Presentation is loading. Please wait.

Presentation is loading. Please wait.

Illinois Security Lab Privacy Sensitive Location Information Systems in Smart Buildings Jodie P. Boyer, Kaijun Tan, Carl A. Gunter Midwest Security Workshop,

Published byMiles Webb Modified over 9 years ago

Similar presentations

Presentation on theme: "Illinois Security Lab Privacy Sensitive Location Information Systems in Smart Buildings Jodie P. Boyer, Kaijun Tan, Carl A. Gunter Midwest Security Workshop,"— Presentation transcript:

1 Illinois Security Lab Privacy Sensitive Location Information Systems in Smart Buildings Jodie P. Boyer, Kaijun Tan, Carl A. Gunter Midwest Security Workshop, 2006 In the proceedings of Security in Pervasive Computing, York, UK 2006

2 Illinois Security Lab 2 Motivating Scenario Face to face meetings are important in many work scenarios Much time can be wasted looking around the office for people How could we facilitate this? Many solutions –Add an expensive location tracking system –Make use of the information your smart building already gathers

3 Illinois Security Lab 3 Smart Buildings Many new buildings are being built with complex building automation systems Sensors and control systems create rich information streams Access to these streams is restricted This information could be useful to building users as well as administrators

4 Illinois Security Lab 4 Location Information Systems Allows building users to gain and control information about tracked users and objects in a building Works by aggregating BAS information, together with other sources of raw data

5 Illinois Security Lab 5 Case Study: The Siebel Center Andover Continuum BAS Uses electronic door locks and occupancy sensors Case study for a Location Information System

6 Illinois Security Lab 6 Janus’s Map A prototype LIS for the Siebel Center Uses e-locks and occupancy sensors for location estimation Privacy is enforced using user specified rules

7 Illinois Security Lab 7 Architecture for Janus’s Map Location Service Data Cleaner Data Aggregator Access Control Module Internet Rule Database Door Rights List Door Access Database Occupancy Sensor System Alice? Alice’s door accesses Room Occ. Aggregated Data Owners Rules Alice’s Location For Bob

8 Illinois Security Lab 8 Rules in Janus’s Map 3 Parts –Targets –Data Access –Visibility Example: –Target: Bob, Carol –Number of past entries: 5 –Event types: Valid Access, DoorAjar, OccupancySensor True –Event time: Between 9am and 5pm –Rooms: All –Granularity: Floor

9 Illinois Security Lab 9 An Example: System Events TimeLocationUserType 07:45SC3405AliceInvalidAccess 10:00SC4105AliceValidAccessNoEntry 10:01SC4309AliceValidAccess 10:01SC4309  DoorAjar 10:03SC4309  OccupancySensorTrue Who owns these events? What happens when Bob searches for Alice?

10 Illinois Security Lab 10 An Example: Enforcing Privacy Alice “owns” her events and has to allow Bob access to them to find her She allows him access to events that happened after 9am and of type ValidAccess, DoorAjar and OccupancySensorTrue After the filtering policy is applied: TimeLocationUserType 07:45SC3405AliceInvalidAccess 10:00SC4105AliceValidAccessNoEntry 10:01SC4309AliceValidAccess 10:01SC4309  DoorAjar 10:03SC4309  OccupancySensorTrue

11 Illinois Security Lab 11 An Example: Event deduction TimeLocationUserType 07:45SC3405AliceInvalidAccess 10:00SC4105AliceValidAccessNoEntry 10:01SC4309AliceValidAccess 10:01SC4309  DoorAjar 10:03SC4309  OccupancySensorTrue We can deduce that Alice is probably in SC4309

12 Illinois Security Lab 12 An Example: Granularity Alice may wish to prevent Bob from knowing too much about her exact location Alice can specify a granularity to which Bob can find her, in this case: floor Bob is finally returned that Alice was on the 4 th floor at 10:01

13 Illinois Security Lab 13 How to Build an LIS 1.Define an ownership model 2.Determine the environment events of interest and how to deduce them 3.Develop a model for privacy-information sharing for events

14 Illinois Security Lab 14 Ownership Model – U, set of users – L, set of locations – S, set of system events – T, a set of values with a linear ordering, signifying time – time : S  T which determines the time of an event – user : S  U U {  } which determines the users associated with an event – loc : S  L which determines the location in which an event occurred – o : L  2 U which determines the owner of a location –  : S  2 U which determines the owner of an event

15 Illinois Security Lab 15 Janus’s Map: Ownership Events –Defined as a tuple (U U {  }) x L x T x  –  is a set of event types – type : S   returns the type of an event o is static policy that maps room ownership  assigns ownership of an event s first to the user(s) and then to o(loc(s))

16 Illinois Security Lab 16 Environmental Events An aggregate event Deduced from a set of system events E is the set of environment events in an LIS induce : 2 S  2 E determines the set of environment events that can be deduced from a set of system events Applies a set of deduction rules of the following form:

17 Illinois Security Lab 17 Janus’s Map: Environment Events The main goal of Janus’s Map is to determine location information about users in the building E is defined as a set of tuples U x L x T x P – P = {In,Near} defines a users proximity to a location

18 Illinois Security Lab 18 Privacy Policy System events protected to protect user’s privacy We define 2 index families of functions: – filter : U x U  (2 S  2 S ) – mask : U x U  (2 E  2 E ) Users are able to define 2 functions that establish their privacy policy – filter u v : 2 S  2 S – mask u v : 2 E  2 E

19 Illinois Security Lab 19 Janus’s Map: Privacy Policy Locations in Siebel Center – G ={floor, wing, room}, the set of location granularities – L floor  L, L wing  L, L room  L –Locations are defined as a tuple: L floor x (L wing U {  }) x (L room U {  }) Users define rules from which the functions filter u v and mask u v are derived –System events are filtered based on time, date, event type, and location –Environment events are masked to hide detailed location information

20 Illinois Security Lab 20 Formal Definition A Location Information System (LIS), L, between an ownership model and set, E, of environment events consists of three functions: – filter : U x U  (2 S  2 S ) – mask : U x U  (2 E  2 E ) – induce : 2 S  2 E

21 Illinois Security Lab 21 Reveal We also define a family of functions reveal : U x U  (2 S  2 E ) which performs a look of environment events in an LIS reveal u v is the function that v calls when he wishes to learn something about u

22 Illinois Security Lab 22 Conclusion Developed a location system for smart buildings –Doesn’t require specialized equipment –Privacy sensitive Generalized the scheme to work on any building Future Work –Integrating more systems to improve accuracy –Policy conflicts –Policy management schemes

23 Illinois Security Lab Questions?

24 Illinois Security Lab 24 Raw Data Sources Door Lock System Occupancy Sensors Network Jack Activity Application Software, such as AIM Video Surveillance Wireless Network GPS RFID Tags Telephone

Download ppt "Illinois Security Lab Privacy Sensitive Location Information Systems in Smart Buildings Jodie P. Boyer, Kaijun Tan, Carl A. Gunter Midwest Security Workshop,"

Similar presentations

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Implementing Reflective Access Control in SQL Lars E. Olson 1, Carl A. Gunter 1, William R. Cook 2, and Marianne Winslett 1 1 University of Illinois at.

Implementing Reflective Access Control in SQL Lars E. Olson 1, Carl A. Gunter 1, William R. Cook 2, and Marianne Winslett 1 1 University of Illinois at.
SECAM Systems Product Presentation SECAM Systems © 2010.

SECAM Systems Product Presentation SECAM Systems © 2010.
UnFriendly: Multi-Party Privacy Risks in Social Networks Kurt Thomas, Chris Grier, David M. Nicol.

UnFriendly: Multi-Party Privacy Risks in Social Networks Kurt Thomas, Chris Grier, David M. Nicol.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
A Medical Database Case Study for Reflective Database Access Control Lars E. Olson 1, Carl A. Gunter 1, and Sarah Peterson Olson 2 1 University of Illinois.

A Medical Database Case Study for Reflective Database Access Control Lars E. Olson 1, Carl A. Gunter 1, and Sarah Peterson Olson 2 1 University of Illinois.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.

Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
© Prentice Hall 2002 14.1 CHAPTER 14 Managing Technological Resources.

© Prentice Hall CHAPTER 14 Managing Technological Resources.
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.

An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.
Securing Your Networks Personal Safety Rules Apply Here Too. Corporate Identity Theft SPAM.

Securing Your Networks Personal Safety Rules Apply Here Too. Corporate Identity Theft SPAM.
© 2004 Andreas Haeberlen, Rice University 1 Practical Robust Localization over Large-Scale Wireless Ethernet Networks Andreas Haeberlen Eliot Flannery.

© 2004 Andreas Haeberlen, Rice University 1 Practical Robust Localization over Large-Scale Wireless Ethernet Networks Andreas Haeberlen Eliot Flannery.
Types of Requirements  Functional Requirements  Descriptions of actions or processes that create or update information.  Outlines of reports or on-line.

Types of Requirements  Functional Requirements  Descriptions of actions or processes that create or update information.  Outlines of reports or on-line.
Carol Rentas and Marcia Firmani Lunch and Learn January 14, 2015.

Carol Rentas and Marcia Firmani Lunch and Learn January 14, 2015.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Surveillance camera in terms of business. Index *surveillance systems * Types of control systems * Elements of control systems * Types of monitoring camera.

Surveillance camera in terms of business. Index *surveillance systems * Types of control systems * Elements of control systems * Types of monitoring camera.
Present by Napasakorn Sukjay Poom Samaharn

Present by Napasakorn Sukjay Poom Samaharn
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
UT DALLAS Erik Jonsson School of Engineering & Computer Science FEARLESS engineering Security and Privacy in Social Networks Raymond Heatherly Data Security.

UT DALLAS Erik Jonsson School of Engineering & Computer Science FEARLESS engineering Security and Privacy in Social Networks Raymond Heatherly Data Security.
OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.

OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.

Similar presentations

Ads by Google