11

Vigil : Enforcing Security in Vigil : Enforcing Security in Ubiquitous EnvironmentsUbiquitous Environments

Authors : Authors : Lalana Kagal, Jeffrey Undercoffer,Lalana Kagal, Jeffrey Undercoffer,

Anupam Joshi, Tim FininAnupam Joshi, Tim Finin

Presented by :Presented by :Amit ChoudhriAmit Choudhri

CMSC 628 Spring 2002CMSC 628 Spring 2002UMBCUMBC

22

Introduction Introduction Focal point of paper : Focal point of paper :

Ubiquitous / pervasive computing .i.e. : access to Ubiquitous / pervasive computing .i.e. : access to services and information ANYWHERE and services and information ANYWHERE and EVERYWHEREEVERYWHERE

Existing technologies for security in such Existing technologies for security in such environments :environments : Simple Public Key Infrastructure ( SPKI )Simple Public Key Infrastructure ( SPKI ) Role Based Access Control ( RBAC )Role Based Access Control ( RBAC )

33

Vigil complements these with Vigil complements these with “ “ distributed trust management distributed trust management “ “

Vigil is applied to Vigil is applied to Smart SpacesSmart Spaces

Smart Space :Smart Space :provides services and resources provides services and resources accessible by short-range wireless accessible by short-range wireless communication.communication.

44

Vigil uses the Centaurus model for Vigil uses the Centaurus model for the SmartSpace architecture.the SmartSpace architecture.

Centaurus SM proxies for clientsCentaurus SM proxies for clients

Vigil infrastructure :Vigil infrastructure : reduce load on mobile devicesreduce load on mobile devices media independentmedia independent provides services and information provides services and information

55

Security Challenges Security Challenges

Cannot provide unique user id and login Cannot provide unique user id and login for everyone for everyone not scalable. not scalable.

Cannot have a central authority per space.Cannot have a central authority per space.

No access control information available No access control information available when new users are authenticated.when new users are authenticated.

Heterogeneity of environments and Heterogeneity of environments and inconsistent interpretations of policy.inconsistent interpretations of policy.

66

ArchitectureArchitecture

Clients can move, attach, detach and Clients can move, attach, detach and re – attach at any point in the re – attach at any point in the framework.framework.

Vigil uses “ Vigil uses “ trust management trust management ““ Establishing trust relationshipsEstablishing trust relationships NOT quantifying trustNOT quantifying trust

Similar to RBAC Similar to RBAC Access rights are computed from its Access rights are computed from its

properties !properties !

77

ComponentsComponents Vigil has 6 components :Vigil has 6 components :

Service BrokerService Broker

Communication ManagerCommunication Manager

Certificate ControllerCertificate Controller

Security AgentSecurity Agent

Role Assignment ManagerRole Assignment Manager

Clients ( users & services )Clients ( users & services )

88

99

Service BrokerService Broker

The Service Broker is responsible for :

Processing Client Registration/De-Registration requests

responding to registered Client requests for a listing of available services,

brokering Subscribe/Un-Subscribe and Command requests from users to services

sending service updates to all subscribed users

1010

Service brokers in different spaces Service brokers in different spaces form a tree hierarchy form a tree hierarchy core of the core of the Vigil systemVigil system

Identified by their handles , i.e. Identified by their handles , i.e. position in the hierarchyposition in the hierarchy

Trust between clients in transitive Trust between clients in transitive through the Service Brokersthrough the Service Brokers

1111

ClientClient All users and services are clientsAll users and services are clients

Clients register with a Service Broker Clients register with a Service Broker in a space.in a space.

Digital certificate and Digital certificate and Showall Showall flag flag sent during registrationsent during registration

Clients can request services from Clients can request services from brokers and other clients, brokers and other clients, viavia service service brokers.brokers.

1212

Certificate ControllerCertificate Controller

Generates x.509 version 3 digital Generates x.509 version 3 digital certificates for system entitiescertificates for system entities

Verifies certificates presented by entitiesVerifies certificates presented by entities

These certificates are stored on the clients These certificates are stored on the clients smartcardsmartcard

Verification is based on a list of trusted Verification is based on a list of trusted CA’s and a set of verification rules and CA’s and a set of verification rules and policies.policies.

1313

Role Assignment ManagerRole Assignment Manager

Assigns roles to entities in a spaceAssigns roles to entities in a space

Maintains an Access Control List Maintains an Access Control List ( ACL )( ACL )

Uses rules from the security policy to Uses rules from the security policy to assign roles.assign roles.

Allows multiple roles for an entity Allows multiple roles for an entity and dynamic updating of roles.and dynamic updating of roles.

1414

Security AgentSecurity Agent

Maintains “ Maintains “ distributed trust distributed trust ” in the ” in the system.system.

Policy has rules for :Policy has rules for : Role assignmentRole assignment Access controlAccess control DelegationDelegation RevocationRevocation

PoliciesPolicies Global – organization levelGlobal – organization level Local – Space levelLocal – Space level

1515

Policy has Policy has PermissionsPermissions Prohibitions Prohibitions negative access rights negative access rights

Knowledge base is created using PrologKnowledge base is created using Prolog

All queries are converted to PrologAll queries are converted to Prolog

More complex than RBAC or ACL because More complex than RBAC or ACL because access rights can be delegated.access rights can be delegated.

Delegations are not random Delegations are not random from from authorized entity to authorized entities, authorized entity to authorized entities, follow policy.follow policy.

1616

Service AccessService Access On registration, user gets an interface to all

accessible services

Also services that have their ShowAll flag set are displayed User cannot access them , but can request access for them

User can get a list of services from its Service Broker.

Service Broker grants access after checking clients role and querying the Security Agent for the users rights.

If valid request, it forwards request to the service.If valid request, it forwards request to the service.

1717

DelegationDelegation

User can see services, but cannot use them User can see services, but cannot use them Showall Showall flag flag

User can request another user or service to User can request another user or service to delegate it the required access rights.delegate it the required access rights.

To request delegation, user sends request To request delegation, user sends request with digital certificatewith digital certificate

If delegated rights, Security Agent is If delegated rights, Security Agent is informed informed

1818

Delegated rights are valid only for a Delegated rights are valid only for a specific time.specific time.

Delegated rights can be re-delegated if Delegated rights can be re-delegated if allowed allowed

When time expires When time expires renew rights renew rights again again

Delegating user can revoke delegated Delegating user can revoke delegated rights by informing Security agent.rights by informing Security agent.

1919

TermsTerms

Role Based Access Control ( RBAC ) :Role Based Access Control ( RBAC ) :

Rights are associated with pre-defined roles, and not with Rights are associated with pre-defined roles, and not with users.users.

Roles can change in different environments, while user Roles can change in different environments, while user remains the same remains the same context – dependent semantics ! context – dependent semantics !

Rules for assigning roles are the main access control Rules for assigning roles are the main access control mechanismmechanism

Dynamic creation of roles is possible, based on Dynamic creation of roles is possible, based on inferencesinferences

Drawback : dynamic delegation of rights not possibleDrawback : dynamic delegation of rights not possible

2020

Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) PKI uses on-line repository for certificatesPKI uses on-line repository for certificates PKI provides on-line Certificate Revocation List PKI provides on-line Certificate Revocation List

(CRL)(CRL) PKI imposes a high overhead and increased traffic.PKI imposes a high overhead and increased traffic.

Simplified Public Key Infrastructure (SPKI) Simplified Public Key Infrastructure (SPKI) Entities send their certificate to SAEntities send their certificate to SA SA sends back its own certificate to entitySA sends back its own certificate to entity Certificates verified using certificate controllerCertificates verified using certificate controller Certificate has list of CA’s and rules for verificationCertificate has list of CA’s and rules for verification All entities can communicate by attaching their All entities can communicate by attaching their

certificates to initial message.certificates to initial message.

2121

Implementation Implementation

Security Agent uses Prolog for Security Agent uses Prolog for reasoningreasoning

Java was the development platformJava was the development platform

Centaurus framework which is used Centaurus framework which is used uses Centaurus Capability ML (CCML) uses Centaurus Capability ML (CCML)

CCML is used as data exchange format CCML is used as data exchange format between service requester and providerbetween service requester and provider

2222

Related ResearchRelated Research

Unisys Corporation / Orange experimental Unisys Corporation / Orange experimental house ( Hertford, England )house ( Hertford, England )

UC Berkeley’s Ninja ProjectUC Berkeley’s Ninja Project

Uwash’s Portolano projectUwash’s Portolano project

Stanford’s Interactive Workspaces ProjectStanford’s Interactive Workspaces Project

2323

Further WorkFurther Work

Implementing Implementing distributed beliefdistributed belief based on gossip for the SAbased on gossip for the SA

Using RDF or DAML instead of Prolog Using RDF or DAML instead of Prolog for encoding the trust informationfor encoding the trust information