Intrusion detection in IPv6-enabled sensor networks.

In this research, we study efficient and lightweight Intrusion Detection Systems (IDS) for ad-hoc networks through the lens of IPv6-enabled Wireless Sensor Actuator Networks. These networks consist of highly constrained devices able to communicate wirelessly in an ad-hoc fashion, thus following the architecture of ad-hoc networks. Current state of the art IDS in IoT and WSNs have been developed considering the architecture of conventional computer networks, and as such they do not efficiently address the paradigm of ad-hoc networks, which is highly relevant in emerging network paradigms, such as the Internet of Things (IoT). In this context, the network properties of resilience and redundancy have not been extensively studied. In this thesis, we first identify a trade-off between the communication and energy overheads of an IDS (as captured by the number of active IDS agents in the network) and the performance of the system in terms of successfully identifying attacks. In order to fine-tune this trade-off, we model networks as Random Geometric Graphs; these are a rigorous approach that allows us to capture underlying structural properties of the network. We then introduce a novel IDS architectural approach that consists of a central IDS agent and set of distributed IDS agents deployed uniformly at random over the network area. These nodes are able to efficiently detect attacks at the networking layer in a collaborative manner by monitoring locally available network information provided by IoT routing protocols, such as RPL. The detailed experimental evaluation conducted in this research demonstrates significant performance gains in terms of communication overhead and energy dissipation while maintaining high detection rates. We also show that the performance of our IDS in ad-hoc networks does not rely on the size of the network but on fundamental underling network properties, such as the network topology and the average degree of the nodes. The experiments show that our proposed IDS architecture is resilient against frequent topology changes due to node failures

Exploring Wireless Data Center Networks: Can They Reduce Energy Consumption While Providing Secure Connections?

Data centers have become the digital backbone of the modern world. To support the growing demands on bandwidth, Data Centers consume an increasing amount of power. A significant portion of that power is consumed by information technology (IT) equipment, including servers and networking components. Additionally, the complex cabling in traditional data centers poses design and maintenance challenges and increases the energy cost of the cooling infrastructure by obstructing the flow of chilled air. Hence, to reduce the power consumption of the data centers, we proposed a wireless server-to-server data center network architecture using millimeter-wave links to eliminate the need for power-hungry switching fabric of traditional fat-tree-based data center networks. The server-to-server wireless data center network (S2S-WiDCN) architecture requires Line-of-Sight (LoS) between servers to establish direct communication links. However, in the presence of interference from internal or external sources, or an obstruction, such as an IT technician, the LoS may be blocked. To address this issue, we also propose a novel obstruction-aware adaptive routing algorithm for S2S-WiDCN. S2S-WiDCN can reduce the power consumption of the data center network portion while not affecting the power consumption of the servers in the data center, which contributes significantly towards the total power consumption of the data center. Moreover, servers in data centers are almost always underutilized due to over-provisioning, which contributes heavily toward the high-power consumption of the data centers. To address the high power consumption of the servers, we proposed a network-aware bandwidth-constrained server consolidation algorithm called Network-Aware Server Consolidation (NASCon) for wireless data centers that can reduce the power consumption up to 37% while improving the network performance. However, due to the arrival of new tasks and the completion of existing tasks, the consolidated utilization profile of servers change, which may have an adverse effect on overall power consumption over time. To overcome this, NASCon algorithm needs to be executed periodically. We have proposed a mathematical model to estimate the optimal inter-consolidation time, which can be used by the data center resource management unit for scheduling NASCon consolidation operation in real-time and leverage the benefits of server consolidation. However, in any data center environment ensuring security is one of the highest design priorities. Hence, for S2S-WiDCN to become a practical and viable solution for data center network design, the security of the network has to be ensured. S2S-WiDCN data center can be vulnerable to a variety of different attacks as it uses wireless links over an unguided channel for communication. As being a wireless system, the network has to be secured against common threats associated with any wireless networks such as eavesdropping attack, denial of services attack, and jamming attack. In parallel, other security threats such as the attack on the control plane, side-channel attack through traffic analysis are also possible. We have done an extensive study to elaborate the scope of these attacks as well as explore probable solutions against these issues. We also proposed viable solutions for the attack against eavesdropping, denial of services, jamming, and control-plane attack. To address the traffic analysis attack, we proposed a simulated annealing-based random routing mechanism which can be adopted instead of default routing in the wireless data center

Efficient Communication in Agent-based Autonomous Logistic Processes

Transportation of goods plays a vital role for the success of a logistics network. The ability to transport goods quickly and cost effectively is one of the major requirements of the customers. Dynamics involved in the logistics process like change or cancellation of orders or uncertain information about the orders add to the complexity of the logistic network and can even reduce the efficiency of the entire logistics process. This brings about a need of integrating technology and making the system more autonomous to handle these dynamics and to reduce the complexity. Therefore, the distributed logistics routing protocol (DLRP) was developed at the University of Bremen. In this thesis, DLRP is extended with the concept of clustering of transport goods, two novel routing decision schemes and a negotiation process between the cluster of goods and the vehicle. DLRP provides the individual logistic entities the ability to perform routing tasks autonomously e.g., discovering the best route to the destination at the given time. Even though DLRP seems to solve the routing problem in real-time, the amount of message flooding involved in the route discovery process is enormous. This motivated the author to introduce a cluster-based routing approach using software agents. The DLRP along with the clustering algorithm is termed as the cluster-based DLRP. In the latter, the goods are first clustered into groups based on criteria such as the common destination. The routing is now handled by the cluster head rather than the individual transport goods which results in a reduced communication volume in the route discovery. The latter is proven by evaluating the performance of the cluster-based DLRP approach compared to the legacy DLRP. After the routing process is completed by the cluster heads, the next step is to improve the transport performance in the logistics network by identifying the best means to transport the clustered goods. For example, to have better utilization of the transport capacity, clusters can be transported together on a stretch of overlapping route. In order to make optimal transport decisions, the vehicle calculates the correlation metric of the routes selected by the various clusters. The correlation metric aids in identifying the clusters which can be transported together and thereby can result in better utilization of the transport resources. In turn, the transportation cost that has to be paid to the vehicle can be shared between the different clusters. The transportation cost for a stretch of route is calculated by the vehicle and offered to the cluster. The latter can decide based upon the transportation cost or the selected route whether to accept the transport offer from the vehicle or not. In this regard, different strategies are developed and investigated. Thereby a performance evaluation of the capacity utilization of the vehicle and the transportation cost incurred by the cluster is presented. Finally, the thesis introduces the concept of negotiation in the cluster based routing methods. The negotiation process enhances the transport decisions by giving the clusters and the vehicles the flexibility to negotiate the transportation cost. Thus, the focus of this part of the thesis is to analyse the negotiation strategies used by the logistics entities and their role in saving negotiation time while achieving a favorable transportation cost. In this regard, a performance evaluation of the different proposed strategies is presented, which in turn gives the logistics practitioners an overview of the best strategy to be deployed in various scenarios. Clustering of goods aid in the negotiation process as on the one hand, a group of transport goods have a stronger basis for negotiation to achieve a favorable transportation price from the vehicle. On the other hand it makes it easier for the vehicle to select the packages for transport and helps the vehicle to operate close to its capacity. In addition, clustering enables the negotiation process to be less complex and voluminous. From the analytical considerations and obtained results in the three parts of this thesis, it can be concluded that efficient transport decisions, though very complex in a logistics network, can be simplified to a certain extent utilizing the available information of the goods and vehicles in the network

Middleware for Mobile Sensing Applications in Urban Environments

Sensor networks represent an attractive tool to observe the physical world. Networks of tiny sensors can be used to detect a fire in a forest, to monitor the level of pollution in a river, or to check on the structural integrity of a bridge. Application-specific deployments of static-sensor networks have been widely investigated. Commonly, these networks involve a centralized data-collection point and no sharing of data outside the organization that owns it. Although this approach can accommodate many application scenarios, it significantly deviates from the pervasive computing vision of ubiquitous sensing where user applications seamlessly access anytime, anywhere data produced by sensors embedded in the surroundings. With the ubiquity and ever-increasing capabilities of mobile devices, urban environments can help give substance to the ubiquitous sensing vision through Urbanets, spontaneously created urban networks. Urbanets consist of mobile multi-sensor devices, such as smart phones and vehicular systems, public sensor networks deployed by municipalities, and individual sensors incorporated in buildings, roads, or daily artifacts. My thesis is that "multi-sensor mobile devices can be successfully programmed to become the underpinning elements of an open, infrastructure-less, distributed sensing platform that can bring sensor data out of their traditional close-loop networks into everyday urban applications". Urbanets can support a variety of services ranging from emergency and surveillance to tourist guidance and entertainment. For instance, cars can be used to provide traffic information services to alert drivers to upcoming traffic jams, and phones to provide shopping recommender services to inform users of special offers at the mall. Urbanets cannot be programmed using traditional distributed computing models, which assume underlying networks with functionally homogeneous nodes, stable configurations, and known delays. Conversely, Urbanets have functionally heterogeneous nodes, volatile configurations, and unknown delays. Instead, solutions developed for sensor networks and mobile ad hoc networks can be leveraged to provide novel architectures that address Urbanet-specific requirements, while providing useful abstractions that hide the network complexity from the programmer. This dissertation presents two middleware architectures that can support mobile sensing applications in Urbanets. Contory offers a declarative programming model that views Urbanets as a distributed sensor database and exposes an SQL-like interface to developers. Context-aware Migratory Services provides a client-server paradigm, where services are capable of migrating to different nodes in the network in order to maintain a continuous and semantically correct interaction with clients. Compared to previous approaches to supporting mobile sensing urban applications, our architectures are entirely distributed and do not assume constant availability of Internet connectivity. In addition, they allow on-demand collection of sensor data with the accuracy and at the frequency required by every application. These architectures have been implemented in Java and tested on smart phones. They have proved successful in supporting several prototype applications and experimental results obtained in ad hoc networks of phones have demonstrated their feasibility with reasonable performance in terms of latency, memory, and energy consumption.Deploying a network of sensors to monitor an environment is a common practice. For example, cameras in museums, supermarkets, or buildings are installed for surveillance purposes. However, while a decade ago, most deployed sensor networks involved a limited number of sensors, wired to a central processing unit, nowadays, the focus is on wireless, distributed, sensing nodes. Sensor technology has greatly advanced in terms of size, power consumption, processing capabilities, and low cost, thus fostering deployments of self-organizing wireless sensor networks over large geographical areas. For example, sensor networks have been used to detect a fire in a forest, to monitor the level of pollution in a river, or to check on the structural integrity of a bridge. Yet, sensor networks are usually perceived as ``something'' remote in the forest or on the battlefield, and regular users do not yet benefit from them. With the ubiquity and ever-increasing capabilities of mobile devices, such as smart phones and computers embedded in cars, urban environments offer the elements necessary to create people-centric mobile sensor networks and support a large variety of so-called sensing applications ranging from emergency and surveillance to tourist guidance and entertainment. For example, near-ubiquitous smart phones with audio and video sensing capabilities and more sensors in the near future can be used to provide shopping recommender services to inform users of special offers at the mall. Sensor-equipped cars can be used to provide traffic information services to alert drivers to upcoming traffic jams. However, urban mobile sensor networks are challenging programming environments due to the dynamism of mobile devices, the resource constraints of battery-powered devices, the software and hardware heterogeneity, and the large number of concurrent applications that they need to support. These requirements hinder the direct adoption of traditional distributed computing platforms developed for static resource-rich networks. This dissertation presents two architectures that can support the development of mobile sensing applications in urban environments. Contory offers a declarative programming model that views the urban network as a distributed sensor database. Context-aware Migratory Services provides a client-server paradigm, where services are capable of migrating to different nodes in the network in order to maintain a continuous interaction with clients. Compared to previous approaches to supporting mobile sensing urban applications, our architectures are entirely distributed and do not assume constant availability of Internet connectivity. These architectures have been implemented in Java and tested on smart phones. They have proved successful in supporting several prototype applications and experimental results obtained in networks of phones have demonstrated their feasibility with reasonable performance in terms of latency, memory, and energy consumption. The proposed architectures offer many opportunities to flexibly and quickly establish customized services that can greatly enhance the users' urban experience. Further steps to fully accomplish people-centric mobile sensing applications will have to address more technical issues as well as social and legal concerns

Smart streetlights: a feasibility study

The world's cities are growing. The effects of population growth and urbanisation mean that more people are living in cities than ever before, a trend set to continue. This urbanisation poses problems for the future. With a growing population comes more strain on local resources, increased traffic and congestion, and environmental decline, including more pollution, loss of green spaces, and the formation of urban heat islands. Thankfully, many of these stressors can be alleviated with better management and procedures, particularly in the context of road infrastructure. For example, with better traffic data, signalling can be smoothed to reduce congestion, parking can be made easier, and streetlights can be dimmed in real time to match real-world road usage. However, obtaining this information on a citywide scale is prohibitively expensive due to the high costs of labour and materials associated with installing sensor hardware. This study investigated the viability of a streetlight-integrated sensor system to affordably obtain traffic and environmental information. This investigation was conducted in two stages: 1) the development of a hardware prototype, and 2) evaluation of an evolved prototype system. In Stage 1 of the study, the development of the prototype sensor system was conducted over three design iterations. These iterations involved, in iteration 1, the live deployment of the prototype system in an urban setting to select and evaluate sensors for environmental monitoring, and in iterations 2 and 3, deployments on roads with live and controlled traffic to develop and test sensors for remote traffic detection. In the final iteration, which involved controlled passes of over 600 vehicle, 600 pedestrian, and 400 cyclist passes, the developed system that comprised passive-infrared motion detectors, lidar, and thermal sensors, could detect and count traffic from a streetlight-integrated configuration with 99%, 84%, and 70% accuracy, respectively. With the finalised sensor system design, Stage 1 showed that traffic and environmental sensing from a streetlight-integrated configuration was feasible and effective using on-board processing with commercially available and inexpensive components. In Stage 2, financial and social assessments of the developed sensor system were conducted to evaluate its viability and value in a community. An evaluation tool for simulating streetlight installations was created to measure the effects of implementing the smart streetlight system. The evaluation showed that the on-demand traffic-adaptive dimming enabled by the smart streetlight system was able to reduce the electrical and maintenance costs of lighting installations. As a result, a 'smart' LED streetlight system was shown to outperform conventional always-on streetlight configurations in terms of financial value within a period of five to 12 years, depending on the installation's local traffic characteristics. A survey regarding the public acceptance of smart streetlight systems was also conducted and assessed the factors that influenced support of its applications. In particular, the Australia-wide survey investigated applications around road traffic improvement, streetlight dimming, and walkability, and quantified participants' support through willingness-to-pay assessments to enable each application. Community support of smart road applications was generally found to be positive and welcomed, especially in areas with a high dependence on personal road transport, and from participants adversely affected by spill light in their homes. Overall, the findings of this study indicate that our cities, and roads in particular, can and should be made smarter. The technology currently exists and is becoming more affordable to allow communities of all sizes to implement smart streetlight systems for the betterment of city services, resource management, and civilian health and wellbeing. The sooner that these technologies are embraced, the sooner they can be adapted to the specific needs of the community and environment for a more sustainable and innovative future

A Framework for Modeling Spatial Node Density in Waypoint-Based Mobility

International audienceUser mobility is of critical importance when designing mobile networks. In particular, "waypoint" mobility has been widely used as a simple way to describe how humans move. This paper introduces the first modeling framework to model waypoint-based mobility. The proposed framework is simple, yet general enough to model any waypoint-based mobility regimes. It employs first order ordinary differential equations to model the spatial density of participating nodes as a function of (1) the probability of moving between two locations within the geographic region under consideration, and (2) the rate at which nodes leave their current location. We validate our models against real user mobility recorded in GPS traces collected in three different scenarios. Moreover, we show that our modeling framework can be used to analyze the steady-state behavior of spatial node density resulting from a number of synthetic waypoint-based mobility regimes, including the widely used Random Waypoint (RWP) model. Another contribution of the proposed framework is to show that using the well-known preferential attachment principle to model human mobility exhibits behavior similar to random mobility, where the original spatial node density distribution is not preserved. Finally, as an example application of our framework, we discuss using it to generate steady-state node density distributions to prime mobile network simulations

Integrating Mobile Devices Into Grid Applications

Tez (Yüksek Lisans) -- İstanbul Teknik Üniversitesi, Fen Bilimleri Enstitüsü, 2007Thesis (M.Sc.) -- İstanbul Technical University, Institute of Science and Technology, 2007Mobil cihazların Grid teknolojilerine ve sunucu uygulamalarına entegrasyonu bir taraftan süper bilgisayarları bir mobil cihazla kumanda etmeye olanak sağlanarken diğer taraftan da büyük uygulamaların önemli verilere heryerde ve her zaman erişebilmesine olanak sağlayabilir. Bu çalışma, GPS, sıcaklık, sağlık izleme ve kirlilik gibi farklı çeşitteki algılayıcıları barındırabilecek aynı zamanda pekçok yerden veri toplamaya olanak sağlayacak mobil cihazlardan veri toplama, işleme ve paylaşma üzerine bir örnek olması üzere planlandı. Projede konum ve hız verisi üretebilecek GPS alıcısına sahip mobil cihazlara örnek olarak cep telefonları kullanıldı. Sürücünün cep telefonu gibi otomobil içerisinde yerleştirilen mobil cihazların üzerinde koşturmak üzere geliştirilen istemci, konum ve hız verisini kısa zaman aralıklarında XML mesajları fotmatında GPRS üzerinden sunucuya göndermektedir. GDF formatında ana yol koordinatları önceden girilmiş sunucu uygulaması, aracın üzerinde hareket ettiği yolu bulur, yol için hız verisini zaman damgası ile birlikte kaydeder. Hızların ortalamasını hesaplamak ve bunu Internet ve WAP üzerinden sunmak üzere bir de görüntüleme uygulaması geliştirilmiştir. Eğer güncel veri yoksa, yani eğer o anda o yol üzerinde veri aktaran bir araç yoksa, istatistiksel veri kullanılarak bilgi sunulur. Böylece trafiği sadece uzamsal değil ayrıca zamansal olarak önceden görmek mümkün olur. Mobil cihaz üzerinde koşturan istemci uygulaması veya herhangi bir bilgisayar entegre sistem tarafından üretilen bilgiyi kullanabilir. Her ne kadar projede geliştirilen uygulamanın asıl amacı trafik bilgisi üretmek ve paylaşmak olsa da araç takibi, hatta trafik yönetimi için sistematik yaklaşımlar bu proje tarafından mümkün kılınabilir.Integrating mobile devices into Grid technologies and server applications can give ability to command power of supercomputers with a mobile device on one hand and can allow big applications to reach important data anywhere, anytime, on the other. This project is planned to be an example to gather and share data that can be collected by ubiquitous mobile devices which can employ different kind of sensors such as GPS, temperature, health monitoring and pollution. In this project location and speed information that is produced by GPS enabled mobile devices such as mobile phones, is used. The developed client application running on mobile devices located in vehicles, such as the mobile phone of the driver, sends location and speed information to the server application in short time intervals via GPRS in the forms of XML like messages. The developed server application, which is preloaded with the highway coordinates via files in GDF format, locates the street that the vehicle is moving along and the received speed information is recorded along with a timestamp. A display application has also been implemented to calculate average of speeds at that very moment and post it on the Internet and WAP. If there is no actual data, i.e. there is no vehicle moving on a specific street, statistical data is utilized to produce such information. Thus foreseeing the traffic not only spatially but also in time is made possible.Yüksek LisansM.Sc

New Product Development Processes for IOT-Enabled Home Use Medical Devices: A Systematic Review

Background: In the new forefront of healthcare at patients’ homes, medical devices developed to use at home setting by lay users are essential. The adoption of home-use medical devices will benefit both patients and public healthcare services in terms of quality of life, enhanced outcomes, and reduced cost of care. Home use medical devices associated with Internet-Of-Things (IOT) technology assists patients in performing self-care as well as providing health information remotely to health care professionals. However, adopting technology requires understanding the nature of the medical device and medical device development (MDD). Existing studies concerning the new product development (NPD) processes or design processes were systematically reviewed to explore knowledge and expertise to provide a framework for IOT engineers or designers to adopt IOT technology to home use medical devices. Objective: This study aimed to review the published literature to explore the current studies in the field of the NPD process, design process, design methodology, and outcome of the device affecting user acceptance. Methods: A systematic review following PRISMA guidelines of the English language literature from four electronic databases and academic search engines published from 2007 to 2018 was conducted. The papers were screened and assessed following predefined inclusive and exclusive criteria. The results were analyzed according to the research questions. Results: The findings revealed state-of-the-art in the NPD process and design process (n=4), the design methodology (n=23), and the resultant outcomes of empirical or clinical research in the validation stage (n=14) of medical device development (MDD). The findings also delineated existing studies in NPD, design process, and design methodologies aimed to ensure that medical devices would be effective and safe. Human factor engineering (HFE), cognitive method, ethnographic, and other methodologies were proposed to understand users, uses and context of use. Barriers, constraints, and multidisciplinary communication were addressed. Tools, processes, and methodologies were proposed to overcome the barriers. Conclusion: As home-use medical device development (MDD) and the adoption of IOT technology is now at a crossroads. This study addresses the necessity for future academic studies related to IOT adoption to MDD, including unique risks, multidisciplinary problems, emerging from IOT technology. Finally, future studies aimed at fabricating the NPD process or design process for IOT home-use medical devices to gain user acceptance were outlined

A Concept for a Trustworthy Integration of Smartphones in Business Environments

Smartphones are commonly used within business environments nowadays. They provide sophisticated communicational means which go far beyond simple telephone capabilities. Email access and particular apps on the device are examples of their versatile abilities. While these features allow them to be used in a very flexible way, e.g. in different infrastructures, they impose new threats to their surrounding infrastructure. For example, if used in an environment which allows the installation of custom apps, malicious software may be placed on the device. In order to mitigate these threats, a detailed awareness combined with the possibility to enforce certain constraints on such devices need to be established. In detail, it is necessary to include such devices into a decision making process which decides about the policy compliance of such devices. The policy used in this process defines the rules which apply to the particular infrastructure, e.g. if custom apps are allowed or if a specific software version may not be allowed. However, even when relying on this process, there is one limitation as it does not include a trust-based evaluation. This leads to the problem that a malicious smartphone might compromise the information used for the decision making process which should determine the policy compliance of this device. This renders the overall approach ineffective as the decision wether a device is policy compliant or not may be false. Given that, the thesis presented here provides means to evaluate the trustworthiness of such information to allow a trustworthy decision making about the policy compliance. It therefore introduces two things: (1) a generic trust model for such environments and (2) a domain-specific extension called Trustworthy Context-related Signature and Anomaly Detection system for Smartphones (TCADS). The trust model (1) allows to specify, to calculate and to evaluate trust for the information used by the decision making process. More in detail, the trust founding process of (1) is done by introducing so-called security properties which allow to rate the trustworthiness of certain aspects. The trust model does not limit these aspects to a particular type. That is, device-specific aspects like the number of installed apps or the current version of the operating system may be used as well as device independent aspects like communicational parameters. The security properties defined in (1) are then used to calculate an overall trust level, which provides an evaluable representation of trust for the information used by the decision making process. The domain-specific extension (2) uses the trust model and provides a deployable trust-aware decision making solution for smartphone environments. The resulting system, TCADS, allows not only to consider trust within the decisions about the policy compliance but also enables to base the decisions solely on the trust itself. Besides the theoretical specification of the trust model (1) and the domain-specific extension (2), a proof of concept implementation is given. This implementation leverages both, the abilities of the generic trust model (1) as well as the abilities of the TCADS system (2), thus providing a deployable set of programs. Using this proof of concept implementation, an assessment shows the benefits of the proposed concept and its practical relevance. A conclusion and an outlook to future work extending this approach is given at the end of this thesis.Smartphones sind in heutigen Unternehmensnetzen mittlerweile nicht mehr wegzudenken. Über einfache Telefonie-basierte Fähigkeiten hinaus bieten sie Eigenschaften wie zum Beispiel Email-Zugriff oder hohe Anpassbarkeit auf Basis von Apps. Obwohl diese Funktionalitäten eine vielseitige Nutzung solcher Smartphones erlauben, stellen sie gleichzeitig eine neuartige Bedrohung für die umgebende Infrastruktur dar. Erlaubt eine spezifische Umgebung beispielsweise die Installation von eigenen Apps auf dem Smartphone, so ist es über diesen Weg möglich, Schadprogramme auf dem Gerät zu platzieren. Um diesen Bedrohungen entgegenzuwirken, ist es zum einen nötig Smartphones in der jeweiligen Umgebung zu erkennen und zum anderen, Richtlinien auf den jeweiligen Geräten durchsetzen zu können. Die durchzusetzenden Richtlinien legen fest, welche Einschränkungen für die jeweilige Umgebung gelten, z.B. die Erlaubnis zur Installation von eigenen Apps oder die Benutzung einer bestimmten Softwareversion. Aber auch wenn eine entsprechende Lösung zur Einbeziehung von Smartphones in die Infrastruktur verwendet wird, bleibt ein Problem ungelöst: die Betrachtung der Vertrauenswürdigkeit von durch das Smartphone bereitgestellten Informationen. Diese Einschränkung führt zu dem Problem, dass ein entsprechend kompromittiertes Smartphone die Informationen, welche zur Entscheidungsfindung über die Richtlinienkonformität des Gerätes verwendet werden, in einer Art und Weise ändert, welche den gesamten Entscheidungsprozess ineffizient und somit wirkungslos macht. Die hier vorliegende Arbeit stellt daher einen neuen Ansatz vor um einen vertrauenswürdigen Entscheidungsprozess zur Regelkonformität des Gerätes zu ermöglichen. Im Detail werden dazu zwei Ansätze vorgestellt: (1) Ein generisches Modell für Vertrauensürdigkeit sowie eine (2) domänenspezifische Abbildung dieses Modells, welches als Trustworthy Context-related Signature and Anomaly Detection system for Smartphones (TCADS) bezeichnet wird. Das Modell für Vertrauenswürdigkeit (1) erlaubt die Definition, Berechnung und Auswertung von Vetrauenswürdigkeit für Informationen welche im Entscheidungsprozess verwendet werden. Im Detail basiert die Vertrauenswürdigkeitsbestimmung auf Grundfaktoren für Vertrauen, den sogenannten Sicherheitseigenschaften. Diese Eigenschaften bewerten die Vertrauenswürdigkeit anhand von bestimmten Aspekten die entweder gerätespezifisch und Geräteunabhängig sein können. Basierend auf dieser Bewertung wird dann eine Gesamtvertrauenswürdigkeit, der sogenannte Trust Level berechnet. Dieser Trust Level erlaubt die Berücksichtigung der Vertrauenswürdigkeit bei der Entscheidungsfindung. Teil (2) der Lösung stellt, basierend auf dem Modell der Vertrauenswürdigkeit, ein System zur vertrauensbasierten Entscheidungsfindung in Smartphone Umgebungen bereit. Mit diesem System, TCADS, ist es nicht nur möglich, Entscheidungen auf ihre Korrektheit bezüglich der Vertrauenswürdigkeit zu prüfen, sondern auch Entscheidungen komplett auf Basis der Vertrauenswürdigkeit zu fällen. Neben dem allgemeingültigen Modell (1) und dem daraus resultierenden domänenspezifischen System (2), stellt die Arbeit außerdem einen Tragfähigkeitsnachweis in Form einer Referenzimplementierung bereit. Diese Implementierung nutzt sowohl Fähigkeiten des Modells der Vertrauenswürdigkeit (1) als auch des TCADS Systems (2) und stellt ein nutzbares Set von Programmen bereit. Eine Evaluierung basierend auf diesem Tragfähigkeitsnachweis zeigt die Vorteile und die Praktikabilität der vorgestellten Ansätze. Abschließend findet sich eine Zusammenfassung der Arbeit sowie ein Ausblick auf weiterführende Fragestellungen

Interim research assessment 2003-2005 - Computer Science

This report primarily serves as a source of information for the 2007 Interim Research Assessment Committee for Computer Science at the three technical universities in the Netherlands. The report also provides information for others interested in our research activities