Protecting People Location Information September 29, 2002 Urs Hengartner & Peter Steenkiste.

Slides:

Advertisements

Similar presentations

Managerial Ethics Part III A practical model for making good ethical decisions Copyright registered © 2002 Louis C. Gasper Audio.

Advertisements

NRL Security Architecture: A Web Services-Based Solution

Pilot PaperTalent Workshop – End users. Content Training o Introduction PaperTalent o Dashboard o My Dashboard o My account o My learning Status o Organization.

Performance Management Review FAQs

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Administrative Policies in XACML Erik Rissanen Swedish Institute of Computer Science.

Welcome Front Desk Support Starfish Training Welcome Front Desk Support.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

© Prentice Hall CHAPTER 14 Managing Technological Resources.

1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.

Overview of Databases and Transaction Processing Chapter 1.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Recommender Systems. >1,000,000,000 Finding Trusted Information How many cows in Texas?

Managing Software Quality

DBSQL 10-1 Copyright © Genetic Computer School 2009 Chapter 10 Object-Oriented Based DBMS.

Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)

Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.

Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

GROUP POLICIES AND SECURITY USING WINDOWS SERVER 2008 Raymond Ross EKU, Dept. of Technology, CEN.

Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.

Hao Wang Computer Sciences Department University of Wisconsin-Madison Security in Condor.

Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.

September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.

SPSU 1001 Hitchhiker’s Guide to SPSU Advising and Plan of Study Copyright © 2010 by Bob Brown.

A User-to-User Relationship-based Access Control Model for Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security.

Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.

Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.

Illinois Security Lab Privacy Sensitive Location Information Systems in Smart Buildings Jodie P. Boyer, Kaijun Tan, Carl A. Gunter Midwest Security Workshop,

Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.

Module 5: Implementing Group Policy

Relationship-based Access Control for Online Social Networks: Beyond User-to-User Relationships Sep. 3, 2012 PASSAT 2012, Amsterdam, The Netherlands Yuan.

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

XML Access Control Koukis Dimitris Padeleris Pashalis.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Policies September 7, 2010.

Personal Information Management in a Ubiquitous Computing Environment Institute of Systems & Information Technologies/KYUSHU Kenichi Takahashi.

Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.

NetTech Solutions Supporting Users and Troubleshooting Desktop Applications on Microsoft Windows XP Instructor Richard Fredrickson.

Securing and Sharing Workbooks Lesson 11. The Review Tab Microsoft Excel provides several layers of security and protection that enable you to control.

Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.

Chapter 9  2000 by Prentice Hall. 9-1 Client/Server Computing.

Preserving User Privacy from Third-party Applications in Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Introduction to Active Directory

XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.

Policies & MetaPolicies Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: How.

Dude, Where's My Car? And Other Questions in Context-Awareness Jason I. Hong James A. Landay Group for User Interface Research University of California.

1 Authorization Sec PAL: A Decentralized Authorization Language.

22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.

Secure Access and Mobility Jason Kunst, Technical Marketing Engineer March 2016 Location Based Services with Mobility Services Engine ISE Location Services.

Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.

Information Security and Privacy By: Joshua Waibel.

Problems on Data Flow In The Gambia Within The Statistics Offices 26 th – 29 th JUNE, Ethiopia The Gambia Bureau Of statistics. (GBOS)

Key management issues in PGP

Thursday’s Lecture Chemistry Building Musspratt Lecture Theatre,

Microsoft Office Access 2003

Certificates An increasingly popular form of authentication

A Distributed Tabling Algorithm for Rule Based Policy Systems

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Access Control What’s New?

Presentation transcript:

Protecting People Location Information September 29, 2002 Urs Hengartner & Peter Steenkiste

2 Motivation Ubiquitous computing relies on location information. Location information is sensitive. –Location  activity Access to it needs to be protected in location policies. What properties need to be controllable in policies? How do different environments influence policy specification?

3 Overview Location policies Different environments Prototype of secure location system Conclusions

4 User vs. Room Policies Two types of queries: –User query Where is Alice? –Room query Who is in CMU Wean Hall 8220? Two types of policies: –User policy –Room policy

5 Controllable Properties Granularity –CMU Campus vs. CMU Wean Hall 8220 –Alice vs. someone Subject –Alice, Bob’s friends, tracking service

6 Controllable Properties (cont.) Time intervals –During weekdays only Location/Users –Return my location only if I’m in my office. –Return people in my office only if it is Alice or Bob. Additional properties should be possible!

7 Transitivity Should Bob be able to forward his access right ? Alice can locate Carol. Bob Bob can locate me. Carol

8 Transitivity (cont.) Should access rights be transitive? Depends on environment. Location system should selectively support transitivity. Non-transitivity can be circumvented.

9 Conflicting Policies Bob can locate people in my office Carol’s office Should Bob learn about Alice’s location? Who is in Carol’s office? Bob Bob cannot locate me Alice Bob cannot locate me Alice

10 Resolving Conflicts Prioritization: –Check user policy for user queries. –Check room policy for room queries. Intersection: –Check both room and user policy for any query. Synchronization: –Establish user and room policies in a synchronized way. Best approach depends on environment.

11 Individual vs. Institutional Definition Different entities can define policies: –Individuals: User policy  User Room policy  Room “owner” –Institution (central authority) Which one depends on environment. Combined specification should be possible.

12 Environments - Military Security based on labeling and clearances. Definition –Policies are specified by central authority. Transitivity –Policies are non-transitive. Conflicts –Both user and room policies need to be checked for any query.

13 Environments - Hospital Multilateral security model. Definition –Most policies are specified by central authority. –Patients can give additional people access in user policy. Transitivity –Patient policies can be transitive. Conflicts –Synchronization of user and room policies is not necessary.

14 Environments - University Institution cares less about security. Definition –User policies and room policies for offices are specified by individuals. Transitivity –User policies are transitive, room policies probably not. Conflicts –Have user and room policies become synchronized for lecture halls.

15 Prototype People location system for university environment. Multiple front ends. Digital certificates for expressing location policies. –transparent to users. Location system exploits –calendar information, –Finger service, –wireless network access points.

16 Status Emphasis on user queries Controllable properties –Subject, Granularity –Soon: Location, Time Transitivity –supported by back end Conflicts –configurable option Definition –by individuals

17 Evaluation Evaluation of prototype with real users (in progress). Questions: –What kind of policies are specified? –What features are used/requested? –How is location system used?

18 Conclusions Location information needs to be protected. Location policies should provide control over multiple properties. Policy-related issues are dealt with differently in different environments. Location policies and system thus need to be flexible. How should society deal with ubiquitous location information?