A Framework for Ensuring Security in Ubiquitous Computing Environment Based on Security Engineering Approach

  • JooYoung Lee
  • HoWon Kim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4251)


The goal of this paper is to provide a framework for ensuring security in ubiquitous computing environment based on security engineering approach. Security engineering is about building systems to remain dependable in the face of malice, error or mischance. In order to do this, we propose a framework which includes the concept of security state and security flow. The combinations of security state and security flow represent a unique viewpoint and a particular pattern for consideration of security services. We can analyze and identify security issues and threats from these combinations and patterns and provide suitable security services for concerns. For this purpose, we have applied our approach to RFID service network, which is one of the representative examples that are to practically realize ubiquitous computing environment.


Security Requirement Ubiquitous Computing State Diagram Security State Security Engineering 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Weiser, M.: The Computer for the Twenty-First Century. Scientific America 265(3), 94–104 (1991)CrossRefGoogle Scholar
  2. 2.
    Ha, Y.-G., Sohn, J.-C., Cho, Y.-J., Yoon, H.: Towards Ubiquitous Robotic Companion: Design and Implementation of Ubiquitous Robotic Service Framework. ETRI Journal 27(6), 666–676 (2005)CrossRefGoogle Scholar
  3. 3.
    Anderson, R.: Security Engineering: A guide to building dependable distributed systems. Wiley, Chichester (2001)Google Scholar
  4. 4.
    Mousavidin, E.: RFID Technology: An update. ISRC Technology Briefing SeriesGoogle Scholar
  5. 5.
    Shepard, S.: RFID Radio Frequency Identification. McGraw-Hill, New York (2005)Google Scholar
  6. 6.
    Brock, D.L.: The Electronic Product Code (EPC): A Naming Scheme for Physical Objects, Auto-ID Center (2001)Google Scholar
  7. 7.
    EPCglobal, US ”Standards” (2004),
  8. 8.
    Goyal, A.: Technical Report: SavantTM Guide, Auto-ID Center (April 2003) Google Scholar
  9. 9.
    Garfinkel, S.: RFID Applications, Security, And Privacy. Addison-Wesley, Reading (2006)Google Scholar
  10. 10.
    Tsuji, T., Kouno, S., Noguchi, J., Iguchi, M., Misu, N., Kawamura, M.: Asset management solution based on RFID. NEC Journal of Advanced Technology 1(3), 188–193 (2004)Google Scholar
  11. 11.
    IBM, Patterns: Service-Oriented Architecture and Web Services, (2004) Google Scholar
  12. 12.
    Shin, M., Park, C.: A Radial Basis Function Approach to Pattern Recognition and its Applications. ETRI Journal 22(2), 1–10 (2000)CrossRefGoogle Scholar
  13. 13.
    Kaufman, C., Perlman, R., Speciner, M.: Network Security. Prentice-Hall, Englewood Cliffs (2002)Google Scholar
  14. 14.
    Davis, J.F.: Information systems security engineering: a critical component of the systems engineering lifecycle. ACM SIGAda Ada Letters XXIV(4) (December 2004)Google Scholar
  15. 15.
    Devanbu, P.T., Stubblebine, S.: Software engineering for security: a roadmap. In: Proceedings of the Conference on The Future of Software Engineering, ACM Press, New York (2000)Google Scholar
  16. 16.
    Mead, N.R., Stehney, T.: Software Engineering for Secure Systems (SESS) – Building Trustworthy Applications: Security quality requirement engineering (SQUARE) methodology. In: ACM SIGSOFT Software Engineering Notes, Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications SESS 2005, vol. 30(4) (2005)Google Scholar
  17. 17.
    Dragovic, B., Crowcroft, J.: Ubiquitous computing: Information exposure control through data manipulation for ubiquitous computing. In: Proceeding of the 2004 workshop on New security paradigms, ACM Press, New York (2004)Google Scholar
  18. 18.
    Seigneur, J.M., Jensen, C.D.: Ubiquitous computing (UC): Trust enhanced ubiquitous payment without too much privacy loss. In: Proceedings of the 2004 ACM symposium on Applied computing (2004)Google Scholar
  19. 19.
    Schmandt, C., Ackerman, M.: Personal and Ubiquitous Computing: Issue on privacy and security. Personal and Ubiquitous Computing 8(6) (November 2004)Google Scholar
  20. 20.
    Eustice, K., Kelinrock, L., Markstrum, S., Popek, G., Ramakrishna, V., Reiher, P.: Ubiquitous comuting/security: Securing nomads: the case for quarantine, examination, and decontamination. In: Proceedings of the 2003 workshop on New security paradigms (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • JooYoung Lee
    • 1
  • HoWon Kim
    • 1
  1. 1.Electronics and Telecommunications Research Institute (ETRI)DaeJeonkorea

Personalised recommendations