PolicyGuided Interactions in Ubiquitous Computing Systems A Dissertation Prospectus

About This Presentation

Title:

PolicyGuided Interactions in Ubiquitous Computing Systems A Dissertation Prospectus

Description:

Seamless mobile networking. Open systems and interfaces ... in an automated fashion. Challenges in a ... Boundaries around sets of devices and resources ... – PowerPoint PPT presentation

Number of Views:115

Avg rating:3.0/5.0

Slides: 84

Provided by: lasrC

Category:

more less

Transcript and Presenter's Notes

Title: PolicyGuided Interactions in Ubiquitous Computing Systems A Dissertation Prospectus

1
Policy-Guided Interactions in Ubiquitous
Computing SystemsA Dissertation Prospectus

V. Ramakrishna
Advisor Dr. Peter Reiher
Laboratory for Advanced Systems Research
Department of Computer Science, UCLA

2
Proposal

Problem
Safe spontaneous interoperation in ubiquitous
computing without pre-established trust
relationships or rigid protocols

Solution
A generic and flexible negotiation protocol
guided by local policy

3
Outline

Problem Introduction
Proposed Solution
System Research Issues
Design Approach
Research Plan
Related and Complementary Research

4
Problem Introduction
5
Scenario Web Service
I have NO TIME to read this list of policies, and
I dont know what they mean!
Why do I need to give up all this info?
Come to think of it, I dont really need all this
stuff he is promising!
Membership Request
Your Name, Date of Birth, School, Email?
My Privacy Policy Blahblahblah.
Heres all my info
Selected info
News Service
Web Client
Access GRANTED
Access REFUSED
Introduction Solution Research Issues
System Design Research Plan Related Work
6
Scenario Conference Room
Allow display access to display only to
attendees. Allow access to printer only to
journal subscribers. No sound during
presentations! Advertise journal!
COMMITTEE MEMBER
PRIVILEGED ACCESS
Require Web access, Projector display,
Printer. Ring during emergency!
PDA CELL PHONE
Introduction Solution Research Issues
System Design Research Plan Related Work
7
Scenario Car on Freeway
GPS
High bandwidth connection for streaming video
Provide Internet Connection service. Monitor
traffic for the city.
Identity info, credit card
WiMAX BASE STATION
Introduction Solution Research Issues
System Design Research Plan Related Work
8
Motivations

Scenarios support limited ways of interaction
Ubicomp scenarios will have more variations
Rigid policies not desirable
Cannot guarantee pre-established security
relationships
Cannot enforce uniform interaction protocols

Introduction Solution Research Issues
System Design Research Plan Related Work
9
The Ubiquitous Computing Vision
Computing services everywhere and at any time
Mark Weiser, 1991
Introduction Solution Research Issues
System Design Research Plan Related Work
10
Ubicomp Goals and Characteristics
PHYSICAL INTEGRATION
Coffee Shop
Personal Network
Grocery Time !
Location (GPS)

Characteristics
Decentralized control
Heterogeneity
Ad hoc interactions

Home Network
No Milk !
Internet
SPONTANEOUS INTEROPERATION
Video
Introduction Solution Research Issues
System Design Research Plan Related Work
11
Ubicomp Research

Mature research areas
Seamless mobile networking
Open systems and interfaces
Smart space projects e.g. Intelligent Room, GAIA
Not enough consideration given to
Bottom-up growth of infrastructure
Security and privacy issues

Introduction Solution Research Issues
System Design Research Plan Related Work
12
Ubicomp Interoperation
Coffee Shop
Personal Network
Connectivity?
Location?
Where is Bob?
Grocery Time !
GPS

Nature and Purpose
Discovery of external services
Resource usage and access
Intertwined processes of
discovery and access control

No Milk ! Tell Alice.
Display Device?
Video
Home Network
Introduction Solution Research Issues
System Design Research Plan Related Work
13
Barriers to Interoperation

Concerns
Security and privacy
Dynamism and context changes
Roadblocks
Middleware and security frameworks do not scale
Cannot force particular architectures or security
preferences as standards
Cannot guarantee pre-established security
relationships

14
Problems and Challenges

Hard problems
Match service demands to local resources within
policy constraints and context
Reach flexible agreements in an automated fashion
Challenges in a ubicomp environment
Heterogeneous devices and communication features
Diversity in resources possessed and exported
Diversity in capabilities, desires and security
policies
Huge number of contexts and context-sensitive
constraints that cannot be anticipated in advance

Introduction Solution Research Issues
System Design Research Plan Related Work
15
In Ubicomp Environments ..

Every device and every domain will not support
every service or protocol
All pairs of computing entities will not be
compatible

Introduction Solution Research Issues
System Design Research Plan Related Work
16
Drawbacks in Existing Approaches

Based on rigid and static policies
Cannot resolve all conflicts
Falls short of autonomic computing
Inadequate security and access control models
Scalability and flexibility issues
Lack of support for non-identity based trust
relationships

Introduction Solution Research Issues
System Design Research Plan Related Work
17
Proposed Solution
18

Service or application layer agreements
Based on policy
Through a process of negotiation

Introduction Solution Research Issues
System Design Research Plan Related Work
19
Platform and Assumptions
APPLICATIONS
Semantic Web
NEGOTIATION
SEMANTIC WEB
Internet / World Wide Web
TCP/IP
(RDF/XML)
MAC
TCP/IP
TCP/IP
PHYSICAL
MAC
MAC
PHYSICAL
PHYSICAL
Introduction Solution Research Issues
System Design Research Plan Related Work
20
Policy-Based Management

Policy describes state and desired behavior
Governs all actions within bounded domains
Wide expressive power
Guides following system aspects
Resource management
Security and access control
Context awareness
Interactions between domains
Discovery and access are the constants
Policy is the only domain dependent variable

Introduction Solution Research Issues
System Design Research Plan Related Work
21
Thesis Summary

Enable negotiation-driven interaction without
Pre-established trust relationships
Common set of service access protocols
The negotiation protocol
Guided by local policy that constrains use and
export of services
Relies on common resource semantics

Introduction Solution Research Issues
System Design Research Plan Related Work
22
Why Policy?

Minimum necessary for interaction and agreement
Why not specialized applications?
Difficult to make changes and to control
Cannot anticipate all requirements and contexts
Inter-modular dependencies difficult to handle

Introduction Solution Research Issues
System Design Research Plan Related Work
23
Interaction through Negotiation

Bidirectional stateful protocol
Strategic messaging
Constant re-evaluation of goals
Meta-policies and heuristics designed to reach an
agreement or compromise
A decentralized process of policy resolution and
conflict management

Introduction Solution Research Issues
System Design Research Plan Related Work
24
Negotiation model
D1
D2
R1
R2
P1
P2
S1
S2
Resources
Applications
Policies
Introduction Solution Research Issues
System Design Research Plan Related Work
25
Scenario Conference Room
Allow display access to display only to
attendees. Allow access to printer only to
journal subscribers. No sound during
presentations! Advertise journal!
REQUEST Display Web Access Printer
Sorry! I am just a Student Attendee
OK
I have ACM membership, as a UCLA student
COMMITTEE MEMBER
PRIVILEGED ACCESS
PROOF Committee Member
PERMISSION Projector display, web access OFFER
Journal membership for privileged access
POLICY No sounds permitted!
OFFER Privileged access
Require Web access, Projector display,
Printer. Ring during emergency!
PDA CELL PHONE
Introduction Solution Research Issues
System Design Research Plan Related Work
26
Research Contributions

Interoperation approached top-down
General purpose negotiation framework
Context-sensitive access control
Verification of security properties
Non-intrusive and autonomic
Enhances Panoply ubicomp middleware

Introduction Solution Research Issues
System Design Research Plan Related Work
27
System Research Issues
28
Protocol Structure

Flexibility
Independent of application and domain
characteristics
Identify a tight set of common objects and
operations
Only task for users write high level policies
Extensibility
Strike a useful balance by experimenting with
characteristic applications

Introduction Solution Research Issues
System Design Research Plan Related Work
29
Policy Language and Reasoning Engine

An expressive policy language
Must be based on logic
Support declarative cross-domain semantics
Supports formal reasoning
Must manage conflicts and maintain consistency
Support efficient indexing and retrieval

Introduction Solution Research Issues
System Design Research Plan Related Work
30
Candidate Logical Framework

First order logic
Ontology includes objects and relationships
Augment with deontic concepts
Can be augmented (or restricted) to deal with
contextual and trust parameters
Reasoning framework and querying algorithms

Introduction Solution Research Issues
System Design Research Plan Related Work
31
Security Aspects

Key research aspects
Security benefits to ubicomp
Secure negotiation protocol from compromise
Security benefits
Concerns proper use of security mechanisms rather
than propose new ones
Promotes a paradigm that ensures safety is taken
into consideration before interaction
Allows static and dynamic detection of security
conflicts
Protocol security
Cryptographic mechanisms, SSL, TLS
Can the nature of the protocol itself be used to
compromise security?

Introduction Solution Research Issues
System Design Research Plan Related Work
32
Trust and Access Control

Access control framework targets
Scalability and flexibility
Based on a general notion of trust
Trust model
Based on identity, provable relationships,
properties and actions
Domain and application independent
Provides heuristics to compare among choices and
make negotiation decisions
Negotiation is a way of doing fine-grained,
dynamic and context-sensitive access control
Can be used to build webs of trust

Introduction Solution Research Issues
System Design Research Plan Related Work
33
Negotiation Strategies and Heuristics

Negotiation protocol
Series of messaging rounds
Directed towards a perceived goal
Strategies to choose among various options
Eager and lazy two extreme ends
Heuristics as decision-making aid
Compute and re-evaluate goals
Must work within policy constraints extrapolated
to the current context
Use trust and utility functions

Introduction Solution Research Issues
System Design Research Plan Related Work
34
Theoretical Aspects

Correctness
Completeness
Optimality

Introduction Solution Research Issues
System Design Research Plan Related Work
35
System Design Issues

Resource management, interfaces and access
mechanisms
Context Awareness
Performance
Fault tolerance and reliability
Working with low capability devices and networks
Negotiation with legacy devices and software

Introduction Solution Research Issues
System Design Research Plan Related Work
36
Design, Implementation and Evaluation
37
Panoply Ubicomp Infrastructure

Middleware for ubiquitous computing
Building and management of device communities
(spheres of influence)
Spheres of influence
Boundaries around sets of devices and resources
Criteria could be geography (physical location,
common LAN), tasks, social group
Scopes policy, which guides interactions
Communication based on an event model

Introduction Solution Research Issues
System Design Research Plan Related Work
38
Panoply Architecture
SPHERE MANAGER
APPLICATIONS
PANOPLY MIDDLEWARE
POLICY MANAGER
OPERATING SYSTEM NETWORK
My Research
Associated Research
External Components
Introduction Solution Research Issues
System Design Research Plan Related Work
39
Policy Manager - Functional View
Introduction Solution Research Issues
System Design Research Plan Related Work
40
Negotiation Protocol

Minimal number of message types
Requests
Offers
Policies
Protocol state machine
Based on message types
Independent of message content
Content interpreted by lower layers

Introduction Solution Research Issues
System Design Research Plan Related Work
41
Policy Model

Prolog used for writing policies
Subset of first order logic
Declarative syntax
Fast algorithms for logical reasoning
State information and rules written as predicates
Designated predicates for high-level
understanding
External functions (Java) for non-logical tasks
Develop richer ontology

Introduction Solution Research Issues
System Design Research Plan Related Work
42
Current Negotiation Model

Security model
Permit actions or accesses in a conservative
manner
Negotiation goals and strategies
Fixed goals and alternatives
Fixed strategy, based on satisfaction of relevant
policies

Introduction Solution Research Issues
System Design Research Plan Related Work
43
Future Models

Trust model
Use advanced RBAC mechanisms
Trust levels for comparison of alternatives
Negotiation strategy
Heuristics that allow risk-benefit analysis
Use game-theoretic notions
Utility model than can infer and compare
utilities of objects and actions

Introduction Solution Research Issues
System Design Research Plan Related Work
44
Implementation

Policy Manager
Implemented in Java
Policy Engine based on SWI-Prolog
Description of entities, resources and properties
XML and RDF
Security mechanisms
X.509 certificates
Panoply vouchers

Introduction Solution Research Issues
System Design Research Plan Related Work
45
Current Status

Basic policy manager implemented
Front end
Implements protocol state machine
Supports multiple threads
Policy engine
Query the policy database
Add, remove and replace statements
Controller
Adopts simple, cautious negotiation strategy
Requests, offers and checks for alternatives
Integrated within a Panoply sphere
Uses events for negotiation and to obtain and
update state information
Principal task performed Negotiate for
membership within a sphere

Introduction Solution Research Issues
System Design Research Plan Related Work
46
Research Plan
47
Basic Policy Manager and Evaluation

Experiment with policy manager within the Panoply
context
Performance evaluations
Overhead measurements
Scalability
Explore benefits through applications
Location sensitive interactive fiction
LACMA gallery experience

Introduction Solution Research Issues
System Design Research Plan Related Work
48
Modeling Issues

Policy Language and Reasoning Engine
Trust Model
Resource Utility Model
Negotiation Strategy and Heuristics

Introduction Solution Research Issues
System Design Research Plan Related Work
49
Complete Policy Manager

Incorporate models into negotiation heuristics
Enhance controller with strategic decision making
capability
Augment spheres by adding
Resources and services
Context sensors

Introduction Solution Research Issues
System Design Research Plan Related Work
50
Analysis and evaluation

Generate real ubicomp scenarios
Theoretical Analysis
Correctness and completeness
Efficacy of strategies
Performance Evaluations
Overhead measurements
Scalability with respect to
Policy database size
Multi-session load

Introduction Solution Research Issues
System Design Research Plan Related Work
51
Evaluation of Success

Success of strategies and heuristics
Compare initial set of requirements or desires
with the final result
Compare final result with optimal result
Security benefits
Amount of risk taken, or compromises made

Introduction Solution Research Issues
System Design Research Plan Related Work
52
Dissertation Timeline
Introduction Solution Research Issues
System Design Research Plan Related Work
53
Related and Complementary Research
54
Research Areas

Negotiation Protocols
Policy Languages
Ubiquitous Interoperation Middleware
Access Control and Trust

Introduction Solution Research Issues
System Design Research Plan Related Work
55
Protocols and Languages

Negotiation protocols
Automated trust negotiation
Goal client-server transactions on the web
Conflicts result in failure
TrustBuilder BYU,UIUC, PeerTrust
Service level negotiations in grid computing
SNAP ISI
Policy languages
Rei pervasive computing language
Cross-application semantics
Deontic concepts
Trust negotiation languages PSPL, Keynote
XML-based web access control XACML, TPL IBM
Semantic web ontology DAMLOIL, OWL, SOUPA

Introduction Solution Research Issues
System Design Research Plan Related Work
56
Service Discovery and Access Control Frameworks

Middleware for open systems
Ubicomp active space middleware Hyperglue
MIT, Cerberus UIUC
Service discovery JINI, UPnP
Limited security features
Access Control
Advanced Role-Based Access Control Models
Generalized RBAC
Dynamic RBAC
Trust frameworks
SECURE project
Dynamic notion of trust
Trust evolution based on interaction history
Reputation frameworks

Introduction Solution Research Issues
System Design Research Plan Related Work
57
Conclusion

Existing means of interoperation are too rigid
and unsuitable for ubicomp
Identify flexible policy as the minimum
requirement
Negotiation can be automated using logic-based
policy, trust and utility models
Applications can rely on the underlying system to
discover and access external resources with
minimal risk and adjusting with context
Promote a security-oriented approach towards the
design of intelligent spaces

58
Thank You

Relevant publications
Kevin Eustice, Leonard Kleinrock, Shane
Markstrum, Gerald Popek, V. Ramakrishna and Peter
Reiher, Enabling Secure Ubiquitous
Interactions, In the proceedings of the 1st
International Workshop on Middleware for
Pervasive and Ad-Hoc Computing (in conjunction
with Middleware 2003), 17th June 2003 in Rio de
Janeiro, Brazil.
K. Eustice, L. Kleinrock, S. Markstrum, G. Popek,
V. Ramakrishna and P. Reiher, "Securing WiFi
Nomads The Case for Quarantine, Examination, and
Decontamination," Proceedings of the New Security
Paradigms Workshop (NSPW), 2003.

59
Conclusion

Existing means of interoperation are too rigid
and unsuitable for ubicomp
Identify flexible policy as the minimum
requirement
Negotiation can be automated using logic-based
policy, trust and utility models
Applications can rely on the underlying system to
discover and access external resources with
minimal risk and adjusting with context
Promote a security-oriented approach towards the
design of intelligent spaces

60
Security Aspects

Key research aspects
What security benefits does a negotiation
protocol provide to a system offering ubiquitous
services?
How do we secure the negotiation protocol itself
from being compromised?
Security benefits
Concerns proper use of security mechanisms rather
than propose new ones
Promotes a paradigm that ensures safety is taken
into consideration before interaction
Allows static and dynamic detection of security
conflicts
Protocol security
Cryptographic mechanisms, SSL, TLS
Can the nature of the protocol itself be used to
compromise security?

Introduction Solution Research Issues
System Design Research Plan Related Work
61
Research Issues

Policy Expression and Reasoning
Security and Trust Model
Negotiation Heuristics and Strategies
Theoretical Issues
Systems Issues
Protocol flexibility and extensibility
Performance
Fault tolerance and reliability

Introduction Solution Research Issues
System Design Research Plan Related Work
62
Thesis Proposal

A generic and flexible negotiation protocol
guided by local policy through which devices and
domains in ubicomp can interoperate spontaneously

63
Outline

First slide one line summary of the problem I
am tackling
Ubicomp vision
What has been done
How it has been done
What is missing, or what needs to be seriously
improved i.e. motivation
My approach at a very high level, with the
assumptions I make about the world
Everything about policy
How policy is useful in ubicomp situations
Domain-oriented view of world
Different categories of policies
Potential for conflicts with large number of
policies, and the need for expressiveness,
domain-independence, well-defined semantics and
reasoning mechanisms
Negotiation as a model for interactions
Examples
Starbucks current (simple model) then, with
negotiation
Another example maybe the home video example
List of benefits/research contributions
Research issues
Current design and implementation status
Research plan and timeline

64
Scenario
DHCP Protocol
Introduction Solution Research Issues
System Design Research Plan Related Work
65
Scenario
(YES) ? Join network, get requested services
(NO) ? No connectivity
Introduction Solution Research Issues
System Design Research Plan Related Work
66
Ubicomp Interoperation

Nature and purpose of interoperation
Discovery of external services
Access and usage of resources and data
Service discovery and access control intertwined
Typical interactions
Mobile devices and wireless networks
Direct communication between two devices

Introduction Solution Research Issues
System Design Research Plan Related Work
67
Assumptions

Common networking capability
Common understanding of objects at the
application layer
Leverage Semantic Web research
Common syntax, or annotations, using XML

Introduction Solution Research Issues
System Design Research Plan Related Work
68
Negotiation Model

Initial state
Each entity has a set of resources, policies and
initial requirements
Communication protocol
Exchange of messages that results in a maximal
satisfaction of requirements as constrained by
the policies
Messages include requests, offers, policy rules
Bi-directional protocol (after initial message)
Stateful protocol

69
Scenario
Introduction Solution Research Issues
System Design Research Plan Related Work
70
Programming Languages
My Research
Artificial Intelligence
Operating Systems
Introduction Solution Research Issues
System Design Research Plan Related Work
71
More Issues

Systems Issues
Performance (fast retrieval, fast path)
Resource description and management
Fault tolerance and reliability
Scale to multi-party negotiation
Context awareness

72
Beyond 2-party Negotiation

Multi-session negotiation
(1 ?? n) negotiation
Handle dependencies among multiple sessions
Scalability issues
Multi-party negotiation
(n ?? n) negotiation
Similar dependency issues
Additional distributed systems problems

73
Negotiation Protocol State Machine
START
Trigger/Event to Start Negotiation
INITIATE
Receive REQUEST(S)
Receive OFFERS(S) / POLICIES
SERVICE
PROCESS
Receive REQUEST(S)
Send REQUEST(S)
Send REQUEST(S) / OFFERS(S) / POLICIES
Send REQUEST(S) / OFFERS(S) / POLICIES
EXPECT
Send TERMINATE Signal
Send TERMINATE Signal
STOP
Receive TERMINATE Signal / TIMEOUT
Receive OFFERS(S) / POLICIES
74
Implementation

Policy manager implemented in Java
Prolog used for writing policies
Subset of first order logic
Declarative syntax
Fast algorithms for logical reasoning
Policy Engine based on SWI-Prolog
Java-Prolog and Prolog-Java APIs
Open source
Meta-predicates

Introduction Solution Research Issues
System Design Research Plan Related Work
75
Implementation (continued)

Description of entities, resources, properties
XML and RDF
Trust and Access Control Models
Advanced RBAC models
Negotiation goals and strategies
Fixed goals and alternatives
Fixed strategy, based on satisfaction of relevant
policies

Introduction Solution Research Issues
System Design Research Plan Related Work
76
Current Status

Minimal policy manager almost done
Negotiation protocol state machine
Policy engine mechanisms to run queries and
return state and policy info
Controller negotiates by sending requests and
counter requests to till success/no progress is
possible
Next step testing with Panoply spheres

77
System Optimizations and Enhancements

Design modifications and enhancements based on
observed performance
Fast path for quick decision making
Emphasis on strategy that guarantees results in
real time
Multi-session negotiation
Investigate inter-thread dependencies
Investigate scaling properties of currently used
reasoning algorithms

78
Related Work

Automated trust Negotiation
Sequence of credential exchanges that result in
access granted/rejected for a resource
Meant for web transactions / not for dynamic
environments like ubicomp
Policy Languages
Mostly application specific
Rei targeted for pervasive computing
Access Control Models
Certificates/Delegations
Generalized RBAC

79
Negotiation Protocols