Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP.

Published byMagdalen Dennis Modified over 8 years ago

Similar presentations

Presentation on theme: "Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP."— Presentation transcript:

1 Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP Corporate Research & Telecooperation Office

2 Management & Access Scope of UbiComp Environments and Applications Closed/ Embedded Personal Static Groups Public Ad Hoc Groups

3 Point of Alert Static Threat = Unsolicited interactive access to system by non-group member Ad Hoc Threat = Unsolicited use of special services – access beyond role and rights Public Threat = “unsolicited modification/ misuse of system Personal Threat = Unsolicited possession of system (tangible access) Closed Threat = Unsolicited access to system location “Access to a system or its resources/ information is the first line of attack”

4 Risk – all about Context Information and Resources have no value without a particular Context. Context information changes the awareness and evaluation of risks Awareness of risks changes the utility of and contribution to the Context information 4999 910 876 1234 Credit Card #:

5 When is the risk pending? Data Sensor/ Low-level Context Information (cues) temperatureaccelerationlocation Computed/ Partial Context Information Movement Office Occupied Elicited/ Meta-level Context Information Meeting and Discussion in Session, and topic is…

6 Attack Profile RESOURCESCONTEXT Communicational (Reception & Transmission (Reception & Transmission) Interactive (Stimuli & Response (Stimuli & Response) Perceptive (Sensors & Actuators) Computational (Memory, Power & Processing (Memory, Power & Processing) ATTACK ATTACK ATTACK ATTACK Attacker listens in on communications channel. Attacks on confidentiality & privacy! Attack by abusing lack or excess of computational capacity – denial of service or malicious code attacks Attack by embedding false sensor and actuator devices into environment – attack on context derivation integrity Attack by falsifying the physical environment’s signals – attack on context reading integrity

7 Policy Management Administrative Distribution data Definition -Document encoded -Application encoded -Entity encoded Enforcement -Security Mechanism selection -Physical vs. Logical Modification & Dissolution -Static vs. Dynamic -Consistency & notification Auditing -Centralized vs. Distributed Behavioral policy, relational policy Analog signal A/D transmission Computation Digital signal Interpretation emission Physical environment Signal integrity policy Context-based policiesComputational policies Communication policies Authorization policies

8 Summary Identify access scope of UbiComp application Determine point-of-alert based on access scope Determine when the context creates a manageable risk Perform a Threat Analysis Define policy model to circumvent threats Implement mechanisms to enforce policy Establish methodology for managing policy information

9 Policy Enforcement

10 Policy Dissolution

11 Policy Modification

Download ppt "Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP."

Similar presentations

Context-Aware Security Gleneesha Johnson

Context-Aware Security Gleneesha Johnson
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Information Security Policies and Standards

Information Security Policies and Standards
An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.

An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.
© 2008 Prentice Hall11-1 Introduction to Project Management Chapter 11 Managing Project Execution Information Systems Project Management: A Process and.

© 2008 Prentice Hall11-1 Introduction to Project Management Chapter 11 Managing Project Execution Information Systems Project Management: A Process and.
Project Execution.

Project Execution.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Medicare Certification Systems Thilak Wickremasinghe, Director/CEO Sri Lanka Accreditation Board.

Medicare Certification Systems Thilak Wickremasinghe, Director/CEO Sri Lanka Accreditation Board.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
HIPAA COMPLIANCE WITH DELL

HIPAA COMPLIANCE WITH DELL
Engaging with stakeholders: Adding value to the energy system 32nd Annual Conference of the International Association for Impact Assessment Porto Pedro.

Engaging with stakeholders: Adding value to the energy system 32nd Annual Conference of the International Association for Impact Assessment Porto Pedro.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Similar presentations

Ads by Google