Review 1 부분4

Traditional Security Issues and ModelsAnderson, R., Security Engineering: A Guide to Building Dependable Distributed

Systems, John Wiley & Sons, New York, 2001.

Traditional security models : Provide confidentiality, integrity, availability of information.

1. Confidentiality

• Ensuring that information is only shared or accessed by authorized parties under specific conditions

• Authentication process of ensuring that the identity declared

• enabling access to the right parties

2. Integrity

• The information can be trusted and has not been tampered

• If the information has indeed been modified, what to do under such circumstances (e.g., trace the source of the modifications and take required action)

• The senders/receivers of information cannot deny having sent/received the information.

3. Availability

• handling the information being accessible by authorized parties in the required circumstances

• Denial-of-service, for example, is one form of attack on a system

상황인식 2010 가을 6113 주차

Security Policy

Security policy :

• Traditional security is mainly based on the concept of roles and tasks affected to these roles

Ex) An E-mail may be relevant to user a while it is considered as a junk email for user b.

• Describes valuable (typically information-based) assets to be protected

• Specifies security responsibilities

• Be described informally or in a formal mathematical language.

Assets for protects

• Hardware, Software, Data, Networks

Security Mechanisms

• Cryptography, Access control, Authentication & identification, Security Policy

• Trust management

http://www.cl.cam.ac.uk/~rja14/book.html Ross Anderson 홈페이지

www.acsac.org applied Computer Security Associate 보안 협회 홈페이지

상황인식 2010 가을 13 주차 62

Context-Aware Security Systems

Towards a Conceptual and Software Framework for Integrating Context-based Security in Pervasive Environment, 2005, G. Mostefaoui

Context-based security definition :

• Context-based security supports the reconfiguration of the security infrastructure according to the situation of use. This reconfiguration is governed by the current context, formally called a security context.

Influences on Security Models

Influence ways of security models by Context-aware computing

1. Finer-grained security

2. Adaptable security levels

3. Increased traceability

상황인식 2010 가을 13 주차 63

Influences on Security Models

Finer-grained security :

• Grouped context for the purposes of security decisions

• Context can be used to enhance existing security measures

Ex) To unlock a door : Biometric Security (retina, eyeball, finger print,…)

with additional context for access control as like a camera for recognition of the person, or weight sensors on the doormat

Adaptable security levels :

• Context Awareness : flexible security models can be achieved

• Security levels can be increased or decreased based on the situation they are currently in (time, place, situation …)

Ex) Access the same information - one set of contexts and credentials

• Driver License – O.K. or not : depending on the situation

• Combination of the right location, time, people nearby, & device identifiers

• Use of context : partial information access or full discourse based on situations

상황인식 2010 가을 6413 주차

Influences on Security Models

Increased Traceability :

• Without the full credentials, provide the permission,

with the context of location, time, & witness of the event recorded.

• Contexts improve traceability and enrich auditing, which can be traded for changes in required credentials or security levels

상황인식 2010 가을 6513 주차

Security ContextAdaptive Context Aware Security - Adapt and Survive ?, 2004, Dr Naranker Dulay

Security Context : the information collected about the user’s environment that is applicable to the security system at hand

• Many types of context information be useful in security applications

• CHANGES in context, TRIGGER changes in SECURITY & Ability to UPDATE/EVOLVE security policies

• Current state : the user’s current location, time, activity, people nearby,

physiological state, available services, network connectivity, etc.

• User preferences and relationships : including recommendations

• it involves invoking personal, social information in making security decisions

Ex) Emergency situations : an authenticated family member may access the information regarding an injured person, or access vital information

• History : Readings and outcomes, accumulated wisdom

• use in relation to trust based on previous outcomes

상황인식 2010 가을 6613 주차

Context-Aware Security : ExamplesProximity-based Authentication on Hospital

Context-Aware User Authentication — Supporting Proximity-Based Login in Pervasive Computing , 2003, Jakob E. Bardram

Proximity-Based User Authentication : context-aware user authentication protocols

• login by approaching the computer physically

(with an authentication token)

Physical token (e.g., smart card) for gesturing and

as the cryptographic basis for authentication.

Context-aware system - verify the location of the person

and logs the person out when he or she leaves

Fallback mechanism : if the positioning infrastructure fails to determine the user’s location, then the user is requested to enter his or her password to log in.

EPR (Electronic patient Record) access of a nurse

• A nurse without log-out after using and go-out & easy password

• Pervasive environment such as a wall, a bed, …

상황인식 2010 가을 6713 주차

Proximity-based Authentication on HospitalContext ; additional security to smart card & alternative security for a password

• Security policy coupled with a context-awareness infrastructure

• User (has/ know/ is) cards + password + user’s trait + location

1. uses a JavaCard (physical token used for active gesturing basis) for identification and cryptographic calculations,

2. uses a context-awareness system for verifying the user’s location,

3. implements a security fall-back strategy

• Location context

• Passive RFID tags : for location information

• WLAN monitors : tell the cell-based location of networked devices

• Location errors handling : Estimated location of the person by probability –

Below a specified threshold values - entering id/password

Activity-based computing

• Allows users to carry with them, and restore, their work on heterogeneous devices in a pervasive computing environment.

• Users need to be authenticated on every device they want to use,

and easy login is hence a core challenge in the concept of activity-based computing

상황인식 2010 가을 6813 주차

From Context-aware Security to Context-Aware Safety

Security : “freedom from risk or danger; safety”, 보안, 보장

Safety : “the condition of being safe; freedom from danger, risk, or injury”

“a device designed to prevent accidents, as a lock on a firearm preventing accidental firing.” 안전, 안전한 곳

Different but similar meaning

Ex) At Smart home - Kitchen

Appliances can only be activated in the presence of an adult

The child cannot turn-on the stove without an adult

The stove turn-off automatically on higher temperature,

& smoke alarm

Instead of mapping security levels security actions

It is possible to map context to safety levels safety-related actions

상황인식 2010 가을 69

Kitchen

13 주차

Context-Awareness and Mirror-world models

윤 용운

70

2010.12.02

상황인식 2010 가을

Gelernter‘s Mirror Worlds

Gelernter, D., Mirror Worlds: or the Day Software Puts the Universe in a Shoebox -How It Will Happen and What It Will Mean, Oxford University Press, U.K., 1993.

Building Space in the Machine: Digital Tool Kits for Mirror Worlds, Andrew

A mirror world

• A virtual model or counterpart of some part of the physical world with detailed descriptions

such as city (Map), Hospital, University, Company, …

• Browse deeply within mirror worlds to different levels of detail, which aim to reflect the physical reality in real-time

• Interact with software agents in mirror worlds or with other visitors (perhaps real people in the physical world), or insert new agents

• Oceans of information from data-gathering , monitoring equipment with some combination of sensors, and sensor data filtering and processing

• Many mirror worlds are constructed by different people and integrated into a whole, and accessed by many people via different computers simultaneously

http://www.digitalurban.blogspot.com

상황인식 2010 가을 14 주차 71

… you flip channels until you find the Mirror World of your choice, and then you see a picture. Capturing the structure and present status of an entire company, university, hospital, city,orwhatever in a single (obviously elliptical, high level) sketch is a hard but solvable research problem. The picture changes subtly as you watch, mirroring changes in the world outside.

Web vs Mirror worldsWEB : Manually update (very tedious work)

• Reflects the physical world (such as personal home pages, university home pages, business with their own home pages…)

Mirror worlds

• idea of feeding data streams into a computational structure so that the data coming in is reflected in changes

• A high-level model for helping interpret the data, making it more comprehensible as like a context-aware system

• a context-aware system would aggregate or process sensory data into high-level context meaningful to an application

상황인식 2010 가을 14 주차 72

NEXUS

Making the World Wide Space happen- New challenges for the Nexus context platform, 2009, Lange, Stuttgart

NEXUS : Spatial world model for mobile Context-Aware application (2003 ~ 2010)

• Attempt at constructing mirror worlds

World Wide Space : the framework for integrating and sharing context models

• Federating spatial context models - technological fundamentals for such usage of context information to be shared by a wide variety of applications at a global scale.

three layers of abstraction:

• Physical world,

• Augmented-world model : Mirrors aspects of the physical world

Contains virtual objects that “augment” the physical world

• Information spaces

상황인식 2010 가을 14 주차 73

NEXUS

EXTENDED NEXUS ARCHITECTURE

Context Information Layer :

• consists of context data servers from arbitrary providers (CP).

• CPs provide context data at different levels of detail ranging from sensor data over static context to data histories and constitute the World Wide Space

Federation Layer :

• Distributed platform for context services provided by federation nodes (FN).

• Platform Services : Context services typically used by applications,

such as Context Reasoning, Context Cast, and Distributed Query Processing.

• Core Services : Functionality on which the Nexus Platform Services rely.

• Context Broker discovers relevant CPs for query processing and context reasoning.

• Situation Template generates a logical execution plan, a directed graph describing the data flow and the steps of the algorithm.

using Classic Logic and Bayesian Networks as reasoning algorithms.

Applications & Middleware Layer

• middleware services (MWS)

• Parts of the application logic can be outsourced into the MWS as Context-aware Workflows enabling the users to orchestrate repeating service usage

상황인식 2010 가을 14 주차 74

NEXUS

On building location aware applications using an open platform based on the NEXUS Augmented World Model, 2004, Nicklas

Augmented World Modeling Language (AWML)

Augmented World Query Language (AWQL)

Describe objects and relations between objects

in an augmented world model

• objects corresponding to real-world objects

& have position and extent(크기)

• virtual informational objects : augment the physical world

such as objects situated on Web servers, or containing navigational information

Sensors :

• Real sensors : modeled as special spatial objects

• Virtual sensors : combine several real sensors & provide synthesized or processed information

Associations : between augmented-world objects and real-world objects

Ex) associating Web pages with particular real-world objects such as exhibits of a museum

Relations : “part of”, “sticks on”, “belongs to”, “held by”

Applications : Museum Guide, Navigation Tool, Virtual Scavenger Hunt, Smart Factory

상황인식 2010 가을 14 주차 75

NEXUS

Structure of the Augmented World Model

• Spatial Object : the super class for all objects that are situated in space.

• With a position, an extent for geographical attributes, and several representations.

• Mobile Object & Static Objects

• Web situated Objects : no position and extension

• situated on web servers and can be addressed by a Uniform Resource Identifier (URI), like images, sounds, web pages or applications

• Navigational Objects, Event Objects

Relationships between Nexus Objects.

• Nexus Object Locator (NOL) : Area-ID, Object-ID, URI of the Spatial Model Server

• Nexus Relation Class

상황인식 2010 가을 14 주차 76

Virtual Worlds, Virtual EnvironmentsVirtual worlds : employed in many computer games, social interaction, entertainment

applications

Ex) MUD (Multi-User Dimension)

comprise 3_D worlds

Persons or their representatives called avatars might dwell and meet other avatars

• Such virtual worlds typically have no correspondence to real-world places,

but are constructed with spatial relationships and objects so as to provide adequate engaging realism

Virtual worlds Vs Mirror worlds

• mirror worlds do attempt to correspond to some real-world place, even if augmenting it with virtual objects,

• virtual worlds for games and entertainment applications generally do not

• Create sophisticated virtual worlds that mirror physical worlds in the spirit of the Nexus’ augmented-world models

Ex) real world movements of people through physical spaces can be mirrored in the virtual world by the movement of their corresponding avatars in virtual spaces

상황인식 2010 가을 14 주차 77

Aura, Focus, and Nimbus: Virtual Objects and Real-World Objects

MASSIVE: A Collaborative Virtual Environment for Teleconferencing , 1995, Greenhalgh

Communication : controlled by a spatial model of interaction

• one user’s perception of another user is sensitive to their relative positions and orientations

• Key concept in the spatial model is the Quantitative Awareness which one object has to another

Aura : total region within which object interacts

Focus : observing object’s attention

Nimbus : observed object’s visibility, observability

Mutual Awareness of devices or physical artifacts

• Mutual levels of awareness may not be identical

, may be negotiated between objects

상황인식 2010 가을 14 주차 78

auraMASSIVE : allows multiple users & simultaneous meetings to communicate using any combinations of audio, graphics, and text media over networksSpatial Mediation: governed by spatial factors such as their relative positions and orientations

Awareness & Interaction

Aura :

• (Benford , 1994) : A subspace which effectively bounds the presence of an object within a given medium which acts as an enabler of potential interaction.

• (Ferscha , 2004) : A subtle sensory stimulus of “attraction” that transmits “signals of attraction” governed by the “laws of attraction.”

• 어떤 object가 주변에 있는 다른 object와 information exchange를 할 수 있는 territory of virtual space

• size or shape of these auras varies independently as each object has its own criteria to meet

• Objects themselves now being responsible for controlling these interactions

This process of controlling the interaction is achievable by having degrees in the level of awareness between these objects.

상황인식 2010 가을 14 주차 79

Digital Aura Digital Aura, 2004, A. Ferscha

Aura : A subtle sensory stimulus of ―attraction‖ that transmits ―signals of attraction‖ governed by the ―laws of attraction.‖

• Smart space and smart appliances with invisible support, wireless data Links, & context-aware services have started to populate the real world and our daily lives

• Spontaneous interaction: in which things start to interact once they reach physical proximity to each other

Digital aura : built on technologies

• If an object detects the proximity (e.g. radio signal strength) of another object, then it starts exchanging and comparing profile data,

• If sufficient “similarity” of the two profiles, starts to interact with that object.

• Dense in the center of the object,

, Thins out towards its surrounding until it is no longer sensible by others

상황인식 2010 가을 14 주차 80

humans and humans (left), humans and things (center),

things and things (right)