Supporting Management lnteraction and Composition of Self-Managed Cells

Management in ubiquitous systems cannot rely on human intervention or centralised decision-making functions because systems are complex and devices are inherently mobile and cannot refer to centralised management applications for reconfiguration and adaptation directives. Management must be devolved, based on local decision-making and feedback control-loops embedded in autonomous components. Previous work has introduced a Self-Managed Cell (SMC) as an infrastructure for building ubiquitous applications. An SMC consists of a set of hardware and software components that implement a policy-driven feedback control-loop. This allows SMCs to adapt continually to changes in their environment or in their usage requirements. Typical applications include body-area networks for healthcare monitoring, and communities of unmanned autonomous vehicles (UAVs) for surveillance and reconnaissance operations. Ubiquitous applications are typically formed from multiple interacting autonomous components, which establish peer-to-peer collaborations, federate and compose into larger structures. Components must interact to distribute management tasks and to enforce communication strategies. This thesis presents an integrated framework which supports the design and the rapid establishment of policy-based SMC interactions by systematically composing simpler abstractions as building elements of a more complex collaboration. Policy-based interactions are realised – subject to an extensible set of security functions – through the exchanges of interfaces, policies and events, and our framework was designed to support the specification, instantiation and reuse of patterns of interaction that prescribe the manner in which these exchanges are achieved. We have defined a library of patterns that provide reusable abstractions for the structure, task-allocation and communication aspects of an interaction, which can be individually combined for building larger policy-based systems in a methodical manner. We have specified a formal model to ensure the rigorous verification of SMC interactions before policies are deployed in physical devices. A prototype has been implemented that demonstrates the practical feasibility of our framework in constrained resources

An architecture for certification-aware service discovery

Service-orientation is an emerging paradigm for building complex systems based on loosely coupled components, deployed and consumed over the network. Despite the original intent of the paradigm, its current instantiations are limited to a single trust domain (e.g., a single organization). Also, some of the key promises of service-orientation - such as the dynamic orchestration of externally provided software services, using runtime service discovery and deployment - are still unachieved. One of the main reasons for this is the trust gap that normally arises when software services, offered by previously unknown providers, are to be selected at run-time, without any human intervention. To close this gap, the concept of machine-readable security certificates (called asserts) has been recently introduced, which paves the way to automated processing about security properties of services. Similarly to current security certification schemes, the assessment of the security properties of a service is delegated to an independent third party (certification authority), who issues a corresponding assert, bound to the service. In this paper, we propose an architecture, which exploits the assert concept to realise a certification-aware service discovery framework. The architecture supports the discovery of single services based on certified security properties (in additional to the usual functional properties), as well as the dynamic synthesis of service compositions, that satisfy the given security properties. The architecture is extensible, thus allowing for a range of domain specific matchmaking components, to cover dimensions related to, e.g., performance, cost and other non-functional characteristics

A Pervasive Computational Intelligence based Cognitive Security Co-design Framework for Hype-connected Embedded Industrial IoT

The amplified connectivity of routine IoT entities can expose various security trajectories for cybercriminals to execute malevolent attacks. These dangers are even amplified by the source limitations and heterogeneity of low-budget IoT/IIoT nodes, which create existing multitude-centered and fixed perimeter-oriented security tools inappropriate for vibrant IoT settings. The offered emulation assessment exemplifies the remunerations of implementing context aware co-design oriented cognitive security method in assimilated IIoT settings and delivers exciting understandings in the strategy execution to drive forthcoming study. The innovative features of our system is in its capability to get by with irregular system connectivity as well as node limitations in terms of scares computational ability, limited buffer (at edge node), and finite energy. Based on real-time analytical data, projected scheme select the paramount probable end-to-end security system possibility that ties with an agreed set of node constraints. The paper achieves its goals by recognizing some gaps in the security explicit to node subclass that is vital to our system’s operations

Predictive biometrics: A review and analysis of predicting personal characteristics from biometric data

Interest in the exploitation of soft biometrics information has continued to develop over the last decade or so. In comparison with traditional biometrics, which focuses principally on person identification, the idea of soft biometrics processing is to study the utilisation of more general information regarding a system user, which is not necessarily unique. There are increasing indications that this type of data will have great value in providing complementary information for user authentication. However, the authors have also seen a growing interest in broadening the predictive capabilities of biometric data, encompassing both easily definable characteristics such as subject age and, most recently, `higher level' characteristics such as emotional or mental states. This study will present a selective review of the predictive capabilities, in the widest sense, of biometric data processing, providing an analysis of the key issues still adequately to be addressed if this concept of predictive biometrics is to be fully exploited in the future

Protocol for a Systematic Literature Review on Security-related Research in Ubiquitous Computing

Context: This protocol is as a supplementary document to our review paper that investigates security-related challenges and solutions that have occurred during the past decade (from January 2003 to December 2013). Objectives: The objective of this systematic review is to identify security-related challenges, security goals and defenses in ubiquitous computing by answering to three main research questions. First, demographic data and trends will be given by analyzing where, when and by whom the research has been carried out. Second, we will identify security goals that occur in ubiquitous computing, along with attacks, vulnerabilities and threats that have motivated the research. Finally, we will examine the differences in addressing security in ubiquitous computing with those in traditional distributed systems. Method: In order to provide an overview of security-related challenges, goals and solutions proposed in the literature, we will use a systematic literature review (SLR). This protocol describes the steps which are to be taken in order to identify papers relevant to the objective of our review. The first phase of the method includes planning, in which we define the scope of our review by identifying the main research questions, search procedure, as well as inclusion and exclusion criteria. Data extracted from the relevant papers are to be used in the second phase of the method, data synthesis, to answer our research questions. The review will end by reporting on the results. Results and conclusions: The expected results of the review should provide an overview of attacks, vulnerabilities and threats that occur in ubiquitous computing and that have motivated the research in the last decade. Moreover, the review will indicate which security goals are gaining on their significance in the era of ubiquitous computing and provide a categorization of the security-related countermeasures, mechanisms and techniques found in the literature. (authors' abstract)Series: Working Papers on Information Systems, Information Business and Operation

An embedded sensor node microcontroller with crypto-processors

Wireless sensor network applications range from industrial automation and control, agricultural and environmental protection, to surveillance and medicine. In most applications, data are highly sensitive and must be protected from any type of attack and abuse. Security challenges in wireless sensor networks are mainly defined by the power and computing resources of sensor devices, memory size, quality of radio channels and susceptibility to physical capture. In this article, an embedded sensor node microcontroller designed to support sensor network applications with severe security demands is presented. It features a low power 16-bitprocessor core supported by a number of hardware accelerators designed to perform complex operations required by advanced crypto algorithms. The microcontroller integrates an embedded Flash and an 8-channel 12-bit analog-to-digital converter making it a good solution for low-power sensor nodes. The article discusses the most important security topics in wireless sensor networks and presents the architecture of the proposed hardware solution. Furthermore, it gives details on the chip implementation, verification and hardware evaluation. Finally, the chip power dissipation and performance figures are estimated and analyzed

Formally based semi-automatic implementation of an open security protocol

International audienceThis paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model is then formally proved to fulfill the desired secrecy and authentication properties by using the ProVerif prover. Finally, a sound Java implementation is semi-automatically derived from the verified model using an enhanced version of the Spi2Java framework. The resulting implementation correctly interoperates with third party servers, and its execution time is comparable with that of other manually developed Java SSH-TLP client implementations. This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation