6/3/2015icps 20061 designing a publish subscribe substrate for privacy/security in pervasive...
Post on 19-Dec-2015
216 views
TRANSCRIPT
04/18/23 ICPS 2006 1
Designing a Publish Subscribe Substrate for Privacy/Security in Pervasive EnvironmentsLukasz Opyrchal Miami University, Oxford, OH
Atul Prakash University of Michigan, Ann Arbor
Amit Agrawal IIT, New Delhi, India
04/18/23 ICPS 2006 2
Miami University
Oxford, Ohio Not Miami, Florida
Established in 1809 Older than state of Florida Older than city of Miami
04/18/23 ICPS 2006 3
Two Themes
Building a secure content-based publish subscribe system
Create a “privacy-aware” location tracking application
04/18/23 ICPS 2006 4
Publish Subscribe Systems
subscriber
subscriber
subscriber
subscriber
subscriber
publisher
publisher
subscriber
subscriber
brokers
04/18/23 ICPS 2006 5
Content-Based Publish Subscribe
SIENA, Elvin, Hermes IBM: Gryphon Microsoft: Herald
Publishers
Subscribers
[Issue = "IBM", Price > 100]
[Issue = *, Vol >= 1000]
[Issue = "IBM", Price*Vol >= 1M]
Event Schema:
[Issue,Price,Vol]
Only rudimentary security solutions exist
04/18/23 ICPS 2006 6
Dynamic Nature of Content-Based Systems
Cannot determine the set of interested subscribers before an event is published
04/18/23 ICPS 2006 7
Content-Based Systems and Security? Only basic security solution
Coarse grained
Cambridge University Opera group First attempt at security model for content-based
systems RBAC model Little detail in the published paper
04/18/23 ICPS 2006 8
Policy Dimensions
Authorization/Authentication existing solutions (Kerberos, certificates, etc.)
Access Control conditions under which an action can be performed historically – coarse-grained
Data Security security guarantees (confidentiality, integrity, sender
authenticity, etc.) Granularity of Security Guarantees
explained later
04/18/23 ICPS 2006 9
Entities
Application application administrator consists of multiple event types LOC_APP application:
LOC_INFO and LOC_SERVICE event types Event type
describes event schema Owner
can authorize others to subscribe, receive and modify policy for its events
one or more owners per event type
04/18/23 ICPS 2006 10
Policy Language
Based on KeyNote [RFC 2704] Fields:
Authorizer Licensees Conditions Signature
04/18/23 ICPS 2006 11
Sample Rules
Authorizer: “POLICY”Licensees: adminConditions: (app_domain == “LOC_APP”)
-> “true”;
Authorizer: adminLicensees: joeConditions: (app_domain == “LOC_APP”)&&
(evtType == “LOC_INFO”) &&(user == “joe”) &&(owner == “joe”)
-> “true”;
04/18/23 ICPS 2006 12
Policy Evaluation
KeyNote Trust Management System Used in many applications Available implementation Clear API Slow
CPOL Developed at University of Michigan
By Kevin Borders and Atul Prakash High performance policy evaluation Language expressiveness similar to KeyNote Direct support for delegation
04/18/23 ICPS 2006 13
Access Control
Actions authenticate advertise publish subscribe receive change policy
04/18/23 ICPS 2006 14
System
Implemented in Java Supports any number of applications and event types
Advertisements read at start-up External attributes
Event schema List of attributes All attributes - String
[LOC_INFO: (user, building, room)]
04/18/23 ICPS 2006 16
Policies We Are Interested In
Environment-dependent sharing Share info at certain times, Share info in certain locations, Share info during special events, etc.
Privacy-protected access to services Location-based notification Without revealing ones location
04/18/23 ICPS 2006 17
Location-Tracking Application
Event schema:[LOC_INFO: (user, building, room)]
Sensors planned – RFID, 802.11 currently – event generator
Privacy policies users own events about them allow others to receive your events based on event attributes and external attributes
04/18/23 ICPS 2006 18
Authorizer: POLICYLicensee: location_adminConditions: (app_domain == “LOC_APP”) -> “true”;
Authorizer: location_adminConditions: (app_domain == “LOC_APP”) && (evtType == “LOC_INFO”)
(action == “SUBSCRIBE’) -> “true”;
Authorizer: location_adminLicensee: location_publisherConditions: (app_domain == “LOC_APP”) && (evtType == “LOC_INFO”)
(action == “PUBLISH’) -> “true”;
Authorizer: location_adminLicensee: ownerConditions: (app_domain == “LOC_APP”) && (evtType == “LOC_INFO”) &&
((action == “RECEIVE”) || (action == “CHANGE_POLICY”))-> “true”;
Authorizer: BobLicensee: Alice || Eve || NickConditions: (app_domain == “LOC_APP”) && (evtType == “LOC_INFO”) &&
(owner == “Bob”) && (action == “RECEIVE”) && ((extTime == “WORK_DAY”) || (extTime == “WORK_NIGHT”)) -> “true”;
Authorizer: NickConditions: (app_domain == “LOC_APP”) && (evtType == “LOC_INFO”) &&
(owner == “Nick”) && (action == “RECEIVE”) && (extCollaborator == “true”)-> “true”;
Authorizer: EveConditions: (app_domain == “LOC_APP”) && (evtType == “LOC_INFO”) &&
(owner == “Eve”) && (action == “RECEIVE”) &&(building == extBuilding) && (room == extRoom) -> “true”;
location_admin is the administrator of LOC_APP application
Authorizer: POLICYLicensee: location_adminConditions: (app_domain == “LOC_APP”) -> “true”;
Eve authorizes everybody to receive her events but only when Eve and the subscriber are in the same room.
Authorizer: EveConditions: (app_domain == “LOC_APP”) && (evtType == “LOC_INFO”) &&
(owner == “Eve”) && (action == “RECEIVE”) &&(building == subBuilding) && (room == subRoom) -> “true”;
04/18/23 ICPS 2006 19
Conclusion and Future Work
Flexible security framework for content-based systems
Support for complex privacy policies Services (such as privacy filters)
Event filter infrastructure Publisher/subscriber
04/18/23 ICPS 2006 20
Future Work
Restricting delegation CPOL provides direct control over delegation
Support for contract signing Support for archived events Extensions to the pub-sub system
Broker trust Extensive performance experiments
04/18/23 ICPS 2006 22
Privacy
The ability of an individual to control the terms for acquisition and usage of their personal information*
How to build applications and services while providing means to users to have control over the conditions of distribution of their data
* M. J. Culnan, “Protecting Privacy Online: Is Self Regulation Working.”
04/18/23 ICPS 2006 23
Motivation
Publish subscribe systems information delivery enterprise systems
supply chain, workflow, e-commerce pervasive applications
Content-based systems emerging applications
wireless/location aware apps, military apps, sensor networks, large scale enterprise systems, web services
emerging commercial solutions IBM (Gryphon), Microsoft (Herald), Mantara, Pre-Cache