Download - Context-Aware Security for Mobiles
Context-Aware Security for MobilesSIDAR SPRING 2009, Stuttgart
Leonid Batyuk
DAI-Labor, Technische Universität Berlin
September 14, 2009
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Outline1 Motivation
2 The Notion of ContextWhat is Context?Context ClassificationContext-Awareness
3 Context-Awareness in IT-SecuritySecurity and privacy in context-aware applicationsContext-awareness in security applications
4 Proposed ApproachThe Problem - RevisitedProposed Solution
Context-Aware Security Leonid Batyuk Slide 2/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Outline1 Motivation
2 The Notion of ContextWhat is Context?Context ClassificationContext-Awareness
3 Context-Awareness in IT-SecuritySecurity and privacy in context-aware applicationsContext-awareness in security applications
4 Proposed ApproachThe Problem - RevisitedProposed Solution
Context-Aware Security Leonid Batyuk Slide 3/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Motivation
MotivationWhat is context and why is it important?
Anytime, anywhere connected.Increasing ubiquity of technology.The smartphone is always with you.But - is it secure enough?
Goal:Make a smartphone more securethrough automatic proactive and reactiveassistance.
Context-Aware Security Leonid Batyuk Slide 4/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Motivation
Problem
Established security solutions are mostly designed forwired networksA mobile node moving through potentially hostileenvironments implies new security threatsBut: a node can tell a lot about its state and its environmentSolution: consider this context information in securitydecisions
Context-Aware Security Leonid Batyuk Slide 5/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Motivation
The Vision
Secure, autonomous, context-awaremobile deviceUse context information to:
Enforce security policiesRecognize data leaksProvide the right information in theright contextIncrease usability and acceptanceof smartphonesSave power
Context-Aware Security Leonid Batyuk Slide 6/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Motivation
Use Cases
Corporate user Highly secured(governmen-tal?) devices
A customerconcerned about
her privacyand security
Context-Aware Security Leonid Batyuk Slide 7/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Outline1 Motivation
2 The Notion of ContextWhat is Context?Context ClassificationContext-Awareness
3 Context-Awareness in IT-SecuritySecurity and privacy in context-aware applicationsContext-awareness in security applications
4 Proposed ApproachThe Problem - RevisitedProposed Solution
Context-Aware Security Leonid Batyuk Slide 8/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
What is Context?
The Notion of Context
Very complex notion.Everything - from temperature to grade of happiness.
Context-Aware Security Leonid Batyuk Slide 9/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
What is Context?
Existing Definitions
The complete state of the universeat an instant of time[McCarthy and Hayes, 1969]The elements of the user’senvironment that the computerknows about [Brown, 1996]Any information that can be used tocharacterize the situation of anentity [Abowd et al., 1999]
Context-Aware Security Leonid Batyuk Slide 10/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
What is Context?
Existing Definitions IIThe best one
Precise, for ubiquitous computing - our case!Context is the set of environmental states and settings thateither determines an application’s behavior or in which anapplication event occurs and is interesting to the user[Chen and Kotz, 2000]
Context-Aware Security Leonid Batyuk Slide 11/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context Classification
Classification of Context Components
Context consists of many componentsAlmost everything can be considered context.Now, how to classify these components?
Context-Aware Security Leonid Batyuk Slide 12/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context Classification
Classification of Context Components
Context
remote local
physical virtual
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 13/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context Classification
Examples of Sensors
Context
remote local
physical virtual
Temperature
Proximity
Light
Foreground process
System load
Connectivity
Location service Other device
Presence service
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 14/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context Classification
Arising Questions
Context
remote local
physical virtual
Which sensors to use?
Sensor connectivity?
Power consumption?
Performance?
Granularity?
Update strategy?
Privacy? Security?
Communication cost?
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 15/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-Awareness
Function of a Context-Aware Application
Context-aware software is able to sense, reason and actuate.[Baker et al., 2009]
Sense Reason Actuate
Context-Aware System
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 16/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-Awareness
Function of a Context-Aware Application
Context-aware software is able to sense, reason and actuate.[Baker et al., 2009]
Sense Reason Actuate
Context-Aware System
Looks familiar?
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 16/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-Awareness
Function of a Context-Aware Application
Context-aware software is able to sense, reason and actuate.[Baker et al., 2009]
Sense Reason Actuate
Context-Aware System
Sensor AI Effector
Intelligent Agent
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 16/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-Awareness
Function of a Context-Aware Application
Context-aware software is able to sense, reason and actuate.[Baker et al., 2009]
Sense Reason Actuate
Context-Aware System
Sensor AI Effector
Intelligent AgentMatch!
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 16/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-Awareness
Function of a Context-Aware Application
Context-aware software is able to sense, reason and actuate.[Baker et al., 2009]
Sense Reason Actuate
Context-Aware System
Sensor AI Effector
Intelligent AgentMatch!
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 16/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-Awareness
Function of a Context-Aware Application
Context-aware software is able to sense, reason and actuate.[Baker et al., 2009]
Sense Reason Actuate
Context-Aware System
Sensor AI Effector
Intelligent AgentMatch!
Profit!
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 16/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-Awareness
Common Properties of a Context-Aware System
Actuator Layer
Control-Decision Layer
Context & Semantic Layer
Sensor Layer
CAS Layers [Baker et al., 2009]
Context-Aware Systemsare oftenknowledge-orientedAI methods arefrequently used forcontext definition andanalysis
Context-Aware Security Leonid Batyuk Slide 17/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-Awareness
Common Properties of a Context-Aware System
Actuator Layer
Control-Decision Layer
Context & Semantic Layer
Sensor Layer
CAS Layers [Baker et al., 2009]
Context-Aware Systemsare oftenknowledge-orientedAI methods arefrequently used forcontext definition andanalysis
Context-Aware Security Leonid Batyuk Slide 17/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-Awareness
Common Properties of a Context-Aware System
Actuator Layer
Control-Decision Layer
Context & Semantic Layer
Sensor Layer
CAS Layers [Baker et al., 2009]
Context-Aware Systemsare oftenknowledge-orientedAI methods arefrequently used forcontext definition andanalysis
Context-Aware Security Leonid Batyuk Slide 17/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-Awareness
Aspects of Context Handling
Active Badge Indoor Positioning
System - the godfather of
context-aware applications
Sensor access strategy:directmiddlewarenetworked
Context dissemination strategy:polling (“pull”)publish-subscribe (“push”)
Application field:cyberguidessmart environmentsaugmented reality. . .
Context-Aware Security Leonid Batyuk Slide 18/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Outline1 Motivation
2 The Notion of ContextWhat is Context?Context ClassificationContext-Awareness
3 Context-Awareness in IT-SecuritySecurity and privacy in context-aware applicationsContext-awareness in security applications
4 Proposed ApproachThe Problem - RevisitedProposed Solution
Context-Aware Security Leonid Batyuk Slide 19/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-awareness and Security
Two aspects:Security and privacy incontext-aware applicationsContext-awareness in securityapplications⇐ this one ismore interesting for me
Context-Aware Security Leonid Batyuk Slide 20/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Security and privacy in context-aware applications
Securing existing context-aware applications
Security is an issue in distributed context-awareapplicationsMost authors concentrate on two issues[Baldauf et al., 2004]:
1 establishing secure communications2 ensuring the credibility of context - ”Quality of Context“
[Toninelli et al., 2009]
Context-Aware Security Leonid Batyuk Slide 21/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-awareness in security applications
Context-aware access control
Several authors propose using context information toenrich access control mechanismsA common concept is adding context-awareness to RBACACL vs. Context-Aware RBAC:
Who? × What?
Allow/Deny
ACL
Who? × Where? × When? × What? × W*?
Allow/Deny
Context-Aware RBAC
Context-Aware Security Leonid Batyuk Slide 22/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-awareness in security applications
Context-aware access controlExisiting solutions
CASA - Context Aware Security Architecture[Covington et al., 2002]
Provides access control in a smart homeBased on GRBAC [Covington et al., 2001]Uses a modified Context Toolkit [Dey et al., 1999]
DRBAC - Dynamic RBAC [Zhang and Parashar, 2004]
Context-Aware Security Leonid Batyuk Slide 23/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Context-awareness in security applications
Context-aware access controlExisting solutions (continued)
DCASS - Dynamic Context-Aware Security System[Hu and Weaver, 2004]
Provides access control in a pervasive healthcareenvironmentHeavy use of web services, WS-PolicyOverly complicated, but theoretically sound
Proteus - semantic context-aware access control modelthat is centered around the concept of context[Toninelli et al., 2009]
Introduces the quality of context as a measure of contexttrustworthinessUses RDF to define policiesUses Contory [Riva, 2006] and SPARQL[Prud’hommeaux and Seaborne, 2006]
Context-Aware Security Leonid Batyuk Slide 24/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Outline1 Motivation
2 The Notion of ContextWhat is Context?Context ClassificationContext-Awareness
3 Context-Awareness in IT-SecuritySecurity and privacy in context-aware applicationsContext-awareness in security applications
4 Proposed ApproachThe Problem - RevisitedProposed Solution
Context-Aware Security Leonid Batyuk Slide 25/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
The Problem - Revisited
Disadvantages of the existing solutions
?Most mobile solutions focus onusability, not securityMost security-enabling solutions donot focus on mobile devicesThose which focus on both haveevolved out of Smart HomeEnvironments and thus rely on anexternal sensor architecture.
Context-Aware Security Leonid Batyuk Slide 26/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Proposed Solution
Overview
Device Monitoring
Context Recognition
Context Matching
Reaction
AI
Policy DB
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 27/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Proposed Solution
Overview
Device Monitoring
Context Recognition
Context Matching
Reaction
AI
Policy DB
User
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 27/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Proposed Solution
Scenario: Stolen Device
Device Monitoring
Context Recognition
Context Matching
Reaction
Unusual activities
Unfamiliar context
Device may have been stolen
Require authentication
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 28/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Proposed Solution
Scenario: Insecure Environment
Device Monitoring
Context Recognition
Context Matching
Reaction
Unprotected wireless connection
Insecure context
Device may be in a hostile environment
Activate VPN
+ +
+ +
Context-Aware Security Leonid Batyuk Slide 29/38
Motivation The Notion of Context Context-Awareness in IT-Security Proposed Approach
Proposed Solution
Scope
In scopeRun locally on the deviceRely on as less external architecture as possibleModular, configurable and manageableShift security responsiblity from the user to the middleware
Out of scopeUsing AI to render policiesBullet-proof system, immune against attacksA corporate-grade quality product
Context-Aware Security Leonid Batyuk Slide 30/38
Appendix
For Further Reading
Thank you!
+49 (0) 30 - 314 74119+49 (0) 30 - 314 74003
Dipl.-Inf. Leonid Batyuk
Competence Center SecurityResearcher
Context-Aware Security Leonid Batyuk Slide 31/38
Appendix
For Further Reading
For Further Reading I
Abowd, G. D., Dey, A. K., Brown, P. J., Davies, N., Smith,M., and Steggles, P. (1999).Towards a better understanding of context andcontext-awareness.In Proceedings of the Workshop on What, Who, Where,When and How of Context-Awareness.
Baker, N., Zafar, M., Moltschanov, B., and Knappmeyer, M.(2009).Context-aware systems and implications for future internet.In Future Internet Conference and Technical Workshops.
Context-Aware Security Leonid Batyuk Slide 32/38
Appendix
For Further Reading
For Further Reading II
Baldauf, M., Dustdar, S., and Rosenberg, F. (2004).A survey on context-aware systems.International Journal of Ad Hoc and Ubiquitous Computing,2(4):263–277.
Brown, P. J. (1996).The stick-e document: a framework for creatingcontext-aware applications.In Proceedings of EP’96, Palo Alto.
Context-Aware Security Leonid Batyuk Slide 33/38
Appendix
For Further Reading
For Further Reading III
Chen, G. and Kotz, D. (2000).A survey of context-aware mobile computing research.Technical Report TR2000-381, Dept. of Computer Science,Dartmouth College.
Covington, M. J., Fogla, P., Zhan, Z., and Ahamad, M.(2002).A context-aware security architecture for emergingapplications.In ACSAC ’02: Proceedings of the 18th Annual ComputerSecurity Applications Conference, page 249. IEEEComputer Society.
Context-Aware Security Leonid Batyuk Slide 34/38
Appendix
For Further Reading
For Further Reading IVCovington, M. J., Long, W., Srinivasan, S., Dev, A. K.,Ahamad, M., and Abowd, G. D. (2001).Securing context-aware applications using environmentroles.In SACMAT ’01: Proceedings of the sixth ACM symposiumon Access control models and technologies, pages 10–20,New York, NY, USA. ACM.
Dey, A. K., Salber, D., and Abowd, G. D. (1999).A context-based infrastructure for smart environments.In Proceedings of the 1st International Workshop onManaging Interactions in Smart Environments (MANSE’99), pages 114–128, Dublin, Ireland.
Context-Aware Security Leonid Batyuk Slide 35/38
Appendix
For Further Reading
For Further Reading V
Hu, J. and Weaver, A. C. (2004).Dynamic, context-aware access control for distributedhealthcare applications.In Workshop on Pervasive Security, Privacy, and Trust(PSPT’04), Boston, MA.
McCarthy, J. and Hayes, P. (1969).Some philosophical problems from the standpoint ofartificial intelligence.In Machine Intelligence 4, pages 463–502. EdunburghUniversity Press.
Context-Aware Security Leonid Batyuk Slide 36/38
Appendix
For Further Reading
For Further Reading VI
Prud’hommeaux, E. and Seaborne, A. (2006).Sparql query language for rdf.Technical report, W3C.
Riva, O. (2006).Contory: a middleware for the provisioning of contextinformation on smart phones.In Middleware ’06: Proceedings of the ACM/IFIP/USENIX2006 International Conference on Middleware, pages219–239, New York, NY, USA. Helsinki Institute forInformation Technology, HUT, Finland, Springer-Verlag NewYork, Inc.
Context-Aware Security Leonid Batyuk Slide 37/38
Appendix
For Further Reading
For Further Reading VII
Toninelli, A., Corradi, A., and Montanari, R. (2009).A quality of context-aware approach to access control inpervasive environments.In MobileWireless Middleware, Operating Systems, andApplications, pages 236–251.
Zhang, G. and Parashar, M. (2004).Context-aware dynamic access control for pervasiveapplications.In CNDS ’04: Proceedings of the Communication Networksand Distributed Systems Modeling and SimulationConference. Society for Modeling and SimulationInternational.
Context-Aware Security Leonid Batyuk Slide 38/38