![Page 1: Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e8f5503460f94b93892/html5/thumbnails/1.jpg)
Threats, Risk Assessment, and Policy Management in UbiComp
Workshop on Security in UbiComp
UBICOMP 2002, 29th Sept. Göteborg, Sweden
Philip Robinson, SAP Corporate Research & Telecooperation Office
![Page 2: Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e8f5503460f94b93892/html5/thumbnails/2.jpg)
Management & Access Scope of UbiComp Environments and ApplicationsClosed/ EmbeddedClosed/ Embedded
PersonalPersonal
Static GroupsStatic Groups
PublicPublic
Ad Hoc GroupsAd Hoc Groups
![Page 3: Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e8f5503460f94b93892/html5/thumbnails/3.jpg)
Point of AlertStatic Threat = Static Threat =
Unsolicited Unsolicited interactive access to interactive access to system by non-group system by non-group
membermemberAd Hoc Threat = Ad Hoc Threat = Unsolicited use of Unsolicited use of special services – special services –
access beyond role access beyond role and rights and rights
Public Threat = Public Threat = “unsolicited “unsolicited
modification/ misuse modification/ misuse of systemof system
Personal Threat = Personal Threat = Unsolicited Unsolicited
possession of system possession of system (tangible access)(tangible access)
Closed Threat = Closed Threat = Unsolicited access to Unsolicited access to
system locationsystem location
“Access to a system or its resources/ information is the first line of attack”
![Page 4: Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e8f5503460f94b93892/html5/thumbnails/4.jpg)
Risk – all about Context
• Information and Resources have no value without a particular Context.
• Context information changes the awareness and evaluation of risks
• Awareness of risks changes the utility of and contribution to the Context information
4999 910 876 1234Credit Card #:
Photodiode(light intensity sensor)
Accelerometer(movement sensor)
Thermometer(temperature sensor)
Barometer(pressure sensor)
(other sensor...)
Analog/ DigtalConverter
MicrocontrollerCommunications
Photodiode(light intensity sensor)
Accelerometer(movement sensor)
Thermometer(temperature sensor)
Barometer(pressure sensor)
(other sensor...)
Analog/ DigtalConverter
MicrocontrollerCommunications
![Page 5: Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e8f5503460f94b93892/html5/thumbnails/5.jpg)
When is the risk pending?
DataData
Sensor/ Low-levelContext Information
(cues) temperature accelerationlocation
Computed/ PartialContext Information
Movement
Office
Occupied
Elicited/ Meta-levelContext Information
Meeting and Discussionin Session, and topic is…
![Page 6: Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e8f5503460f94b93892/html5/thumbnails/6.jpg)
Attack Profile
RREESSOOUURRCCEESS
CCOONNTTEEXXTT
CommunicationalCommunicational(Reception & Transmission(Reception & Transmission)
InteractiveInteractive(Stimuli & Response(Stimuli & Response)
PerceptivePerceptive(Sensors & Actuators)(Sensors & Actuators)
ComputationalComputational(Memory, Power & Processing(Memory, Power & Processing)
ATTACKATTACK
ATTACKATTACK
ATTACKATTACK
ATTACKATTACK
Attacker listens in on communications channel.
Attacks on confidentiality & privacy!
Attack by abusing lack or excess of computational
capacity – denial of service or malicious code attacks
Attack by embedding false sensor and actuator devices
into environment – attack on context derivation integrity
Attack by falsifying the physical environment’s
signals – attack on context reading integrity
![Page 7: Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e8f5503460f94b93892/html5/thumbnails/7.jpg)
Policy ManagementAdministrative Distribution
data
Definition-Document encoded-Application encoded-Entity encoded
Enforcement-Security Mechanism selection-Physical vs. Logical
Modification & Dissolution-Static vs. Dynamic-Consistency & notification
Auditing-Centralized vs. Distributed
Behavioral policy, relational policy
Analogsignal
A/D
transmissionComputationDigitalsignal
Interpretationemission
Physicalenvironment
Signal integrity policy
Context-based policies Computational policies
Communication policies
Authorization policies
![Page 8: Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e8f5503460f94b93892/html5/thumbnails/8.jpg)
Summary
• Identify access scope of UbiComp application• Determine point-of-alert based on access scope• Determine when the context creates a manageable
risk• Perform a Threat Analysis• Define policy model to circumvent threats• Implement mechanisms to enforce policy• Establish methodology for managing policy
information
![Page 9: Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e8f5503460f94b93892/html5/thumbnails/9.jpg)
Policy Enforcement
![Page 10: Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e8f5503460f94b93892/html5/thumbnails/10.jpg)
Policy Dissolution
![Page 11: Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e8f5503460f94b93892/html5/thumbnails/11.jpg)
Policy Modification