security requirements in service oriented architectures for ubiquitous computing n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security Requirements in Service Oriented Architectures for Ubiquitous Computing PowerPoint Presentation
Download Presentation
Security Requirements in Service Oriented Architectures for Ubiquitous Computing

Loading in 2 Seconds...

play fullscreen
1 / 11

Security Requirements in Service Oriented Architectures for Ubiquitous Computing - PowerPoint PPT Presentation


  • 117 Views
  • Uploaded on

Security Requirements in Service Oriented Architectures for Ubiquitous Computing. Almerindo Graziano, Domenico Cotroneo, Stefano Russo agrazian@unina.it MobiLab Research Group Università degli studi di Napoli “Federico II”. Outline. Motivation Addressing Ubiquitous Security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Security Requirements in Service Oriented Architectures for Ubiquitous Computing


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security requirements in service oriented architectures for ubiquitous computing

Security Requirements in Service Oriented Architectures for Ubiquitous Computing

Almerindo Graziano, Domenico Cotroneo, Stefano Russo

agrazian@unina.it

MobiLab Research Group

Università degli studi di Napoli “Federico II”

outline
Outline
  • Motivation
  • Addressing Ubiquitous Security
  • The Story So Far
  • Security Requirements
  • Evaluation
  • Conclusions
service oriented architectures
Service Oriented Architectures
  • Established computing paradigm
  • A SOA is based upon
    • Service definition
    • Service Discovery and Delivery
  • SOAs have evolved from the Internet model
    • Different service definitions
    • Different discovery/delivery protocols
  • Problems
    • Interoperability and standardization
    • Security
addressing ubiquitous security
Addressing Ubiquitous Security
  • Wireless security
    • Widely addressed
  • Security of SOAs in ubiquitous computing
    • Not widely addressed (often just an afterthought)
    • Not addressed consistently
    • No security requirements analysis
    • Stronger Interoperability problems
the story so far
Standard Protocols

Bluetooth

Jini

Salutation

UPnP

SLP

JXTA

Integrated Architectures

SSDS

Centaurus

Proxy-based protocols

Ongoing research

Splendor

The Story So Far
security requirements
Secure service registration/deregistration

Example: DoS attacks

Secure Discovery (service records)

Authenticated

Authorized

Confidential

Genuine

Anonymous

Secure Delivery

Authenticated

Authorized

Confidential

Genuine

Anonymous

Application Security

Availability

Security Requirements
evaluation
Genuine discovery and delivery are underestimated

Achieved partially or not at all

Service (de)registration is assumed trusted

No architecture addresses security in service definition

Application security often out of scope

Different access control models

ACLs or Capabilities

Different granularity

User or Devices

Location of the PDP

Local by the device or remote by a resource manager

Different trust models

Evaluation
conclusions
Conclusions
  • Not possible to address all security requirements
    • Total security does not exist
    • Limited resources
  • Need to use threat models (mobile adversary and mobile victims)
  • Security requirements driven by use cases
    • Abuse cases can help model the threats
  • Use risk assessment to rationalize security issues
  • Secure interoperability still a challenge
    • Trust models, access control, authorization management
ongoing work
Ongoing Work
  • Complete evaluation work to include
    • Access control models, trust models, authorization management
  • Design of a Secure SOA for Nomadic Computing
  • Use/Misuse cases for threat analysis
  • Threat modelling and design with UMLsec
  • Validation with UMLsec