A Lightweight Policy System for Body Sensor Networks

Body sensor networks (BSNs) for healthcare have more stringent security and context adaptation requirements than required in large-scale sensor networks for environment monitoring. Policy-based management enables flexible adaptive behavior by supporting dynamic loading, enabling and disabling of policies without shutting down nodes. This overcomes many of the limitations of sensor operating systems, such as TinyOS, which do not support dynamic modification of code. Alternative schemes for adaptation, such as network programming, have a high communication cost and suffer from operational interruption. In addition, a policy-driven approach enables finegrained access control through specifying authorization policies. This paper presents the design, implementation and evaluation of an efficient policy system called Finger which enables policy interpretation and enforcement on distributed sensors to support sensor level adaptation and fine-grained access control. It features support for dynamic management of policies, minimization of resources usage, high responsiveness and node autonomy. The policy system is integrated as a TinyOS component, exposing simple, well-defined interfaces which can easily be used by application developers. The system performance in terms of processing latency and resource usage is evaluated. © 2009 IEEE.Published versio

Personalised privacy in pervasive and ubiquitous systems

Our world is edging closer to the realisation of pervasive systems and their integration in our everyday life. While pervasive systems are capable of offering many benefits for everyone, the amount and quality of personal information that becomes available raise concerns about maintaining user privacy and create a real need to reform existing privacy practices and provide appropriate safeguards for the user of pervasive environments. This thesis presents the PERSOnalised Negotiation, Identity Selection and Management (PersoNISM) system; a comprehensive approach to privacy protection in pervasive environments using context aware dynamic personalisation and behaviour learning. The aim of the PersoNISM system is twofold: to provide the user with a comprehensive set of privacy protecting tools and to help them make the best use of these tools according to their privacy needs. The PersoNISM system allows users to: a) configure the terms and conditions of data disclosure through the process of privacy policy negotiation, which addresses the current “take it or leave it” approach; b) use multiple identities to interact with pervasive services to avoid the accumulation of vast amounts of personal information in a single user profile; and c) selectively disclose information based on the type of information, who requests it, under what context, for what purpose and how the information will be treated. The PersoNISM system learns user privacy preferences by monitoring the behaviour of the user and uses them to personalise and/or automate the decision making processes in order to unburden the user from manually controlling these complex mechanisms. The PersoNISM system has been designed, implemented, demonstrated and evaluated during three EU funded projects

Advanced access control in support and distributed collaborative working and de-perimeterization

This thesis addresses the problem of achieving fine-grained and sustained control of access to electronic information, shared in distributed collaborative environments. It presents an enhanced approach to distributed information security architecture, driven by the risks, guidelines and legislation emerging due to the growth of collaborative working, and the often associated increase in storage of information outside of a secured information system perimeter. Traditional approaches to access control are based on applying controls at or within the network perimeter of an information system. One issue with this approach when applying it to shared information is that, outside of the perimeterized zone, the owner loses control of their information. This loss of control could dissuade collaborating parties from sharing their information resources. Information resources can be thought of as a collection of related content stored in a container. Another issue with current approaches to access control, particularly to unstructured resources such as text documents, is the coarse granularity of control they provide. That is, controls can only apply to a resource in its entirety. In reality, the content within a resource could have varying levels of security requirements with different levels of control. For example, some of the content may be completely free from any access restriction, while other parts may be too sensitive to share outside of an internal organisation. The consequence being that the entire resource is restricted with the controls relevant to the highest level content. Subsequently, a substantial amount of information that could feasibly be shared in collaborative environments is prevented from being shared, due to being part of a highly restricted resource. The primary focus of this thesis is to address these two issues by investigating the appropriateness and capability of perimeter security, and entire-resource protection, to provide access control for information shared in collaborative distributed environments. To overcome these problems, the thesis develops an access control framework, based on which, several formulae are defined to clarify the problems, and to allow them to be contextualised. The formulae have then been developed and improved, with the problem in mind, to create a potential solution, which has been implemented and tested to demonstrate that it is possible to enhance access control technology to implement the capability to drill down into the content of an information resource and apply more fine-grained controls, based on the security requirements of the content within. Furthermore, it is established that it is possible to shift part of the controls that protect information resources within a secure network perimeter, to the body of the resources themselves so that they become, to some extent, self protecting. This enables the same controls to be enforced outside of the secure perimeter. The implementation is based on the structuring of information and embedding of metadata within the body of an information resource. The metadata effectively wraps sections of content within a resource into containers that define fine-grained levels of access control requirement, to protect its confidentiality and integrity. Examples of the granularity afforded by this approach could be page, paragraph, line or even word level in a text document. Once metadata has been embedded, it is bound to a centrally controlled access control policy for the lifetime of the resource. Information can then be shared, copied, distributed and accessed in support of collaborative working, but a link between the metadata and the centrally controlled policy is sustained, meaning that previously assigned access privileges to different sections of content can be modified or revoked at any time in the future. The result of this research is to allow information sharing to reach a greater level of acceptance and usage due to: i. the enhanced level of access control made possible through finer-grained controls, allowing the content of a single resource to be classified and restricted at different levels, and ii. the ability to retain sustained control over information through modifiable controls, that can be enforced both while the information is stored on local information systems, and after the information has been shared outside the local environment

Privacy trust access control infrastructure using XACML

The use of personal, sensitive information, such as privileges and attributes, to gain access to computer resources in distributed environments raises an interesting paradox. On one hand, in order to make the services and resources accessible to legitimate users, access control infrastructure requires valid and provable service clients' identities or attributes to make decisions. On the other hand, the service clients may not be prepared to disclose their identity information or attributes to a remote party without determining in advance whether the service provider can be trusted with such sensitive information. Moreover, when clients give out personal information, they still are unsure of the extent of propagation and use of the information. This thesis describes an investigation of privacy preserving options in access control infrastructures, and proposes a security model to support the management of those options, based on extensible Access Control Markup Language (XACML) and Security Access Markup Language (SAML), both of which are OASIS security standards. Existing access control systems are typically unilateral in that the enterprise service provider assigns the access rights and makes the access control decisions, and there is no negotiation between the client and the service provider. As access control management systems lean towards being user-centric or federated, unilateral approaches can no longer adequately preserve the client's privacy, particularly where communicating parties have no pre-existing trust relationship. As a result, a unified approach that significantly improves privacy and confidentiality protection in distributed environments was considered. This resulted in the development of XACML Trust Management Authorization Infrastructure (XTMAI) designed to handle privacy and confidentiality mutually and simultaneously using the concept of Obligation of Trust (OoT) protocol. The OoT enables two or more transaction parties to exchange Notice of Obligations (NoB) (obligating constraints) as well as Signed Acceptance of Obligation (SAO), a proof of acceptance, as security assurances before exchange of sensitive resources.EThOS - Electronic Theses Online ServiceGBUnited Kingdo