Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP.

Slides:



Advertisements
Similar presentations
Context-Aware Security Gleneesha Johnson
Advertisements

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
Protection of Information Assets I. Joko Dewanto 1.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Information Security Policies and Standards
An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Protection and Security CSCI 444/544 Operating Systems Fall 2008.
© 2008 Prentice Hall11-1 Introduction to Project Management Chapter 11 Managing Project Execution Information Systems Project Management: A Process and.
Project Execution.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Medicare Certification Systems Thilak Wickremasinghe, Director/CEO Sri Lanka Accreditation Board.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
Information Security Technological Security Implementation and Privacy Protection.
SEC835 Database and Web application security Information Security Architecture.
HIPAA COMPLIANCE WITH DELL
Engaging with stakeholders: Adding value to the energy system 32nd Annual Conference of the International Association for Impact Assessment Porto Pedro.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
© Synergetics Portfolio Security Aspecten.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Lecture 11 Managing Project Execution. Project Execution The phase of a project in which work towards direct achievement of the project’s objectives and.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
NESTOA September 20, 2011 Safeguards Program Briefing.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
OCLC Western Service Center Practical Digital Data Curation Gayle Palmer, Digital & Preservation Services Manager OCLC Western Service Center January 2006.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Working with HIT Systems
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Database Administration
Introduction to Information Security
Lecture 24 Wireless Network Security
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
Comments on Networking and Security - Challenges for Environmental Observatories Arthur C. Sanderson Rensselaer Polytechnic Institute NSF Workshop on Cyberinfrastructure.
Chapter 19 Manager of Information Systems. Defining Informatics Process of using cognitive skills and computers to manage information.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
Ingredients of Security
Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County.
Security Training and Awareness Brad Reed, IT Security Analyst OIT – Information Security Office Securing the University – ITSS 2015.
HIPAA Security Final Rule Overview
Computer Science and Engineering 1 Mobile Computing and Security.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Network Management Unit 4 Course Name – IT Network Management Instructor – Jan McDanolds, MS,
Database Security Carl J. Hoppe 20 November 2013.
CS457 Introduction to Information Security Systems
Presented by Edith Ngai MPhil Term 3 Presentation
Information Security Policy
Seraphim : A Security Architecture for Active Networks
Bob Siegel President Privacy Ref, Inc.
Final HIPAA Security Rule
HIPAA Security Standards Final Rule
Chapter # 3 COMPUTER AND INTERNET CRIME
March Liaison Report Date: Authors: March 2010
Introduction to the PACS Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP Corporate Research & Telecooperation Office

Management & Access Scope of UbiComp Environments and Applications Closed/ Embedded Personal Static Groups Public Ad Hoc Groups

Point of Alert Static Threat = Unsolicited interactive access to system by non-group member Ad Hoc Threat = Unsolicited use of special services – access beyond role and rights Public Threat = “unsolicited modification/ misuse of system Personal Threat = Unsolicited possession of system (tangible access) Closed Threat = Unsolicited access to system location “Access to a system or its resources/ information is the first line of attack”

Risk – all about Context Information and Resources have no value without a particular Context. Context information changes the awareness and evaluation of risks Awareness of risks changes the utility of and contribution to the Context information Credit Card #:

When is the risk pending? Data Sensor/ Low-level Context Information (cues) temperatureaccelerationlocation Computed/ Partial Context Information Movement Office Occupied Elicited/ Meta-level Context Information Meeting and Discussion in Session, and topic is…

Attack Profile RESOURCESCONTEXT Communicational (Reception & Transmission (Reception & Transmission) Interactive (Stimuli & Response (Stimuli & Response) Perceptive (Sensors & Actuators) Computational (Memory, Power & Processing (Memory, Power & Processing) ATTACK ATTACK ATTACK ATTACK Attacker listens in on communications channel. Attacks on confidentiality & privacy! Attack by abusing lack or excess of computational capacity – denial of service or malicious code attacks Attack by embedding false sensor and actuator devices into environment – attack on context derivation integrity Attack by falsifying the physical environment’s signals – attack on context reading integrity

Policy Management Administrative Distribution data Definition -Document encoded -Application encoded -Entity encoded Enforcement -Security Mechanism selection -Physical vs. Logical Modification & Dissolution -Static vs. Dynamic -Consistency & notification Auditing -Centralized vs. Distributed Behavioral policy, relational policy Analog signal A/D transmission Computation Digital signal Interpretation emission Physical environment Signal integrity policy Context-based policiesComputational policies Communication policies Authorization policies

Summary Identify access scope of UbiComp application Determine point-of-alert based on access scope Determine when the context creates a manageable risk Perform a Threat Analysis Define policy model to circumvent threats Implement mechanisms to enforce policy Establish methodology for managing policy information

Policy Enforcement

Policy Dissolution

Policy Modification

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.