2. Contents
• Research paper overview
– Suomalainen, J., Hyttinen, P., & Tarvainen, P. (2010).
Secure information sharing between heterogeneous
embedded devices. Proceedings of the Fourth
European Conference on Software Architecture
Companion Volume - ECSA ’10
• Application design project
– Context information from mobile device hardware
20.12.2012TLT-2656 Assignment 2
3. SMART SPACE SECURITY
Research Paper overview: “Secure information sharing
between heterogeneous embedded devices”
20.12.2012TLT-2656 Assignment 3
4. Challenge in smart spaces
• One of the key challenges is security
• Heterogenous devices use various security
measures
– How to ensure sufficient security will be maintained
when giving away information?
– Constrained devices cannot make complex
encryption/decryption
• Mobile devices move between environments
– How to ensure that devices can communicate in
different environments?
20.12.2012TLT-2656 Assignment 4
5. Their proposed solution
• Novel security architecture that guarantees
secure information sharing between devices
without a directly compatible security
mechanism
– Features controlling and monitoring confidentiality,
integrity, authenticity and access control
• Security profiles for measuring and mapping
security level of connections
20.12.2012TLT-2656 Assignment 5
7. Architecture
• The architecture is an extension of Smart-M3
architecture
• RDF Information Base Solution (RIBS) is a
SIB based on Smart-M3 implementation
• Security administrators (and monitors) have
been added
– KPs authenticate with credentials (given when first
joining smart space) to access information
– Desired security level stated in policy directive is
enforced by the security components
20.12.2012TLT-2656 Assignment 7
8. Authorization elements
21.12.2012TLT-2656 Assignment 8
Source: Suomalainen, J., Hyttinen, P., & Tarvainen, P. (2010). Secure information sharing between heterogeneous embedded devices.
Proceedings of the Fourth European Conference on Software Architecture Companion Volume - ECSA ’10
9. Access control
• Access control is done by restricting access to
certain information to a certain security level
– Security level does not imply specific technologies
• Virtual Smart Spaces can be created for
private space containers
21.12.2012TLT-2656 Assignment 9
10. Key points
• Not all devices support all security mechanisms,
but in smart spaces, devices should be able to
communicate securely
– Sufficient security level is more important than
the use of specific technologies
• Administrator of security configurations is
usually non-expert
– Security levels must be simple but powerful
enough
20.12.2012TLT-2656 Assignment 10
12. Scenario
• Adapting mobile application and device behavior to
context
– Network optimization based on battery power
• Context information can be received from many
devices and context information created on the mobile
device can be sent to others
• Each KP gathers relevant context and makes
decisions based on it
• Higher-level behavioral context can be reasoned from
low-level technical context
– User is sleeping vs. low movement and light sensor values…
20.12.2012TLT-2656 Assignment 12
13. Application layout
• Focus on mobile devices (Linux, Android, Qt/Maemo)
– Device platform (OS) has its own producer KP,
publishing context information
– Each application can have their own consumer KP,
subscribing to context information and reasoning with it
• Users affect the environment of the device which
causes applications to adapt to the context
• Focus on primary-phone-centric smart space where
mostly a single user has only one device most of the
time
20.12.2012TLT-2656 Assignment 13
16. Ontology
• Ontology enables application and device
vendors to share (and understand)
information, even to other devices and SIBs
• Ontology can be expanded to have more
abstract, higher-level properties and classes
reasoned from lower-level ones
20.12.2012TLT-2656 Assignment 16
17. Knowledge Processor design
• Mobile device KP
– Context information from QtMobility, Linux file system
/proc or D-Bus on Nokia N900
– Publishes information to SIB on a Linux PC
• Mobile application KP
– Retrieves information from SIB
– Adapts behavior (e.g. sync rate of information to a
cloud service) based on information and simple user-
specified rules
20.12.2012TLT-2656 Assignment 17