Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP...
-
Upload
magdalen-dennis -
Category
Documents
-
view
212 -
download
0
Transcript of Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP...
Threats, Risk Assessment, and Policy Management in UbiComp
Workshop on Security in UbiComp
UBICOMP 2002, 29th Sept. Göteborg, Sweden
Philip Robinson, SAP Corporate Research & Telecooperation Office
Management & Access Scope of UbiComp Environments and ApplicationsClosed/ EmbeddedClosed/ Embedded
PersonalPersonal
Static GroupsStatic Groups
PublicPublic
Ad Hoc GroupsAd Hoc Groups
Point of AlertStatic Threat = Static Threat =
Unsolicited Unsolicited interactive access to interactive access to system by non-group system by non-group
membermemberAd Hoc Threat = Ad Hoc Threat = Unsolicited use of Unsolicited use of special services – special services –
access beyond role access beyond role and rights and rights
Public Threat = Public Threat = “unsolicited “unsolicited
modification/ misuse modification/ misuse of systemof system
Personal Threat = Personal Threat = Unsolicited Unsolicited
possession of system possession of system (tangible access)(tangible access)
Closed Threat = Closed Threat = Unsolicited access to Unsolicited access to
system locationsystem location
“Access to a system or its resources/ information is the first line of attack”
Risk – all about Context
• Information and Resources have no value without a particular Context.
• Context information changes the awareness and evaluation of risks
• Awareness of risks changes the utility of and contribution to the Context information
4999 910 876 1234Credit Card #:
Photodiode(light intensity sensor)
Accelerometer(movement sensor)
Thermometer(temperature sensor)
Barometer(pressure sensor)
(other sensor...)
Analog/ DigtalConverter
MicrocontrollerCommunications
Photodiode(light intensity sensor)
Accelerometer(movement sensor)
Thermometer(temperature sensor)
Barometer(pressure sensor)
(other sensor...)
Analog/ DigtalConverter
MicrocontrollerCommunications
When is the risk pending?
DataData
Sensor/ Low-levelContext Information
(cues) temperature accelerationlocation
Computed/ PartialContext Information
Movement
Office
Occupied
Elicited/ Meta-levelContext Information
Meeting and Discussionin Session, and topic is…
Attack Profile
RREESSOOUURRCCEESS
CCOONNTTEEXXTT
CommunicationalCommunicational(Reception & Transmission(Reception & Transmission)
InteractiveInteractive(Stimuli & Response(Stimuli & Response)
PerceptivePerceptive(Sensors & Actuators)(Sensors & Actuators)
ComputationalComputational(Memory, Power & Processing(Memory, Power & Processing)
ATTACKATTACK
ATTACKATTACK
ATTACKATTACK
ATTACKATTACK
Attacker listens in on communications channel.
Attacks on confidentiality & privacy!
Attack by abusing lack or excess of computational
capacity – denial of service or malicious code attacks
Attack by embedding false sensor and actuator devices
into environment – attack on context derivation integrity
Attack by falsifying the physical environment’s
signals – attack on context reading integrity
Policy ManagementAdministrative Distribution
data
Definition-Document encoded-Application encoded-Entity encoded
Enforcement-Security Mechanism selection-Physical vs. Logical
Modification & Dissolution-Static vs. Dynamic-Consistency & notification
Auditing-Centralized vs. Distributed
Behavioral policy, relational policy
Analogsignal
A/D
transmissionComputationDigitalsignal
Interpretationemission
Physicalenvironment
Signal integrity policy
Context-based policies Computational policies
Communication policies
Authorization policies
Summary
• Identify access scope of UbiComp application• Determine point-of-alert based on access scope• Determine when the context creates a manageable
risk• Perform a Threat Analysis• Define policy model to circumvent threats• Implement mechanisms to enforce policy• Establish methodology for managing policy
information
Policy Enforcement
Policy Dissolution
Policy Modification