spheres of influence: secure organization and coordination of diverse device communities kevin...
TRANSCRIPT
Spheres of Influence:Secure organization and coordination
of diverse device communities
Spheres of Influence:Secure organization and coordination
of diverse device communities
Kevin Eustice
January 28th, 2005
Kevin Eustice
January 28th, 2005
2
Roadmap
• Managing ubiquitous computing
• Our approach: device communities
• Related work
• Research Challenges
• Spheres of Influence: Design and Implementation
-Architecture-Connection Management
-Application Logic-Security
3
Ubiquitous Computing
Work has been focused in several areas:
• Smart environments (MIT, CMU, UIUC, UMD,…)
• Location & Context-aware support
• Specialized environment-specific applications (frequently, sensor + UI)
Few projects or technologies have transitioned to the real world.
4
Device Communities
We see device communities as an emerging trend in networking
• Personal Device Communities– Communities organized by common owner– Multi-device users require multi-device management– Bluetooth/802.11/GPRS
• Physical Location Communities– Communities organized by proximity/physical network– Basic model adopted by traditional ubicomp
infrastructure developers– Devices in a given location want to interact
5
Device Communities (cont.)
• Social Communities are the latest addition– Community organized by social structure– Social computing is entering the limelight in it’s varied
forms• IM/chat communities• Blogs, moblogs, DC++• Friendster, orkut, tribes.net
• Connections beginning to be formed:• AT&T “Find Friends” • Vodafone “Buddy Alert” • Dodgeball.com
6
Can we design scalable infrastructure to support device communities operating in multiple heterogeneous contexts (social, location, personal)?
Will novel applications or a new application paradigm arise from such an infrastructure?
7
Thesis: Spheres of Influence
Device community based infrastructure, focused on:– Membership– Communication– Security
A sphere is a software entity representing either a device or set of other spheres that interact within a shared, secure boundary
8
Spheres of Influence (cont.)
• Spheres can join together to form a set of spheres
• Sphere membership implies access to local sphere resources, events
• Each sphere possesses– Policy (limits internal interactions)– Requirements (properties it seeks from others)– Credentials (secure attestations of identity or
membership)
9
Spheres of Influence (cont.)
Spheres serve as a scoping mechanism for:• Policy• Privilege• EventsSpheres can represent arbitrarily complex
arrangements of devices:• Personal device clusters• Physical locations (hierarchically arr.)• Social groups
10
SoI Vision
Provide management infrastructure for communities of devices, enabling:– Dynamic group-based management of mobile
and infrastructure-based devices– Context-scoped resource discovery, event
handling– Establishment of secure boundaries– Attestable membership– Improved scalability
11
SoI Vision (cont.)
• Membership and connections flow and adjust as users move with their devices throughout their environment
• As connectivity is acquired, devices negotiate with new hosting environment for necessary resources and acquire new policy
• Outside memberships are reasserted, queued messages/events are delivered
12
Laboratory for Advanced Systems Research
Boelter Hall
Boelter 3564
Kevin
Kevin
Network Connections to Social Spheres through
Phys. Sphere
Physical Sphere
Social Sphere
Personal Device Sphere
Kevin
Network Connection to Physical Sphere
Friends
Kevin
13
Anticipated Benefits
• Performance
• Security
• Vehicle for Application Innovation
15
Performance Benefits
• Potential overhead savings for multi-device mobility
• Improved scaling through aggressive use of structured groups
• Improved spatial reuse through diverse groups and intelligent management of wireless spectrum
16
Security Benefits
• Security boundary: dynamic firewall rules protect sphere members from outside world
• Defense-in-depth: layered security protects sphere structure
• Context attestation: spheres can provide secure, verifiable attestations of membership to members for access control or application purposes
17
Applications Innovation
• Customized content based on community membership
• “Group as User”—new applications that focus on the group as the application user– Semantics for group application decisions?– UI for group applications?
• Support for “trails” type applications, in multiple contexts
18
Legacy Wireless LAN
Mobile cluster example
E D
C
BA
N-times:•Acquire address (DHCP, bootp, …)•Rebind to network (VPN, mobile IP, IPsec, …)•Identify and reacquire resources (proxies, etc.)
19
Physical Sphere
Mobile cluster example
Once:•Join protocol•Negotiate for access•Attach to other spheres
K
E D
C
BA
20
Legacy IM example
K’s home machine
K’s work machine
K’s phone K’s PDA
IM Server
Id,logs
Id,logs
Id,logs
Id,logs
21
Sphere-basedIM example
K’s home machine
K’s work machine
K’s phone K’s PDA
IM Server
K’s PersonalSphere
IM ID,logs
Cred. Cred. Cred. Cred.
22
Related Work
• Protection Domains– 60s-70s work defining protection boundaries in single
machine
• ZeroConfig– WZC: Automatic configuration of wireless settings
based on observed network and (trivial) policies– Rendezvous: Apple solution for locating printers, file
servers, wireless APs, local http servers
• Ad-hoc Formation of Security Domains• Mobile Publish-Subscribe Systems
23
Research Issues
• Sphere Management
• Sphere Mobility Management & Discovery
• Policy and Negotiation for Spheres
• Context Attestation
• Event Flow
• Sphere Enrollment
• Group as User
24
SoI Design
Three principal components:• Doorman: External interactions• Sphere Manager: Internal interactions• Policy Manager: Consulted by other
componentsAlso necessary:• Relational Primitives: Support application
reasoning regarding sphere membership, relationships.
25
Doorman
• Beaconing/Advertisement
• Discovery/Rendezvous
• Connection management– Accept incoming supplicants– Request outgoing join requests
• Queries policy manager for join approval
• Delivers events in observed external state to sphere manager
26
Sphere Manager
• Coordinator for Sphere
• Maintains connections to relatives
• Manages events– Registration– Processing– Delivery
• Firewall manager
• Sphere state container
27
Policy Manager
• Policy Manager: – Policy database contains local policy rules– Policy engine answers questions regarding
state changing interactions and local policy
• Policy Language– Describes valid interactions in terms of
relational, deontic, and temporal constraints– Logic-based
Focus of V. Ramakrishna’s research
28
Relational Logic
• Applications and infrastructure need to be able to talk about relationships
• Primitives must describe basic relations:– Parent– Child– Sibling– Related
• Other properties: active, attested, etc.
29
Sphere Manager
PolicyManager
Sphere StateMember tableAccess Rights
Event Registration…
Doorman
Simple Sphere
Policy CacheFast Path
Policy CacheFast Path
Int.EventIface
Ext.EventIface
App 1Connection to
any related Spheres
30
Managed Sphere S
IEISM
PMState
DM
Members of SEEI
Candidates of S
Co
OCi
31
Dissertation Plan
• Initial Implementation of Simple Spheres– No resources– Focus on membership and events
• Implement sample applications– Sphere-based IM application– Context-weighted task manager– Interactive fiction application– “Door monitor” application for LASR
• Evaluate implementation– Overhead of operations (join, event handling)– Scalability
32
Dissertation Plan
• Extend design to support resources and services
• Extend implementation
• New applications?
• Evaluate implementation
• Write dissertation
33
Contributions
• Model for a consistent representation of device membership spanning heterogeneous communities
• Secure, active management of community memberships
• Secure, cryptographic membership attestation• Logic to reason about membership,
relationships, and community transitions• Intra- and Inter-community event registration and
delivery• Evaluation of model with applications