vigil : enforcing security in ubiquitous environments
DESCRIPTION
Vigil : Enforcing Security in Ubiquitous Environments. Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri CMSC 628 Spring 2002 UMBC. Introduction. Focal point of paper : - PowerPoint PPT PresentationTRANSCRIPT
11
Vigil : Enforcing Security in Vigil : Enforcing Security in Ubiquitous EnvironmentsUbiquitous Environments
Authors : Authors : Lalana Kagal, Jeffrey Undercoffer,Lalana Kagal, Jeffrey Undercoffer,
Anupam Joshi, Tim FininAnupam Joshi, Tim Finin
Presented by :Presented by :Amit ChoudhriAmit Choudhri
CMSC 628 Spring 2002CMSC 628 Spring 2002UMBCUMBC
22
Introduction Introduction Focal point of paper : Focal point of paper :
Ubiquitous / pervasive computing .i.e. : access to Ubiquitous / pervasive computing .i.e. : access to services and information ANYWHERE and services and information ANYWHERE and EVERYWHEREEVERYWHERE
Existing technologies for security in such Existing technologies for security in such environments :environments : Simple Public Key Infrastructure ( SPKI )Simple Public Key Infrastructure ( SPKI ) Role Based Access Control ( RBAC )Role Based Access Control ( RBAC )
33
Vigil complements these with Vigil complements these with “ “ distributed trust management distributed trust management “ “
Vigil is applied to Vigil is applied to Smart SpacesSmart Spaces
Smart Space :Smart Space :provides services and resources provides services and resources accessible by short-range wireless accessible by short-range wireless communication.communication.
44
Vigil uses the Centaurus model for Vigil uses the Centaurus model for the SmartSpace architecture.the SmartSpace architecture.
Centaurus SM proxies for clientsCentaurus SM proxies for clients
Vigil infrastructure :Vigil infrastructure : reduce load on mobile devicesreduce load on mobile devices media independentmedia independent provides services and information provides services and information
55
Security Challenges Security Challenges
Cannot provide unique user id and login Cannot provide unique user id and login for everyone for everyone not scalable. not scalable.
Cannot have a central authority per space.Cannot have a central authority per space.
No access control information available No access control information available when new users are authenticated.when new users are authenticated.
Heterogeneity of environments and Heterogeneity of environments and inconsistent interpretations of policy.inconsistent interpretations of policy.
66
ArchitectureArchitecture
Clients can move, attach, detach and Clients can move, attach, detach and re – attach at any point in the re – attach at any point in the framework.framework.
Vigil uses “ Vigil uses “ trust management trust management ““ Establishing trust relationshipsEstablishing trust relationships NOT quantifying trustNOT quantifying trust
Similar to RBAC Similar to RBAC Access rights are computed from its Access rights are computed from its
properties !properties !
77
ComponentsComponents Vigil has 6 components :Vigil has 6 components :
Service BrokerService Broker
Communication ManagerCommunication Manager
Certificate ControllerCertificate Controller
Security AgentSecurity Agent
Role Assignment ManagerRole Assignment Manager
Clients ( users & services )Clients ( users & services )
88
99
Service BrokerService Broker
The Service Broker is responsible for :
Processing Client Registration/De-Registration requests
responding to registered Client requests for a listing of available services,
brokering Subscribe/Un-Subscribe and Command requests from users to services
sending service updates to all subscribed users
1010
Service brokers in different spaces Service brokers in different spaces form a tree hierarchy form a tree hierarchy core of the core of the Vigil systemVigil system
Identified by their handles , i.e. Identified by their handles , i.e. position in the hierarchyposition in the hierarchy
Trust between clients in transitive Trust between clients in transitive through the Service Brokersthrough the Service Brokers
1111
ClientClient All users and services are clientsAll users and services are clients
Clients register with a Service Broker Clients register with a Service Broker in a space.in a space.
Digital certificate and Digital certificate and Showall Showall flag flag sent during registrationsent during registration
Clients can request services from Clients can request services from brokers and other clients, brokers and other clients, viavia service service brokers.brokers.
1212
Certificate ControllerCertificate Controller
Generates x.509 version 3 digital Generates x.509 version 3 digital certificates for system entitiescertificates for system entities
Verifies certificates presented by entitiesVerifies certificates presented by entities
These certificates are stored on the clients These certificates are stored on the clients smartcardsmartcard
Verification is based on a list of trusted Verification is based on a list of trusted CA’s and a set of verification rules and CA’s and a set of verification rules and policies.policies.
1313
Role Assignment ManagerRole Assignment Manager
Assigns roles to entities in a spaceAssigns roles to entities in a space
Maintains an Access Control List Maintains an Access Control List ( ACL )( ACL )
Uses rules from the security policy to Uses rules from the security policy to assign roles.assign roles.
Allows multiple roles for an entity Allows multiple roles for an entity and dynamic updating of roles.and dynamic updating of roles.
1414
Security AgentSecurity Agent
Maintains “ Maintains “ distributed trust distributed trust ” in the ” in the system.system.
Policy has rules for :Policy has rules for : Role assignmentRole assignment Access controlAccess control DelegationDelegation RevocationRevocation
PoliciesPolicies Global – organization levelGlobal – organization level Local – Space levelLocal – Space level
1515
Policy has Policy has PermissionsPermissions Prohibitions Prohibitions negative access rights negative access rights
Knowledge base is created using PrologKnowledge base is created using Prolog
All queries are converted to PrologAll queries are converted to Prolog
More complex than RBAC or ACL because More complex than RBAC or ACL because access rights can be delegated.access rights can be delegated.
Delegations are not random Delegations are not random from from authorized entity to authorized entities, authorized entity to authorized entities, follow policy.follow policy.
1616
Service AccessService Access On registration, user gets an interface to all
accessible services
Also services that have their ShowAll flag set are displayed User cannot access them , but can request access for them
User can get a list of services from its Service Broker.
Service Broker grants access after checking clients role and querying the Security Agent for the users rights.
If valid request, it forwards request to the service.If valid request, it forwards request to the service.
1717
DelegationDelegation
User can see services, but cannot use them User can see services, but cannot use them Showall Showall flag flag
User can request another user or service to User can request another user or service to delegate it the required access rights.delegate it the required access rights.
To request delegation, user sends request To request delegation, user sends request with digital certificatewith digital certificate
If delegated rights, Security Agent is If delegated rights, Security Agent is informed informed
1818
Delegated rights are valid only for a Delegated rights are valid only for a specific time.specific time.
Delegated rights can be re-delegated if Delegated rights can be re-delegated if allowed allowed
When time expires When time expires renew rights renew rights again again
Delegating user can revoke delegated Delegating user can revoke delegated rights by informing Security agent.rights by informing Security agent.
1919
TermsTerms
Role Based Access Control ( RBAC ) :Role Based Access Control ( RBAC ) :
Rights are associated with pre-defined roles, and not with Rights are associated with pre-defined roles, and not with users.users.
Roles can change in different environments, while user Roles can change in different environments, while user remains the same remains the same context – dependent semantics ! context – dependent semantics !
Rules for assigning roles are the main access control Rules for assigning roles are the main access control mechanismmechanism
Dynamic creation of roles is possible, based on Dynamic creation of roles is possible, based on inferencesinferences
Drawback : dynamic delegation of rights not possibleDrawback : dynamic delegation of rights not possible
2020
Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) PKI uses on-line repository for certificatesPKI uses on-line repository for certificates PKI provides on-line Certificate Revocation List PKI provides on-line Certificate Revocation List
(CRL)(CRL) PKI imposes a high overhead and increased traffic.PKI imposes a high overhead and increased traffic.
Simplified Public Key Infrastructure (SPKI) Simplified Public Key Infrastructure (SPKI) Entities send their certificate to SAEntities send their certificate to SA SA sends back its own certificate to entitySA sends back its own certificate to entity Certificates verified using certificate controllerCertificates verified using certificate controller Certificate has list of CA’s and rules for verificationCertificate has list of CA’s and rules for verification All entities can communicate by attaching their All entities can communicate by attaching their
certificates to initial message.certificates to initial message.
2121
Implementation Implementation
Security Agent uses Prolog for Security Agent uses Prolog for reasoningreasoning
Java was the development platformJava was the development platform
Centaurus framework which is used Centaurus framework which is used uses Centaurus Capability ML (CCML) uses Centaurus Capability ML (CCML)
CCML is used as data exchange format CCML is used as data exchange format between service requester and providerbetween service requester and provider
2222
Related ResearchRelated Research
Unisys Corporation / Orange experimental Unisys Corporation / Orange experimental house ( Hertford, England )house ( Hertford, England )
UC Berkeley’s Ninja ProjectUC Berkeley’s Ninja Project
Uwash’s Portolano projectUwash’s Portolano project
Stanford’s Interactive Workspaces ProjectStanford’s Interactive Workspaces Project
2323
Further WorkFurther Work
Implementing Implementing distributed beliefdistributed belief based on gossip for the SAbased on gossip for the SA
Using RDF or DAML instead of Prolog Using RDF or DAML instead of Prolog for encoding the trust informationfor encoding the trust information