Authors
1Department of Computer Science and Electrical Engineering, University of Maryland, Baltimore County 1000 Hilltop Circle, Baltimore, MD 21250, USA
2MIT Computer Science and Artificial Intelligence Lab, Cambridge, MA 02139, USA
3 Cougaar Software, Inc., 7600 Leesburg Pike Ste 105, Falls Church, VA 22043, USA
Abstract
Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.
Keywords
ubiquitous computing, security, policy, trust, privacy
References
Blaze, M. Feigenbaum, J. & Lacy, J. 1996 Decentralized trust management. In IEEE Conf. on Privacy and Security. Buchegger, S. & Boudec, J. L. 2002 Performance analysis of the confidant protocol: cooperation of nodes: fairness in distributed ad hoc networks. In Proc. IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC). Choudhri, A. Kagal, L. Joshi, A. Finin, T. & Yesha, Y. 2003 PatientService: electronic patient record redaction and delivery in pervasive environments. In 5th Int. Workshop on Enterprise Networking and Computing in Healthcare Industry (Healthcom 2003). Damianou, N. Dulay, N. Lupu, E. & Sloman, M. 2001 The ponder policy specification language. In Proc. Int. Workshop on Policies for Distributed Systems and Networks, LNCS, pp. 18–37. Ding, L. Zhou, L. & Finin, T. 2003 Trust based knowledge outsourcing for semantic web agents. In Proc. 2003 IEEE/WIC Int. Conf. on Web Intelligence. Finin, T. Joshi, A. Kagal, L. Niu, J. Sandhu, R. Winsborough, W. & Thuraisingham, B. 2008 Role based access control and OWL. In Proc. 4th Int. Workshop on OWL: experiences and directions. Golbeck, J. Parsia, B. & Hendler, J. 2003 Trust networks on the semantic web. In Proc. Cooperative Information Agents VII, vol. 2782. Lecture Notes in Computer Science, pp. 238–249. Grandison, T. & Sloman, M. 2000 A survey of trust in internet application. IEEE Commun. Surv. Tutorials (Fourth Quarter) 3 Jajodia, S. Samarati, P. & Subrahmanian, V. S. 1997 A logical language for expressing authorizations. In 1997 IEEE Symposium on Security and Privacy 00:0031. Kagal, L. Finin, T. & Joshi, A. 2003a A policy based approach to security for the semantic web. In 2nd Int. Semantic Web Conference (ISWC2003). Kagal, L. Finin, T. & Joshi, A. 2003b A policy language for a pervasive computing environment. In Proc. IEEE 4th Int. Workshop on Policies for Distributed Systems and Networks. Kagal, L., Finin, T., Joshi, A. & Greenspan, S. 2006 Security and privacy challenges in open and dynamic environments. Computer 39, 89–91, (doi:10.1109/MC.2006.207). Marti, S. Giuli, T. Lai, K. & Baker, M. 2000 Mitigating routing misbehavior in mobile ad hoc networks. In Proc. ACM MOBICOM 2000. Moses, T. et al. 2005 eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard 200502. Parker, J. Undercoffer, J. Pinkston, J. & Joshi, A. 2004 On intrustion detection and response for mobile ad hoc networks. In Proc. 23rd IEEE International Performance, Computing, and Communications Conference (IPCCC 2004), pp. 747–752. Phoneix, AZ: IEEE Computer Society. Parker, J. Patwardhan, A. & Joshi, A. 2006 Cross-layer analysis for detecting wireless misbehavior. In Proc. IEEE Consumer Communications and Networking Conference (CCNC 2006), vol. 1, pp. 6–9. Las Vegas, NV: IEEE Computer Society. Patwardhan, A. Korolev, V. Kagal, L. & Joshi, A. 2004 Enforcing policies in pervasive environments. In Int. Conf. on Mobile and Ubiquitous Systems: Networking and Services. Cambridge, MA: IEEE. Patwardhan, A. Joshi, A. Finin, T. & Yesha, Y. 2006 A data intensive reputation management scheme for vehicular ad hoc networks. In Proc. 2nd Int. Workshop on Vehicle-to-Vehicle Communications. Cambridge, MA: IEEE. Perich, F. Undercoffer, J. L. Kagal, L. Joshi, A. Finin, T. & Yesha, Y. 2004 Reputation we believe: query processing in mobile ad-hoc networks. In Int. Conf. on Mobile and Ubiquitous Systems: Networking and Services. Perkins, C. & Royer, E. 1999 Ad hoc on-demand distance vector routing. In IEEE Mobile Computing Systems and Applications. Sandhu, R.S. 1998 Role-based access control. Advances in computers (ed. Zerkowitz, M.), vol. 48. pp. 237–286, San Diego, CA: Academic Press Sandhu, R. & Park, J. 2003 Usage control: a vision for next generation access control. In Proc. Computer Network Security, vol. 2776. Lecture Notes in Computer Science, pp. 17–31. Shachtman, N. 2003 Pentagon alters Lifelog project. See http://www.wired.com/politics/law/news/2003/07/59607. Wired News. http://www.wired.com/politics/law/news/2003/07/59607 Tonti, G. Bradshaw, J. Jeffers, R. Montanari, R. Suri, N. & Uszok, A. 2003 Semantic web languages for policy representation and reasoning: a comparison of kaos, rei, and ponder. In Proc. Int. Semantic Web Conference, vol. 2870. Lecture Notes in Computer Science, pp. 419–437.
|