33 research outputs found
A Distributed Context-Aware Trust Management Architecture
The realization of a pervasive context-aware service platform imposes new challenges for the security and privacy aspects of the system in relation to traditional service platforms. One important aspect is related with the management of trust relationships, which is especially hard in a pervasive environment because users are supposed to interact with entities unknown before hand in an ad-hoc and dynamic manner. Current trust management solutions do not adapt nor scale well in this dynamic service provisioning scenario because they require previously defined trust relationships in order to operate. The objective of this thesis is to design, prototype and validate a context-aware distributed trust management architecture in order to address: (a) the lack of integration between available trust solutions and security and privacy management languages, and (b) the dynamic characteristics of a context-aware service platform
Trustworthiness and Quality of Context Information
Context-aware service platforms use context information to customize their services to the current usersâ situation. Due to technical limitations in sensors and context reasoning algorithms, context information does not always represent accurately the reality, and Quality of Context (QoC) models have been proposed to quantify this inaccuracy. The problems we have identified with existing QoC models is that they do not follow a standard terminology and none of them clearly differentiate quality attributes related to instances of context information (e.g. accuracy and precision) from trustworthiness, which is a quality attribute related to the context information provider. In this paper we propose a QoC model and management architecture that supports the management of QoC trustworthiness and also contributes to the terminology alignment of existing QoC models.\ud
In our QoC model, trustworthiness is a measurement of the reliability of a context information provider to provide context information about a specific entity according to a certain quality level. This trustworthiness value is used in our QoC management architecture to support context-aware service providers in the selection of trustworthy context\ud
providers. As a proof of concept to demonstrate the feasibility of our work we show a prototype implementation of our QoC model and management architecture
A Blockchain-based Approach for Data Accountability and Provenance Tracking
The recent approval of the General Data Protection Regulation (GDPR) imposes
new data protection requirements on data controllers and processors with
respect to the processing of European Union (EU) residents' data. These
requirements consist of a single set of rules that have binding legal status
and should be enforced in all EU member states. In light of these requirements,
we propose in this paper the use of a blockchain-based approach to support data
accountability and provenance tracking. Our approach relies on the use of
publicly auditable contracts deployed in a blockchain that increase the
transparency with respect to the access and usage of data. We identify and
discuss three different models for our approach with different granularity and
scalability requirements where contracts can be used to encode data usage
policies and provenance tracking information in a privacy-friendly way. From
these three models we designed, implemented, and evaluated a model where
contracts are deployed by data subjects for each data controller, and a model
where subjects join contracts deployed by data controllers in case they accept
the data handling conditions. Our implementations show in practice the
feasibility and limitations of contracts for the purposes identified in this
paper
Trust management in pervasive and service-oriented architectures
In service-oriented architectures, services are the basic building blocks to dynamically compose complex business process across multiple administrative domains. The main goal is to support companies in the outsourcing of services to service providers that best suit their business needs, and dynamically re-assign the services to other providers when changes in the business are necessary. The dynamic re-assignment of service providers in an open service market will only be successful if appropriate trust management mechanisms are put in place to provide guarantees that the desired service requirements are fulfilled. In pervasive and service-oriented architectures, there are additional trust requirements, because this type of service-oriented architecture makes use of privacy sensitive end-users' information collected from sensors and information providers surrounding the end users' physical space. In this extended abstract, I will focus on trust and policy management iss ues in pervasive and service-oriented architectures. I will briefly discuss the social and legal requirements, describe the trust and policy management challenges we have identified, and introduce our trust and policy management approach to support end-users and service consumers in this service scenario
Vers la Sécurité et la Protection de la Vie Privée Sensibles au Contexte comme un Service dans l'Internet des Objets
International audienceSmart city is one of the most known Internet of Things (IoT) applications. The smart city services improve userâs daily lives. However, security and privacy issues are slowing down their adoption. In addition, the characteristics of IoT devices, applications and users make security implementation of the considered applications a challenging task. To address these issues, we present, in this paper, a new context-aware security and privacy architecture for the IoT. Thanks to the âas a serviceâ approach, this new architecture will be user-centric. It will also support known context-aware security issues: dynamicity, flexibility. In addition, it will address mobility, customization of security and privacy services, and support for generic IoT applications, particularly for smart city. To do so, a knowledge plane allowing effective management of context-awareness is proposed. A security and privacy plane allowing better implementation of context-aware security and privacy mechanisms is also proposed. This will be done through dynamic composition of context-based micro services. The role of the different components of these two planes are also described