Towards Semantic Resolution of Security in Ambient Environments
Driven by new network and middleware technologies such as mobile broadband, near-field communication, and context awareness the so-called ambient lifestyle will foster innovative use cases in different domains. In the EU project Hydra high-level security, trust and privacy concerns such as loss of control, profiling and surveillance are considered at the outset. At the end of this project the Hydra middleware development platform will have been designed so as to enable developers to realise secure ambient scenarios. This paper gives a short introduction to the Hydra project and its approach to ensure security by design. Based on the results of a focus group analysis of the user domain “building automation” typical threats are evaluated and their risks are assessed. Then, specific security requirements with respect to security, privacy, and trust are derived in order to incorporate them into the Hydra Security Meta-Model. How concepts such as context, semantic resolution of security, and virtualisation support the overall Hydra approach will be introduced and illustrated on the basis of a technical building automation scenario.
KeywordsSecurity Requirement Ambient Environment Security Model Protection Goal Virtual Device
Unable to display preview. Download preview PDF.
- 1.Ernesto Damiani, Sabrina De Capitani di Vimercati, and Pierangela Samarati. New paradigms for access control in open environments. In Proc. of the 5th IEEE International Symposium on Signal Processing and Information, Dec. 2005.Google Scholar
- 2.S. di Vimercati, P. Samarati, and S. Jajodia. Policies, models, and languages for access control. In Proc. of the Workshop on Databases in Networked Information Systems. March 2005.Google Scholar
- 3.S. Dritsas, L. Gymnopoulos, M. Karyda, T. Balopoulos, S. Kokolakis, C. Lambrinoudakis, and S. Katsikas. A knowledge-based approach to security requirements for e-health applications. Electronic Journal for E-Commerce Tools and Applications, 2006.Google Scholar
- 4.FAST GmbH for the European Commission. Study of worldwide trends and R&D programs in embedded systems in view of maximizing the impact of a technology platform in the area, Nov 2005.Google Scholar
- 5.HYDRA. Networked embedded system middleware for heterogeneous physical devices in a distributed architecture. http://www.hydra.eu.com, Jul 2007. contract number: IST-2005-03489L duration: 07/2006-06/2010.Google Scholar
- 6.Naval Research Lab. NRL Security Ontology, Jul 2007. http://chacs.nrl.navy.mil/projects/4SEA/ontology.html.Google Scholar
- 7.OASIS. eXtensible Access Control Markup Language (XACML) Version 2.0. http://www.oasis-open.org/committees/xacml, 2004.Google Scholar
- 8.Bill Schilit, Norman Adams, and Roy Want. Context-aware computing applications. In IEEE Workshop on Mobile Computing Systems and Applications, Santa Cruz, CA, US, 1994.Google Scholar