Privacy, security, and trust issues in smart environments

Recent advances in networking, handheld computing and sensor technologies have driven forward research towards the realisation of Mark Weiser's dream of calm and ubiquitous computing (variously called pervasive computing, ambient computing, active spaces, the disappearing computer or context-aware computing). In turn, this has led to the emergence of smart environments as one significant facet of research in this domain. A smart environment, or space, is a region of the real world that is extensively equipped with sensors, actuators and computing components [1]. In effect the smart space becomes a part of a larger information system: with all actions within the space potentially affecting the underlying computer applications, which may themselves affect the space through the actuators. Such smart environments have tremendous potential within many application areas to improve the utility of a space. Consider the potential offered by a smart environment that prolongs the time an elderly or infirm person can live an independent life or the potential offered by a smart environment that supports vicarious learning

A Note About the Semantics of Delegation

In many applications, mobile agents are used by a client to delegate a task. This task is usually performed by the agent on behalf of the client, by visiting various service provider's sites distributed over a network. This use of mobile agents raises many interesting security issues concerned with the trust relationships established through delegation mechanisms between client and agent, agent and service provider and client and service provider. In this paper we will explain why the traditional semantics of delegation used by existing access control mechanisms, either centralised or distributed, are generally not satisfactory to prevent and detect deception and why these problems are even more critical when these semantics are used in mobile agent paradigms.Non peer reviewe

A Formal Framework for Modeling Trust and Reputation in Collective Adaptive Systems

Trust and reputation models for distributed, collaborative systems have been studied and applied in several domains, in order to stimulate cooperation while preventing selfish and malicious behaviors. Nonetheless, such models have received less attention in the process of specifying and analyzing formally the functionalities of the systems mentioned above. The objective of this paper is to define a process algebraic framework for the modeling of systems that use (i) trust and reputation to govern the interactions among nodes, and (ii) communication models characterized by a high level of adaptiveness and flexibility. Hence, we propose a formalism for verifying, through model checking techniques, the robustness of these systems with respect to the typical attacks conducted against webs of trust.Comment: In Proceedings FORECAST 2016, arXiv:1607.0200

Security models for trusting network appliances

A significant characteristic of pervasive computing is the need for secure interactions between highly mobile entities and the services in their environment. Moreover,these decentralised systems are also characterised by partial views over the state of the global environment, implying that we cannot guarantee verification of the properties of the mobile entity entering an unfamiliar domain. Secure in this context encompasses both the need for cryptographic security and the need for trust, on the part of both parties, that the interaction is functioning as expected. In this paper we make a broad assumption that trust and cryptographic security can be considered as orthogonal concerns (i.e. cryptographic measures do not ensure transmission of correct information). We assume the existence of reliable encryption techniques and focus on the characteristics of a model that supports the management of the trust relationships between two devices during ad-hoc interactions

Responsibility modelling for civil emergency planning

This paper presents a new approach to analysing and understanding civil emergency planning based on the notion of responsibility modelling combined with HAZOPS-style analysis of information requirements. Our goal is to represent complex contingency plans so that they can be more readily understood, so that inconsistencies can be highlighted and vulnerabilities discovered. In this paper, we outline the framework for contingency planning in the United Kingdom and introduce the notion of responsibility models as a means of representing the key features of contingency plans. Using a case study of a flooding emergency, we illustrate our approach to responsibility modelling and suggest how it adds value to current textual contingency plans

Customer-engineer relationship management for converged ICT service companies

Thanks to the advent of converged communications services (often referred to as ‘triple play’), the next generation Service Engineer will need radically different skills, processes and tools from today’s counterpart. Why? in order to meet the challenges of installing and maintaining services based on multi-vendor software and hardware components in an IP-based network environment. The converged services environment is likely to be ‘smart’ and support flexible and dynamic interoperability between appliances and computing devices. These radical changes in the working environment will inevitably force managers to rethink the role of Service Engineers in relation to customer relationship management. This paper aims to identify requirements for an information system to support converged communications service engineers with regard to customer-engineer relationship management. Furthermore, an architecture for such a system is proposed and how it meets these requirements is discussed