Hung u-Security Research Group The First IEEE International Conference on Pervasive Computing and Communications (PerCom’03)

2 Agenda  Security Requirement for Smart Space  Cerberus Overview  Security Service components Authentication Access Control Inference Engine Security Policy  Related work and paper contribution  Conclusion  References

3 Security Requirements for Smart Space  Security itself has to be ‘ubiquitous’, non- intrusive, transparent  Has to be multiple level Provide different levels of security depending on policies, context, and resources,  Support security language that is: Descriptive, well-define, and flexible.  Authentication Support authenticating human users, devices that enter and leaves smart room, applications

4 GAIA Project  A middleware infrastructure for ubiquitous applications  Provides core services that make up smart space.  Coordinates software entities and heterogeneous network devices Export services to query and utilize resources, Access and use current context, Provide framework to develop user-centric, resource-aware, context-sensitive, mobile applications.

5 Cerberus overview  4 components Security service Context infrastructure Knowledge base (security policies) Inference engine

6 Security Service components  Identification: links an entity with id  Authentication: to verify entity/principal (users, physical space, applications, mobile code) authentication strength vs. non-intrusiveness (smart badge) includes wearable devices, voice & face recognition, … Difference strength ~ confident values Need dynamic method to add new authentication devices Associate with access control policies and protocols

7 Security Service components (cont’)  Authentication (cont’) GPAM: Gaia Pluggable Authentication Modules  extension of PAM GAMMs: Gaia Authentication Mechanism Module  General authentication modules or protocols GADMs: Gaia Authentication Device Module  Dependent on particular devices UIC based (Universally Interoperate Core): light- weight, high-performance, basic CORBA services

8 Security Service components (cont’)  Access Control To check whether principal P can perform a particular operation Forward inquiries from apps, service providers to Inference Engine Support Callback to app to inform possible context change that may trigger a change in access decision.

9 Security Service components (cont’)  Security Policies Written as rules Two kind of policies  Used by authentication server At the time of login or authentication Determine confident level of authentication examples  ConfidenceLevel (smart_watch, 70%)  ConfidenceValue (P, V) :- ∃ device X (Authenticated(P,X) ∧ ConfidenceLevel (X, V) )  Access control policies Determine whether principal P is allowed access to a particular resource. eg. CanAccess (P, ColorPrinter ) :- ∃ number V (ConfidenceValue(P, V) ∧ V>60%)

10 Security Service components (cont’)  Inference Engine: 2 tasks 1 st  Give a level of confidence when a user authenticate himself.  Make use of authentication policies and context to assign confident level 2 nd  Evaluate queries from apps whether a certain entity can access to particular resource.  Make use of app-specific access control policies, credential of entities, contextual information

11 Related work and Contribution  Covington et al. [14, 15] Securing ‘Smart Home’ Extend RBAC to develop non-intrusive Access control mechanisms are integrated with a toolkit for gathering context information from sensors. Drawback:  Language is based on logic, that is simplistic  Cerberus: More expressive rule language (support binary operator, quantification, complex inferring) Address some issues in Stajano [16]

12 Conclusion  The dynamic, ubiquity and non-intrusiveness of Ubicomp present more challenges and raise issues  Cerberus: Support multiple level authentications, context infrastructure captures rapidly changing context information and incorporates it into our knowledge base. Context-aware security policies are described in an expressive language and can be evaluated efficiently using an inference engine. Present a simple and efficient method for revoking access if context related information changes.

13 References  M. Román, C. K. Hess, R. Cerqueira, A. Ranganathan, R. H. Campbell, and K. Nahrstedt, "Gaia: A Middleware infrastructure to Enable Active Spaces," IEEE Pervasive Computing,  V. Samar and R. Schemers, "Unified Login with Pluggable Authentication Modules (PAM)," RFC 86.0,  M. Roman, F. Kon, and R. H. Campbell, "Reflective Middleware: From Your Desk to Your Hand," IEEE Distributed systems Online Journal, Special Issue on Reflective Middleware,  J. Al-Muhtadi, D. Mickunas, and R. Campbell, "The Gaia Authentication Architecture," UIUC Technical Report (number pending) 2003.

14 Thank you ! Questions & Discussion