850 likes | 874 Views
Policy-Guided Interactions in Ubiquitous Computing Systems A Dissertation Prospectus. V. Ramakrishna Advisor: Dr. Peter Reiher Laboratory for Advanced Systems Research Department of Computer Science, UCLA. Problem
E N D
Policy-Guided Interactions in Ubiquitous Computing SystemsA Dissertation Prospectus V. Ramakrishna Advisor:Dr. Peter Reiher Laboratory for Advanced Systems Research Department of Computer Science, UCLA
Problem Safe spontaneous interoperation in ubiquitous computing without pre-established trust relationships or rigid protocols Solution A generic and flexible negotiation protocol guided by local policy Proposal
Outline • Problem Introduction • Proposed Solution • System Research Issues • Design Approach • Research Plan • Related and Complementary Research
Scenario – Web Service I have NO TIME to read this list of policies, and I don’t know what they mean! Why do I need to give up all this info? Come to think of it, I don’t really need all this stuff he is promising! Membership Request Your Name, Date of Birth, School, Email? My Privacy Policy: Blah…blah…blah…. Here’s all my info Selected info Web Client News Service Access GRANTED Access REFUSED Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Internet Scenario – Conference Room Allow display access to display only to attendees. Allow access to printer only to journal subscribers. No sound during presentations! Advertise journal! COMMITTEE MEMBER PRIVILEGED ACCESS Require: Web access, Projector display, Printer. Ring during emergency! PDA – CELL PHONE Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Internet Scenario – Car on Freeway GPS High bandwidth connection for streaming video Provide Internet Connection service. Monitor traffic for the city. Identity info, credit card WiMAX BASE STATION Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Motivations • Scenarios support limited ways of interaction • Ubicomp scenarios will have more variations • Rigid policies not desirable • Cannot guarantee pre-established security relationships • Cannot enforce uniform interaction protocols Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
The Ubiquitous Computing Vision Computing services everywhere and at any time – Mark Weiser, 1991 Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Ubicomp Goals and Characteristics PHYSICAL INTEGRATION Coffee Shop Personal Network Grocery Time ! Location (GPS) • Characteristics • Decentralized control • Heterogeneity • Ad hoc interactions Home Network No Milk ! Internet SPONTANEOUS INTEROPERATION Video Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Ubicomp Research • Mature research areas • Seamless mobile networking • Open systems and interfaces • Smart space projects; e.g. Intelligent Room, GAIA • Not enough consideration given to • Bottom-up growth of infrastructure • Security and privacy issues Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
ALICE BOB Internet Device Network Device Device Ubicomp Interoperation Coffee Shop Personal Network Where is Bob? Connectivity? Location? Grocery Time ! GPS • Nature and Purpose • Discovery of external services • Resource usage and access • Intertwined processes of discovery and access control No Milk ! Tell Alice. Display Device? Video Home Network Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Barriers to Interoperation • Concerns • Security and privacy • Dynamism and context changes • Roadblocks • Middleware and security frameworks do not scale • Cannot force particular architectures or security preferences as standards • Cannot guarantee pre-established security relationships
Problems and Challenges • Hard problems • Match service demands to local resources within policy constraints and context • Reach flexible agreements in an automated fashion • Challenges in a ubicomp environment • Heterogeneous devices and communication features • Diversity in resources possessed and exported • Diversity in capabilities, desires and security policies • Huge number of contexts and context-sensitive constraints that cannot be anticipated in advance Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
In Ubicomp Environments ….. • Every device and every domain will not support every service or protocol • All pairs of computing entities will not be compatible Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Drawbacks in Existing Approaches • Based on rigid and static policies • Cannot resolve all conflicts • Falls short of autonomic computing • Inadequate security and access control models • Scalability and flexibility issues • Lack of support for non-identity based trust relationships Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Service or application layer agreements • Based on policy • Through a process of negotiation Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Platform and Assumptions APPLICATIONS Semantic Web NEGOTIATION SEMANTIC WEB Internet / World Wide Web TCP/IP (RDF/XML) MAC TCP/IP TCP/IP PHYSICAL MAC MAC PHYSICAL PHYSICAL Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Policy-Based Management • Policy describes state and desired behavior • Governs all actions within bounded domains • Wide expressive power • Guides following system aspects • Resource management • Security and access control • Context awareness • Interactions between domains • Discovery and access are the constants • Policy is the only domain dependent variable Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Thesis Summary • Enable negotiation-driven interaction without: • Pre-established trust relationships • Common set of service access protocols • The negotiation protocol: • Guided by local policy that constrains use and export of services • Relies on common resource semantics Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Why Policy? • Minimum necessary for interaction and agreement • Why not specialized applications? • Difficult to make changes and to control • Cannot anticipate all requirements and contexts • Inter-modular dependencies difficult to handle Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Interaction through Negotiation • Bidirectional stateful protocol • Strategic messaging • Constant re-evaluation of goals • Meta-policies and heuristics designed to reach an agreement or compromise A decentralized process of policy resolution and conflict management Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Q1 R2 Q2 R1 Negotiation model D1 D2 R1 R2 P1 P2 S1 S2 Resources Applications Policies Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Internet Scenario – Conference Room Allow display access to display only to attendees. Allow access to printer only to journal subscribers. No sound during presentations! Advertise journal! REQUEST: Display; Web Access; Printer Sorry! I am just a Student Attendee OK I have ACM membership, as a UCLA student COMMITTEE MEMBER PRIVILEGED ACCESS PERMISSION: Projector display, web access OFFER: Journal membership for privileged access PROOF: Committee Member POLICY: No sounds permitted! OFFER: Privileged access Require: Web access, Projector display, Printer. Ring during emergency! PDA – CELL PHONE Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Research Contributions • Interoperation approached top-down • General purpose negotiation framework • Context-sensitive access control • Verification of security properties • Non-intrusive and autonomic • Enhances Panoply ubicomp middleware Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Protocol Structure • Flexibility • Independent of application and domain characteristics • Identify a tight set of common objects and operations • Only task for users – write high level policies • Extensibility • Strike a useful balance by experimenting with characteristic applications Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Policy Language and Reasoning Engine • An expressive policy language • Must be based on logic • Support declarative cross-domain semantics • Supports formal reasoning • Must manage conflicts and maintain consistency • Support efficient indexing and retrieval Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Candidate Logical Framework • First order logic • Ontology includes objects and relationships • Augment with deontic concepts • Can be augmented (or restricted) to deal with contextual and trust parameters • Reasoning framework and querying algorithms Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Security Aspects • Key research aspects • Security benefits to ubicomp • Secure negotiation protocol from compromise • Security benefits • Concerns proper use of security mechanisms rather than propose new ones • Promotes a paradigm that ensures safety is taken into consideration before interaction • Allows static and dynamic detection of security conflicts • Protocol security • Cryptographic mechanisms, SSL, TLS • Can the nature of the protocol itself be used to compromise security? Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Trust and Access Control • Access control framework targets • Scalability and flexibility • Based on a general notion of trust • Trust model • Based on identity, provable relationships, properties and actions • Domain and application independent • Provides heuristics to compare among choices and make negotiation decisions • Negotiation is a way of doing fine-grained, dynamic and context-sensitive access control • Can be used to build webs of trust Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Negotiation Strategies and Heuristics • Negotiation protocol • Series of messaging rounds • Directed towards a perceived goal • Strategies to choose among various options • Eager and lazy: two extreme ends • Heuristics as decision-making aid • Compute and re-evaluate goals • Must work within policy constraints extrapolated to the current context • Use trust and utility functions Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Theoretical Aspects • Correctness • Completeness • Optimality Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
System Design Issues • Resource management, interfaces and access mechanisms • Context Awareness • Performance • Fault tolerance and reliability • Working with low capability devices and networks • Negotiation with legacy devices and software Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Panoply Ubicomp Infrastructure • Middleware for ubiquitous computing • Building and management of device communities (spheres of influence) • Spheres of influence • Boundaries around sets of devices and resources • Criteria could be geography (physical location, common LAN), tasks, social group • Scopes policy, which guides interactions • Communication based on an event model Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Panoply Architecture SPHERE MANAGER APPLICATIONS PANOPLY MIDDLEWARE POLICY MANAGER OPERATING SYSTEM NETWORK My Research Associated Research External Components Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Messaging Interface (To other system components, remote computers) FRONT END Protocol State Machine Message Multiplexer/De-multiplexer Event Listener CONTROLLER Semantic Interpretation of Messages Heuristics/Metrics Security/Trust Model POLICY ENGINE Knowledge engineering Mechanisms (Forward Chaining, Backward Chaining, Conflict Resolution, etc.) Policy Database Policy Manager - Functional View Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Negotiation Protocol • Minimal number of message types • Requests • Offers • Policies • Protocol state machine • Based on message types • Independent of message content • Content interpreted by lower layers Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Policy Model • Prolog used for writing policies • Subset of first order logic • Declarative syntax • Fast algorithms for logical reasoning • State information and rules written as predicates • Designated predicates for high-level understanding • External functions (Java) for non-logical tasks • Develop richer ontology Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Current Negotiation Model • Security model • Permit actions or accesses in a conservative manner • Negotiation goals and strategies • Fixed goals and alternatives • Fixed strategy, based on satisfaction of relevant policies Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Future Models • Trust model • Use advanced RBAC mechanisms • Trust levels for comparison of alternatives • Negotiation strategy • Heuristics that allow risk-benefit analysis • Use game-theoretic notions • Utility model than can infer and compare utilities of objects and actions Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Implementation • Policy Manager • Implemented in Java • Policy Engine based on SWI-Prolog • Description of entities, resources and properties • XML and RDF • Security mechanisms • X.509 certificates • Panoply vouchers Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Current Status • Basic policy manager implemented • Front end • Implements protocol state machine • Supports multiple threads • Policy engine • Query the policy database • Add, remove and replace statements • Controller • Adopts simple, cautious negotiation strategy • Requests, offers and checks for alternatives • Integrated within a Panoply sphere • Uses events for negotiation and to obtain and update state information • Principal task performed: Negotiate for membership within a sphere Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Basic Policy Manager and Evaluation • Experiment with policy manager within the Panoply context • Performance evaluations • Overhead measurements • Scalability • Explore benefits through applications • Location sensitive interactive fiction • LACMA gallery experience Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Modeling Issues • Policy Language and Reasoning Engine • Trust Model • Resource Utility Model • Negotiation Strategy and Heuristics Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Complete Policy Manager • Incorporate models into negotiation heuristics • Enhance controller with strategic decision making capability • Augment spheres by adding • Resources and services • Context sensors Introduction – Solution – Research Issues – System Design – Research Plan – Related Work
Analysis and evaluation • Generate real ubicomp scenarios • Theoretical Analysis • Correctness and completeness • Efficacy of strategies • Performance Evaluations • Overhead measurements • Scalability with respect to • Policy database size • Multi-session load Introduction – Solution – Research Issues – System Design – Research Plan – Related Work