310 likes | 398 Views
6 October 2011 Core 4 Secure Applications ‘Instant Knowledge’ Programme Achievements Nigel Jefferies Huawei. Instant Knowledge: Secure Autonomous Business Collaboration. Capture and share tacit knowledge within and across enterprises autonomically dynamically
E N D
6 October 2011 Core 4 Secure Applications ‘Instant Knowledge’ Programme Achievements Nigel Jefferies Huawei
Instant Knowledge: Secure Autonomous Business Collaboration • Capture and share • tacit knowledge • within and across enterprises • autonomically • dynamically • guaranteeing privacy and • respecting security policies
Instant Knowledge: Secure Autonomous Business Collaboration • Capture and share • tacit knowledge • within and across enterprises • autonomically • dynamically • guaranteeing privacy and • respecting security policies • In summary – “Find an Expert”
A history lesson… Doesn’t work Lethargy Ignorance Timeliness Effortless Autonomic Timely
Research Areas • Establishing User Requirements and Behaviour • Autonomous Interpersonal Networking • Pro-active Distributed Recommender System • Secure Policy-Based Information Access • Privacy-Enhancing Sharing Protocols
Building a toolbox • Context recording • Device, application, user • Autonomous social network creation • Who knows who • Profile generators • Analysis of user skillset based on output • Recommender • Pointers to relevant individuals based on context, relationship and task • UI recording and analysis • Privacy tools • Centralised management system • Distributed system All available as Industry Briefs
Context recording • Phone: number, date/time call started, duration, incoming/outgoing/missed • SMS: number, date/time sent, length, incoming/outgoing • Proximity: device MAC, device name, Bluetooth class • WiFi: SSID, BSSID, IP address, data rate • Cell ID: cell ID, location area code • Application/sub-activity • Battery state, charger plugged in or not • Touch screen, hardware keys, virtual keys • Headphones • Orientation change (portrait or landscape) • GPS usage
Generators Web Browser REST Rails Server REST Client Clue Database N810 Context Manager Context Database Context recording
Autonomous social network creation • Recording and measuring ties between users • Sample implementation • IK GUI Client • OpenFire XMPP • Network Visualiser • Graphing and analysis tools
Profile extraction • Automatic skills profile generation • Text gathered from application, or from body of documents • Word documents, emails, wi-ki entries, etc • Deployed on Thales’ internal wiki
Pro-Active Distributed Recommender System • The IK system is designed to automatically recommend people based on keywords • We can extract keywords from any application running on the N810 • Two versions of the demonstrator • First takes input from applications such as email running on Nokia N810, sends this to server and receives a list of recommendations • Second uses additional context information and integrated with relational analyser to provide higher quality recommendations
Improving De-centralised Recommenders • Developed probabilistic recommendation algorithms to cope with very sparse data sets • Developed new low-rank approximation method which radically reduces the amount of computation to obtain a recommendation and hides private information on individual preference • Analysed clustering methods for reducing computational complexity of recommenders • Developed new multi-agent algorithm for coalition formation to improve performance of decentralised recommender
UI recording and analysis • Screen capture at 5 frames per second, half resolution • Screen touched: location and pressure • Hardware keys, virtual keys • Orientation change • Can effectively recreate entire user-phone interaction experience • Minimal impact on phone responsiveness & battery life
UI Recording Tool UI Events Screen State Context Clues UI Event Recorder Screen Recorder Context Recorder Events Images Context Observer Playback
N810 implementation - Also available on Android (see video)
Privacy & Security • New ID management systems and protocols allowing varying levels of privacy • Additions to centralised schemes to allow pseudonymity • Hierarchy of systems to provide k-anonymity in distributed systems
IK privacy – centralised solution Identity management (IdM) IK managed Leverage existing enterprise IdM IK Policy Enforcement IK communications Recorded transaction pseudonyms Reversible pseudonymity Unobservability Unlinkability
IK privacy – single sign on service Identity Provider 6. Obtain PDP 7. Decision 5.Evaluate Local policy Enterprise policy IK service SSO 8. Response 3. Logon 4. Query PDP IK user 1. Request access Assertion consumer service 2. SAML query PEP 8. Response IK client IK server (recommender)
IK Privacy – distributed solution Improve robustness against compromise: Rather than a single IK service collecting IK user data, multiple IK services each serve a subset of enterprise IK users Hierarchical IK system, in which a parent IK service aggregates IK context data from a subset of child IK services Recommendations can be requested from both the local IK service and top level IK service Provides an upgrade path from a centralised system: Each IK service can use the same recommender algorithms The height of the hierarchy determines the strength of anonymity achieved Scalable
IK Privacy – distributed solution IK service IK service IK service IK service IK service ID provider ID provider ID provider ID provider ID provider ID provider ID provider IK service IK service IK service IK service IK service IK service IK service
Conclusions • Novel components in six key areas: • Context recording • Autonomous social network creation • Profile generators • Recommender • UI recording and analysis • Privacy tools • What applications can you create?