1 / 81

Spheres of Influence: Secure organization and coordination of diverse device communities

Spheres of Influence: Secure organization and coordination of diverse device communities. Kevin Eustice Ph.D. Oral Qualifying Examination UCLA Computer Science April 20 th , 2005. Statement of Purpose.

hada
Download Presentation

Spheres of Influence: Secure organization and coordination of diverse device communities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spheres of Influence:Secure organization and coordination of diverse device communities Kevin Eustice Ph.D. Oral Qualifying Examination UCLA Computer Science April 20th, 2005

  2. Statement of Purpose • Design and implement a device community management framework supporting ubiquitous computing scenarios. • Contributions of this work: • Generalized concept of structured device communities applied to ubiquitous computing. • Framework prototype: Spheres of Influence. • Sample applications illustrating value and generality of framework

  3. Roadmap • Managing Ubiquitous Computing • Our approach: Spheres of Influence • Preliminary Work • Design and Implementation • Related Work • Dissertation Plan

  4. What is ubiquitous computing? Invisible Computing Tangible Computing Context-Aware Computing Transparent Computing Pervasive Computing Smart Spaces Augmented Reality

  5. What is ubiquitous computing? “…the third wave in computing…” —Mark Weiser “Third Paradigm computing” —Alan Kay Common elements of ubiquitous computing visions: • Large number of devices in the environment • Pervasive communications infrastructure • Interactions support human activities

  6. Ubiquitous Computing deconstructed Interacting devices grouped by context Device Communitiesare: • Related by some common attribute • Dynamic with changing membership • Reactive responding to context changes

  7. Thesis Approach: • Divide world into self-managed, physically and logically grouped device communities. • Manage group transitions and interactions. • Provide common interface for group interaction. Benefits: • Simplifies high-level management through encapsulation. • Community takes on responsibility for coordinating members.

  8. Applicationsbenefiting from coordination • Mobile cluster management • At multiple levels • Policy driven applications • Ensure consistent policy across applications • Automatic proxy deployment • Multi-device applications • E.g., multimedia applications

  9. Necessary Components • Membership Services • Secure Device Enrollment • Community Discovery • Relationship Management & Maintenance • Communication & Event Services • Secure communication channels • Interest management • Event processing and dissemination • Community-aware event semantics • Policy Engine • Application Support

  10. Necessary Components • Membership Services • Secure Device Enrollment • Community Discovery • Relationship Management & Maintenance • Communication & Event Services • Secure communication channels • Interest management • Event processing and dissemination • Community-aware event semantics • Policy Engine • Application Support

  11. Roadmap • Managing Ubiquitous Computing • Our approach: Spheres of Influence • Preliminary Work • Design and Implementation • Related Work • Dissertation Plan

  12. Approach: Spheres of Influence Sphere: a networked software container representing a device or a device community. The sphere serves as an interaction nexus for a community.1 1. Eustice et al."Enabling Secure Ubiquitous Interactions," Proceedings of the First International Workshop on Middleware for Pervasive and Ad-hoc Computing (MPAC2003).

  13. Spheres of Influenceare recursive Spheres can join with others to form larger, structured spheres • Coordinator of a sphere is the Sphere Leader Represents complex structures: • Locations • Organizations • Device Clusters

  14. My Personal Sphere Kevin’s Personal Sphere

  15. Location Sphere Hierarchy Boelter Hall Boelter 3rd Floor Boelter 3564 Physical Sphere Personal Sphere

  16. Location Sphere Hierarchy 1st Floor 2nd Floor 3rd Floor 4th Floor 5th Floor 6th Floor … Floor Boelter Hall Physical Sphere Personal Sphere

  17. Spheres of Influence Spheres serve as a scoping mechanism for: • Policy • Privilege • Event flow • Communication

  18. Spheres of InfluenceOperational Vision • Relationships adjust with behavior • Spheres negotiate for service • Applications leverage community context to customize user experience

  19. Sphere authenticates, negotiates for access to Ackerman Kevin Ackerman

  20. Negotiate access to “Friends” sphere, update location, check for new relevant events. Kevin Kevin’s Friends Ackerman Accesses local services & Ackerman scoped events

  21. LASR Boelter Hall Kevin Kevin Boelter 3564 Ackerman To receive LASR-specific services in 3564, Kevin must be able to show active membership in the LASR social sphere.

  22. Anticipated Benefits • Community Coordination • Improved Security • Structured, Common Community Model • Vehicle for Application Innovation

  23. Community Coordination • Group members are group-aware • Preferences and policy exposed to group • Group members can interact as peers • Structure serves to improve scalability of communities Example: Group Mobility Optimization

  24. E C D A B Example: Mobile Tour Group Congestion Delays Tricky Configurations Other WLAN Museum Network Impact for Group of size N • Startup: 0 • Transition: N*(Associate+ DHCP+Resource Acquisition) • Maintenance: depends Drawbacks: • Consistent behavior requires multiple consistent configurations! • Hosting network is flooded at every network transition! • Congestion degrades performance of DHCP • N-times: • Acquire address (DHCP, bootp, …) • Rebind to network (VPN, mobile IP, IPsec, …) • Identify and reacquire resources (proxies, etc.) • Requires: • Devices are manually configured with consistent configurations!

  25. E C D A B Example: Mobile Tour Sphere Congestion Delays Tricky Configurations Other WLAN Museum Network Impact for Sphere of size N • Startup: (N-1)*(Associate + DHCP + Sphere Join) • Transition: Associate + DHCP + Resource Acquisition • Maintenance: 1 (Broadcast,Multicast), N-1 (Unicast) Advantages: • Consistent behavior due to common policy • Configuration overhead spread over time • Spatial reuse possibilities • Museum sphere can provide information on underutilized frequency space Drawbacks: • Sphere Bottleneck (can be optimized) • N-times: • Acquire address (DHCP, bootp, …) • Rebind to network (VPN, mobile IP, IPsec, …) • Identify and reacquire resources (proxies, etc.) • Requires: • Devices are manually configured with consistent configurations!

  26. Security Benefits • Security boundary • Sphere members protected from outside • Sphere join can include integrity analysis1 • Membership services • Sphere access control • Wireless enrollment mechanisms 1. K. Eustice et al. "Securing WiFi Nomads: The Case for Quarantine, Examination, and Decontamination," Proceedings of the New Security Paradigms Workshop (NSPW) 2003.

  27. Applications Innovation • Spheres as collaboration nexus • Relationships used to customize behavior • Group as User • Semantics • Interfaces Example: Interactive Media

  28. Example: Interactive Media Social Sphere Multimedia application, using sphere behavior as input: • Transitions • Membership • Interactions Possible applications: • Campus-wide game • LACMA tour group application Location Sphere Social Sphere

  29. Structured Common Community Model • Multiple fidelity community membership • Shared structure scopes relevance • Simple standardized interface • Cross-community references • Diverse relations (Boelter 3564 and LASR)

  30. Roadmap • Managing Ubiquitous Computing • Our approach: Spheres of Influence • Preliminary Work • Design and Implementation • Related Work • Dissertation Plan

  31. QED Quarantine device upon entry into network, and authenticate. Bob Worker Worker Worker Examine device for vulnerabilities or undesirable services. Worker Decontaminate: Work with device to repair vulnerabilities! Bob’s Office

  32. Results from QED • Evaluated in LASR testbed over 802.11b • Vulnerable machines required additional time • Variable based on package size, average file size • E.g., perl required ~91 sec. for 34 Mbyte update Fig 1. Measured overhead in each component of QED session with up-to-date machine; 99% confidence intervals. [Eustice05] K. Eustice, L. Kleinrock, M. Lukac, V. Ramakrishna and P. Reiher, “QED: Securing the Mobile Masses,” UCLA Technical Report TR-ID pending. 2005.

  33. Roadmap • Managing Ubiquitous Computing • Our approach: Spheres of Influence • Preliminary Work • Design and Implementation • Related Work • Dissertation Plan

  34. Major Systems Issues • Placement of Management Logic • Sphere Discovery • Relationship Management • Fault Tolerance and Reliability • Events and Event Semantics • Application Primitives

  35. Sphere Discovery • How do I find any sphere? • Broadcast & multicast • Reference-based maps • How do I find a specific sphere? • Lookup Server • DNS-based approach

  36. Relationship Management • Sphere Bindings • Which sphere is the right sphere for me? • Different devices will bind to different spheres • Approach • User/Application Preferences • Leverage existing relationships • Negotiation – resource/requirement matching

  37. Events and Event Semantics • Handling dynamic membership • Queuing events for inactive members • Interest registration • Event Semantics • Scoping events • Closest spheres may be most relevant • Event Ordering

  38. Ext. Event Iface Doorman Applications Connection to any related Spheres Int. Event Iface Sphere State Member table Access Rights Event Registration … Policy Manager Sphere Manager Spheres of InfluenceComponents • Doorman: handles external interactions • Sphere Manager: handles internal interactions • Policy Manager: mediates interactions • Applications Interface

  39. A Sphere of Influence Node Applications Sphere Manager Sphere API Event Coordinator Policy Engine Policy Manager Discovery Module Advert. Module Join Module Connection Manager Doorman Ext. Sphere Interface External components Int. Sphere Interface Security Services Operating System Network (802.11, Bluetooth, Ethernet)

  40. Roadmap • Managing Ubiquitous Computing • Our approach: Spheres of Influence • Preliminary Work • Design and Implementation • Related Work • Dissertation Plan

  41. ? Social Group Applications [Wang’04] Personal Cluster Management [Chetan’04] Location-based Infrastructure [Roman’01, Undercoffer’02, Al-Muhtadi’04 …] Related Work Spheresof Influence Others? Service Groups?

  42. Related Work • Ubiquitous Computing Infrastructure • Intelligent Room/Project Oxygen, Gaia, Centaurus2, one.world • Ubiquitous Group Management • Ephemeral Social Groups, Mobile Gaia, Super Spaces • Cluster Management • Open Cluster Framework, Mobile ad hoc clustering • Content Distribution/Pub-Sub Event Distribution • SIENA, REBECA • Secure Enrollment and Network Configuration • Resurrecting Duckling, Network-in-a-Box

  43. Roadmap • Managing Ubiquitous Computing • Our approach: Spheres of Influence • Preliminary Work • Design and Implementation • Related Work • Dissertation Plan

  44. Planned Activities • Complete Implementation • Measure of Utility • Evaluation • Measure of Applicability

  45. Complete Implementation • The Spheres of Influence prototype will be completed as detailed in the prospectus. • Iterative development model for fast feedback. • Implementation will be made publicly available via Sourceforge.

  46. Measure of Utility Implementation and demonstration of two sample applications • A “coordinate and optimize” application • An application to show novelty, using community transitions and interactions as application input

  47. System Evaluation • Framework Overhead • Application Performance • Methodology • Basic overhead measurements will be gathered in LASR testbed • Application results will also be gathered and analyzed

  48. Measure of Applicability My assumption: devices will interact in different types of organized groups. • Provide a model to characterize ubiquitous applications in terms of group interactions. • Analysis of common applications.

  49. Examples • Community Geo-annotation • mapping of social sphere[s] onto location spheres • Friend-finder • mapping of location sphere[s] onto social spheres • Access-control applications • mapping of social spheres onto physical spheres • Location-aware Wireless Device Configuration • mapping of physical spheres from location sphere onto elemental device spheres

  50. Implementation Status Completed: • Communications framework • Sphere join protocol • Event registration and processing • Network configuration modules • Reference map-based discovery

More Related