funded by ec contract fp6-027599 workshop on software and service development, security &...

10-11 July 2007, MariborFunded by EC contract FP6-027599

Workshop on

Software and Service Development, Security & Dependability

Run-time Dynamic Security from a Ubiquitous Computing Perspective

Dr David Llewellyn-JonesLiverpool John Moores [email protected]

http://www.cms.livjm.ac.uk/

2Funded by EC contract FP6-027599

ESFORS Software and Service Development, Security & Dependability Workshop

Liverpool John Moores University

• School of Computing & Mathematical Sciences– 7 Undergraduate BSc courses– 5 Masters MSc courses– 49 Staff (+)– 1,200 students– 120 MSc– 40+ PhD students

• Research Areas– Distributed Multimedia Systems and Security– Autonomic Software Engineering– Computer Game Research– Statistics & Neural Networks



Challenge

• “… Systems will no longer be produced ab initio, but more and more as compositions and/or modifications of other, existing systems, often performed at runtime …” (ERCIM 2006, p 129).

• “… to harness, control and adapt to unplanned systems and environment changes whilst guaranteeing and preserving the required systems’ function and quality …” (ASCOMP 2007, p 17)



Relevant research areas

SecurityNetworked Appliances

Digital Forensics

Agent-based IDS

Intrusion Detection

MANET Misbehaviour

P2P Community

DRM

P2P Community micropayments

WSN

Fault Tolerance

Security

Management Framework

NA Dynamic Composition

Wireless Multimedia

Health

Critical Infrastructure

NA/Virtual Environment Crossover

Bridging Virtual and Physical

NA SoS Security

SoS Security

Distributed Storage

Human Life Memories

Distributed Multimedia and Security

WARP



Ubiquitous Computing

• Pervasive Services and Networked Appliances– Home focus, smaller scale– Nonetheless service oriented– Hardware and software– Highly heterogeneous– Highly dynamic

• Enterprise Information Systems



Home service composition



Existing results

• Many existing results can be applied– Dataflow (Composable Assurance, NI etc)– Access Control– Data encryption– Policy reconciliation– Input validation

• All amenable to run-time, middleware, dynamic and agile approaches



Mind the gap

• Some gaps were identified previously; however our position foresees a need for solutions to– How to formally (and consistently) describe such

features– Agile composition– Translation into testing procedure

• Properties certification• Instrumentation• Where to perform checks, and by who in a cross-domain

system



Middleware approach

• Approach security using middleware– Networked Appliance middleware– Abstracts implementation specifics

• Emphasis on run-time security– Properties of interacting services– Block or automatically re-work dangerous federations– Based on existing composition results

• Guaranteeing properties and requirements



Where we are coming from

• Direct parallels - crossing application areas– Home appliances (NAL, PUCSec)– eHealth (Clove, 2enrich)– Critical Infrastructure and Emergency Response (FRETSET)– eGovernment (WITSA)

• Security– Service composition (PUCSec, NISTL)– Perimeter/deperimeterised defence– Infrastructure security (WARP)

• Autonomic Service Oriented Systems of Engineering– Software engineering methodology (ASCOMP)



Conclusion

• Networked Appliances approach– Middleware security solutions– Applying existing results– Run-time security to block problematic

federations

• Highlights future directions and gaps– Feature description, certification,

instrumentation, control

funded by ec contract fp6-027599 workshop on software and service development, security &...

Documents