Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Component Composition for Personal Ubiquitous Computing Project Summary —————— 21 st April 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Component Composition for Personal Ubiquitous Computing Project Summary —————— 21 st April 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi."— Presentation transcript:

1 Secure Component Composition for Personal Ubiquitous Computing Project Summary —————— 21 st April 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi Shi, Bob Askwith —————— School of Computing and Mathematical Statistics Liverpool John Moores University James Parsons Building Byrom Street, Liverpool, L3 3AF, UK {D.Llewellyn-Jones, M.Merabti, Q.Shi, R.Askwith}@livjm.ac.uk http://www.cms.livjm.ac.uk/PUCsec/

2 A Ubiquitous Computing World Ubiquitous Computing presents a vision of computing environments in which –Networking is wireless and pervasive –Devices are mobile and plentiful –Data flows unimpeded giving users access to their content from anywhere

3 Disappearing Hardware There is a misconception that this means ‘embedded’ devices, or devices that can’t be seen Devices that blend into the background –The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it”. –“Consider writing...Today this technology is ubiquitous in industrialized countries...The constant background presence of these products of "literacy technology" does not require active attention, but the information to be conveyed is ready for use at a glance. It is difficult to imagine modern life otherwise”.

4 Working Seamlessly When users become so familiar with devices that they do not realise they are using them Ubiquitous Computing –Pick up any device anywhere and have access to information Requires device use to be seamless

5 Security Environment Characteristics that affect security –Wirelessly networked environment –Fluid data flow, fluid code movement –Heterogeneous environment –Low power and low resource devices –General users – not computer experts –Restricted user interfaces –Frequently changing environment The consequences for security –No physical security for networks –Malicious code can move around the network –Cannot make assumptions about consistent device interactions –Heavy duty security techniques may not be possible –Cannot expect users to administer devices effectively, if at all –Configuring security may be difficult or impossible –Security properties are constantly changing

6 Existing Security Issues Malicious code moving around the network –Viruses/worms –Mobile code consuming resources –Can cause denial of service even for protected/immune machines Hackers exploiting vulnerabilities –Accessing private information –Buffer overrun vulnerabilities –Taking control of devices Badly written code/protocols –WMF vulnerability –WEP security –TCP/IP –Cleartext authentication (e.g. POP3, rlogin, telnet)

7 Proposed Security Solutions Security in individual devices –Firewalls that use battery levels to detect intrusion –Mobile agent firewalls/IDSs Distributed security –Distributed firewalls –Distributed Operating Systems Secure execution of code –Virtual machines: Java applets –Proof Carrying Code etc.

8 Component Interactions The way components are composed affects properties

9 Component Interactions Changing the order changes the effect

10 Security Composition Examples Adding a component to improve security

11 Security Composition Examples Adding a component to reduce security

12 Security Composition Examples Ordering of components is also important

13 The Challenge Can we use secure component composition techniques to overcome the lack of boundaries in a Ubiquitous Computing world? The plan –Analyse a group of interacting components –Could be devices, services, software components etc. –Test against known security properties

14 Secure Component Composition Results Existing results tend to be very theoretical Non-interference –Focardi and Gorrieri, 1997 –Relates to information flow through a system –Three systems or components C 1, C 2 and C 3. Want to ensure no data sent from C 1 to C 2 can be established by C 3. Non-interference says this is satisfied if C 3 ’s view of C 2 is not affected in any way by C 1 ’s behaviour. Non-deducibility on outputs –Mantel, 2002 –Each possible low observation must be compatible with each possible high input sequence Composable Assurance –Shi and Zhang, 1998 –A component C i is said to be composably assured iff for any pair (LD i, HD i ) є DP i, HD i ≠ ø Generalised non-interference, forward correctability, separability, non-inference, etc.

15 Composable Assurance Shi and Zhang recognised that connectivity was important –“...separability of these composable properties is usually achieved by assuming the worst scenarios of interaction between components...this problem can be avoided by appropriate consideration of connectivity between components.” To test for security composition results we therefore need –Properties of individual components –Connectivity between components

16 Making This Practical Using an extensible engine Plug-in scripts that can –test for problems –find resolutions A general framework needs to –consider properties of individual components –consider the component interaction

17 Script Example 1. Read access control check 2. Level component is authorised to 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20.

18 Buffer Overruns Buffer overrun vulnerabilities occur when –When too much data is placed in a buffer too small to accommodate it –No bounds checking is done Whatever’s beyond the buffer becomes corrupted Especially dangerous if it’s code beyond the buffer

19 Buffer Overruns A number solutions to buffer overrun problem exist –Use a memory-safe language with bounds checking (Java) –Compile using a safe library (strsafe.lib) –Code analysis –Controlled attack (S-tool) –Source code analysis (STOBO, LCLint extensions) –Dynamic run-time checking (StackGuard) Largely a result of the use of C/C++ Remains a considerable problem –At least 25% of CERT advisories

20 Buffer Overruns How can we improve the situation? Input and output correlation A sends data to B Suppose B is vulnerable, has buffer size n bytes and A sends m bytes to B –If (m > n) then a buffer overrun may occur –If (m ≤ n) then there’s no problem Want a method for showing that max bytes A will ever send is less than buffer size of B –The vulnerability ‘disappears in the wash’ during composition

21 Timing Results 600 MHz Intel X-Scale 80321 Processor

22 Access Control Consider services S 1,…, S 6 with dependencies reading files Conclude –S 6 must have rights to access file A –S 5 must have rights to access file B –S 3 and S 4 must have rights to access both A and B –The read access rights of S 1 and S 2 do not matter

23 Timing Results 600 MHz Intel X-Scale 80321 Processor A nice consequence –Turning exponential time checks into linear time

24 Future Work Using sensors to determine interactions dynamically Combining into a Networked Appliance scenario Finding solutions as well as just detecting problem –E.g. Introduction of throughput limiter in buffer overrun case –Adding access gateway in access control case In the future, expect your computer to come up with a list of problems when you start accessing a particular network Better yet, let it just resolve the issue without you even realising it

25 The End Thank you for listening More info at http://www.cms.livjm.ac.uk/pucsec

Download ppt "Secure Component Composition for Personal Ubiquitous Computing Project Summary —————— 21 st April 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi."

Similar presentations

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Microprocessor Dr. Rabie A. Ramadan Al-Azhar University Lecture 1.

Microprocessor Dr. Rabie A. Ramadan Al-Azhar University Lecture 1.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Java Security: From HotJava to Netscape & Beyond Drew Dean, Edward W. Felten, Dan S. Wallach Department of Computer Science, Princeton University May,

Java Security: From HotJava to Netscape & Beyond Drew Dean, Edward W. Felten, Dan S. Wallach Department of Computer Science, Princeton University May,
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
1 Improving the Performance of Distributed Applications Using Active Networks Mohamed M. Hefeeda 4/28/1999.

1 Improving the Performance of Distributed Applications Using Active Networks Mohamed M. Hefeeda 4/28/1999.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
Interpret Application Specifications

Interpret Application Specifications
Multimodal Interfaces in a Ubiquitous Computing Environment 3 rd UK-Ubinet Workshop —————— 9 th – 11 th February 2005 —————— Fausto. J. Sainz Salces, Dr.

Multimodal Interfaces in a Ubiquitous Computing Environment 3 rd UK-Ubinet Workshop —————— 9 th – 11 th February 2005 —————— Fausto. J. Sainz Salces, Dr.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research

1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Frequently asked questions about software engineering

Frequently asked questions about software engineering
Lecture 1.

Lecture 1.

Similar presentations

Ads by Google