Funded by EC contract FP6-027599 Workshop on Software and Service Development, Security &...
-
Upload
maurice-oconnor -
Category
Documents
-
view
213 -
download
0
Transcript of Funded by EC contract FP6-027599 Workshop on Software and Service Development, Security &...
10-11 July 2007, MariborFunded by EC contract FP6-027599
Workshop on
Software and Service Development, Security & Dependability
Run-time Dynamic Security from a Ubiquitous Computing Perspective
Dr David Llewellyn-JonesLiverpool John Moores [email protected]
http://www.cms.livjm.ac.uk/
2Funded by EC contract FP6-027599
ESFORS Software and Service Development, Security & Dependability Workshop
Liverpool John Moores University
• School of Computing & Mathematical Sciences– 7 Undergraduate BSc courses– 5 Masters MSc courses– 49 Staff (+)– 1,200 students– 120 MSc– 40+ PhD students
• Research Areas– Distributed Multimedia Systems and Security– Autonomic Software Engineering– Computer Game Research– Statistics & Neural Networks
3Funded by EC contract FP6-027599
ESFORS Software and Service Development, Security & Dependability Workshop
Challenge
• “… Systems will no longer be produced ab initio, but more and more as compositions and/or modifications of other, existing systems, often performed at runtime …” (ERCIM 2006, p 129).
• “… to harness, control and adapt to unplanned systems and environment changes whilst guaranteeing and preserving the required systems’ function and quality …” (ASCOMP 2007, p 17)
4Funded by EC contract FP6-027599
ESFORS Software and Service Development, Security & Dependability Workshop
Relevant research areas
SecurityNetworked Appliances
Digital Forensics
Agent-based IDS
Intrusion Detection
MANET Misbehaviour
P2P Community
DRM
P2P Community micropayments
WSN
Fault Tolerance
Security
Management Framework
NA Dynamic Composition
Wireless Multimedia
Health
Critical Infrastructure
NA/Virtual Environment Crossover
Bridging Virtual and Physical
NA SoS Security
SoS Security
Distributed Storage
Human Life Memories
Distributed Multimedia and Security
WARP
5Funded by EC contract FP6-027599
ESFORS Software and Service Development, Security & Dependability Workshop
Ubiquitous Computing
• Pervasive Services and Networked Appliances– Home focus, smaller scale– Nonetheless service oriented– Hardware and software– Highly heterogeneous– Highly dynamic
• Enterprise Information Systems
6Funded by EC contract FP6-027599
ESFORS Software and Service Development, Security & Dependability Workshop
Home service composition
7Funded by EC contract FP6-027599
ESFORS Software and Service Development, Security & Dependability Workshop
Existing results
• Many existing results can be applied– Dataflow (Composable Assurance, NI etc)– Access Control– Data encryption– Policy reconciliation– Input validation
• All amenable to run-time, middleware, dynamic and agile approaches
8Funded by EC contract FP6-027599
ESFORS Software and Service Development, Security & Dependability Workshop
Mind the gap
• Some gaps were identified previously; however our position foresees a need for solutions to– How to formally (and consistently) describe such
features– Agile composition– Translation into testing procedure
• Properties certification• Instrumentation• Where to perform checks, and by who in a cross-domain
system
9Funded by EC contract FP6-027599
ESFORS Software and Service Development, Security & Dependability Workshop
Middleware approach
• Approach security using middleware– Networked Appliance middleware– Abstracts implementation specifics
• Emphasis on run-time security– Properties of interacting services– Block or automatically re-work dangerous federations– Based on existing composition results
• Guaranteeing properties and requirements
10Funded by EC contract FP6-027599
ESFORS Software and Service Development, Security & Dependability Workshop
Where we are coming from
• Direct parallels - crossing application areas– Home appliances (NAL, PUCSec)– eHealth (Clove, 2enrich)– Critical Infrastructure and Emergency Response (FRETSET)– eGovernment (WITSA)
• Security– Service composition (PUCSec, NISTL)– Perimeter/deperimeterised defence– Infrastructure security (WARP)
• Autonomic Service Oriented Systems of Engineering– Software engineering methodology (ASCOMP)
11Funded by EC contract FP6-027599
ESFORS Software and Service Development, Security & Dependability Workshop
Conclusion
• Networked Appliances approach– Middleware security solutions– Applying existing results– Run-time security to block problematic
federations
• Highlights future directions and gaps– Feature description, certification,
instrumentation, control