Quality assessment technique for ubiquitous software and middleware

The new paradigm of computing or information systems is ubiquitous computing systems. The technology-oriented issues of ubiquitous computing systems have made researchers pay much attention to the feasibility study of the technologies rather than building quality assurance indices or guidelines. In this context, measuring quality is the key to developing high-quality ubiquitous computing products. For this reason, various quality models have been defined, adopted and enhanced over the years, for example, the need for one recognised standard quality model (ISO/IEC 9126) is the result of a consensus for a software quality model on three levels: characteristics, sub-characteristics, and metrics. However, it is very much unlikely that this scheme will be directly applicable to ubiquitous computing environments which are considerably different to conventional software, trailing a big concern which is being given to reformulate existing methods, and especially to elaborate new assessment techniques for ubiquitous computing environments. This paper selects appropriate quality characteristics for the ubiquitous computing environment, which can be used as the quality target for both ubiquitous computing product evaluation processes ad development processes. Further, each of the quality characteristics has been expanded with evaluation questions and metrics, in some cases with measures. In addition, this quality model has been applied to the industrial setting of the ubiquitous computing environment. These have revealed that while the approach was sound, there are some parts to be more developed in the future

Privacy, security, and trust issues in smart environments

Recent advances in networking, handheld computing and sensor technologies have driven forward research towards the realisation of Mark Weiser's dream of calm and ubiquitous computing (variously called pervasive computing, ambient computing, active spaces, the disappearing computer or context-aware computing). In turn, this has led to the emergence of smart environments as one significant facet of research in this domain. A smart environment, or space, is a region of the real world that is extensively equipped with sensors, actuators and computing components [1]. In effect the smart space becomes a part of a larger information system: with all actions within the space potentially affecting the underlying computer applications, which may themselves affect the space through the actuators. Such smart environments have tremendous potential within many application areas to improve the utility of a space. Consider the potential offered by a smart environment that prolongs the time an elderly or infirm person can live an independent life or the potential offered by a smart environment that supports vicarious learning

ontext-aware security and secure context-awareness in ubiquitous computing environments

Context-awareness emerges as an important element of future wireless systems. In particular, concepts like ambient intelligence and ubiquitous computing rely on context information in order to personalize services provided to their target users. However, security implications of employing context-awareness in computing systems are not well understood. Security challenges in context-aware systems include integrity, confidentiality and availability of context information, as well as target user's privacy. Another interesting and open question is to what extent availability of additional context information could be used in order to optimise and reconfigure security-related services

A metric-based approach to assess risk for "on cloud" federated identity management

The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidencebased trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics is defined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning.This work was supported in part by the Spanish Ministry of Science and Innovation under the project CONSEQUENCE (TEC2010-20572-C02-01).Publicad

Continuous and transparent multimodal authentication: reviewing the state of the art

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorized user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. They are also still mostly functioning at the point of entry and those performing sort of re-authentication executing it in an intrusive manner. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This paper reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between high security and user satisfaction. This is followed by a literature review of the existing research on continuous and transparent multimodal authentication. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilized in a universal level. Ultimately, a potential federated biometric authentication solution is presented; however it needs to be developed and extensively evaluated, thus operating in a transparent, continuous and user-friendly manner