View
216
Download
0
Tags:
Embed Size (px)
Citation preview
1
Spheres of Influence:Secure organization and coordination of
diverse device communities
Spheres of Influence:Secure organization and coordination of
diverse device communities
Kevin EusticePh.D. Oral Qualifying Examination
UCLA Computer ScienceApril 20th, 2005
Kevin EusticePh.D. Oral Qualifying Examination
UCLA Computer ScienceApril 20th, 2005
2
Statement of Purpose
• Design and implement a device community management framework supporting ubiquitous computing scenarios.
• Contributions of this work: – Generalized concept of structured device
communities applied to ubiquitous computing.– Framework prototype: Spheres of Influence.– Sample applications illustrating value and generality
of framework
3
Roadmap
Managing Ubiquitous Computing• Our approach: Spheres of Influence• Preliminary Work• Design and Implementation• Related Work• Dissertation Plan
4
What is ubiquitous computing?
Transparent Computing
Tangible Computing
Pervasive Computing
Invisible Computing
Smart SpacesAugmented Reality
Context-Aware Computing
5
What is ubiquitous computing?
“…the third wave in computing…” —Mark Weiser
“Third Paradigm computing”—Alan Kay
Common elements of ubiquitous computing visions:– Large number of devices in the environment– Pervasive communications infrastructure– Interactions support human activities
6
Ubiquitous Computing deconstructed
Interacting devices grouped by context
Device Communities are:– Related by some common attribute– Dynamic with changing membership– Reactive responding to context changes
7
Thesis
Approach: • Divide world into self-managed, physically and
logically grouped device communities.• Manage group transitions and interactions.• Provide common interface for group interaction.Benefits:• Simplifies high-level management through
encapsulation.• Community takes on responsibility for
coordinating members.
8
Applicationsbenefiting from coordination
• Mobile cluster management– At multiple levels
• Policy driven applications– Ensure consistent policy across applications
• Automatic proxy deployment
• Multi-device applications– E.g., multimedia applications
9
Necessary Components
• Membership Services– Secure Device Enrollment– Community Discovery– Relationship Management & Maintenance
• Communication & Event Services– Secure communication channels– Interest management– Event processing and dissemination– Community-aware event semantics
• Policy Engine• Application Support
10
Necessary Components
• Membership Services– Secure Device Enrollment– Community Discovery– Relationship Management & Maintenance
• Communication & Event Services– Secure communication channels– Interest management– Event processing and dissemination– Community-aware event semantics
• Policy Engine• Application Support
11
Roadmap
• Managing Ubiquitous ComputingOur approach: Spheres of Influence• Preliminary Work• Design and Implementation• Related Work• Dissertation Plan
12
Approach: Spheres of Influence
Sphere: a networked software container representing a device or a device community. The sphere serves as an interaction nexus for a community.1
1. Eustice et al. "Enabling Secure Ubiquitous Interactions," Proceedings of the First International Workshop on Middleware for Pervasive and Ad-hoc Computing (MPAC2003).
13
Spheres of Influenceare recursive
Spheres can join with others to form larger, structured spheres– Coordinator of a sphere is the Sphere Leader
Represents complex structures:– Locations– Organizations– Device Clusters
15
Boelter Hall
Boelter 3rd Floor
Boelter 3564
Physical Sphere
Personal Sphere
Location Sphere Hierarchy
16
Boelter Hall
Physical Sphere
Personal Sphere
Location Sphere Hierarchy
1st Floor
2nd Floor
3rd Floor 4th Floor
5th Floor
6th Floor
… Floor
17
Spheres of Influence
Spheres serve as a scoping mechanism for:
• Policy
• Privilege
• Event flow
• Communication
18
Spheres of InfluenceOperational Vision
• Relationships adjust with behavior
• Spheres negotiate for service
• Applications leverage community context to customize user experience
20
Ackerman
Kevin
Kevin’sFriends
Accesses local services & Ackerman scoped events
Negotiate access to “Friends” sphere, update location, check for new relevant events.
21
AckermanBoelter Hall
Boelter 3564
Kevin
LASR
Kevin
To receive LASR-specific services in 3564, Kevin must be able to show
active membership in the LASR social sphere.
22
Anticipated Benefits
• Community Coordination
• Improved Security
• Structured, Common Community Model
• Vehicle for Application Innovation
23
Community Coordination
• Group members are group-aware• Preferences and policy exposed to group• Group members can interact as peers• Structure serves to improve scalability of
communities
Example: Group Mobility Optimization
24
Museum
Example: Mobile Tour Group
Network Impact for Group of size N• Startup: 0• Transition: N*(Associate+ DHCP+Resource Acquisition)
• Maintenance: dependsDrawbacks:• Consistent behavior requires multiple consistent configurations!• Hosting network is flooded at every network transition!
– Congestion degrades performance of DHCP
Other WLAN
A BC ED
25
Museum
Example: Mobile Tour Sphere
Network Impact for Sphere of size N• Startup: (N-1)*(Associate + DHCP + Sphere Join)• Transition: Associate + DHCP + Resource Acquisition• Maintenance: 1 (Broadcast,Multicast), N-1 (Unicast)Advantages: • Consistent behavior due to common policy• Configuration overhead spread over time• Spatial reuse possibilities
– Museum sphere can provide information on underutilized frequency spaceDrawbacks:• Sphere Bottleneck (can be optimized)
Other WLAN
A BC ED
26
Security Benefits
• Security boundary– Sphere members protected from outside– Sphere join can include integrity analysis1
• Membership services– Sphere access control– Wireless enrollment mechanisms
1. K. Eustice et al. "Securing WiFi Nomads: The Case for Quarantine, Examination, and Decontamination," Proceedings of the New Security Paradigms Workshop (NSPW) 2003.
27
Applications Innovation
• Spheres as collaboration nexus
• Relationships used to customize behavior
• Group as User– Semantics– Interfaces
Example: Interactive Media
28
Example: Interactive Media
Multimedia application,using sphere behavioras input:• Transitions• Membership• Interactions
Possible applications:• Campus-wide game• LACMA tour group
application
SocialSphere
Location
Sphere
SocialSphere
29
Structured Common Community Model
• Multiple fidelity community membership
• Shared structure scopes relevance
• Simple standardized interface– Cross-community references– Diverse relations (Boelter 3564 and LASR)
30
Roadmap
• Managing Ubiquitous Computing• Our approach: Spheres of InfluencePreliminary Work• Design and Implementation• Related Work• Dissertation Plan
31
Bob’s Office
QED
Bob
Worker
Worker
Worker
Worker
Quarantine device upon entry into network, and authenticate.
Examine device for vulnerabilities or undesirable services.
Decontaminate: Work with device to repair vulnerabilities!
32
Results from QED
• Evaluated in LASR testbed over 802.11b
• Vulnerable machines required additional time– Variable based on
package size, average file size
– E.g., perl required ~91 sec. for 34 Mbyte update
0
1
2
3
4
5
6
7
8
DHCP Ipsec Exam Total
QED Components
Tim
e (s
)
Fig 1. Measured overhead in each component of QED session with up-to-date machine; 99% confidence intervals.
[Eustice05] K. Eustice, L. Kleinrock, M. Lukac, V. Ramakrishna and P. Reiher, “QED: Securing the Mobile Masses,” UCLA Technical Report TR-ID pending. 2005.
33
Roadmap
• Managing Ubiquitous Computing• Our approach: Spheres of Influence• Preliminary WorkDesign and Implementation• Related Work• Dissertation Plan
34
Major Systems Issues
• Placement of Management Logic
• Sphere Discovery
• Relationship Management
• Fault Tolerance and Reliability
• Events and Event Semantics
• Application Primitives
35
Sphere Discovery
• How do I find any sphere?– Broadcast & multicast– Reference-based maps
• How do I find a specific sphere?– Lookup Server– DNS-based approach
36
Relationship Management
• Sphere Bindings – Which sphere is the right sphere for me?– Different devices will bind to different spheres
• Approach• User/Application Preferences• Leverage existing relationships• Negotiation – resource/requirement matching
37
Events and Event Semantics
• Handling dynamic membership – Queuing events for inactive members– Interest registration
• Event Semantics– Scoping events– Closest spheres may be most relevant– Event Ordering
38
Spheres of InfluenceComponents
• Doorman: handles external interactions
• Sphere Manager: handles internal interactions
• Policy Manager: mediates interactions
• Applications Interface Sphere
Manager
PolicyManager
Sphere StateMember tableAccess Rights
Event Registration…
Doorman
Int.EventIface
Ext.EventIface
ApplicationsConnection to any related
Spheres
39Network (802.11, Bluetooth, Ethernet)
Operating System
Ext. SphereInterface
EventCoordinator
Security Services
ConnectionManager
DiscoveryModule
Advert.Module
JoinModule
Sphere API
PolicyEngine
Applications
Int. Sphere Interface
Sphere Manager
Policy Manager
Doorman
External components
A Sphere of Influence Node
40
Roadmap
• Managing Ubiquitous Computing• Our approach: Spheres of Influence• Preliminary Work• Design and ImplementationRelated Work• Dissertation Plan
41
Related Work
Location-based Infrastructure [Roman’01, Undercoffer’02, Al-
Muhtadi’04 …]
Personal Cluster Management [Chetan’04]
Social Group Applications [Wang’04]
?Spheres
ofInfluence
Service Groups?
Others?
42
Related Work
• Ubiquitous Computing Infrastructure– Intelligent Room/Project Oxygen, Gaia, Centaurus2, one.world
• Ubiquitous Group Management– Ephemeral Social Groups, Mobile Gaia, Super Spaces
• Cluster Management– Open Cluster Framework, Mobile ad hoc clustering
• Content Distribution/Pub-Sub Event Distribution– SIENA, REBECA
• Secure Enrollment and Network Configuration– Resurrecting Duckling, Network-in-a-Box
43
Roadmap
• Managing Ubiquitous Computing• Our approach: Spheres of Influence• Preliminary Work• Design and Implementation• Related WorkDissertation Plan
44
Planned Activities
• Complete Implementation
• Measure of Utility
• Evaluation
• Measure of Applicability
45
Complete Implementation
• The Spheres of Influence prototype will be completed as detailed in the prospectus.
• Iterative development model for fast feedback.
• Implementation will be made publicly available via Sourceforge.
46
Measure of Utility
Implementation and demonstration of two sample applications– A “coordinate and optimize” application– An application to show novelty, using
community transitions and interactions as application input
47
System Evaluation
• Framework Overhead
• Application Performance
• Methodology– Basic overhead measurements will be
gathered in LASR testbed– Application results will also be gathered and
analyzed
48
Measure of Applicability
My assumption: devices will interact in different types of organized groups.
• Provide a model to characterize ubiquitous applications in terms of group interactions.
• Analysis of common applications.
49
Examples
• Community Geo-annotation– mapping of social sphere[s] onto location spheres
• Friend-finder– mapping of location sphere[s] onto social spheres
• Access-control applications– mapping of social spheres onto physical spheres
• Location-aware Wireless Device Configuration– mapping of physical spheres from location sphere
onto elemental device spheres
50
Implementation Status
Completed:– Communications framework– Sphere join protocol – Event registration and processing– Network configuration modules– Reference map-based discovery
51
Statement of Purpose
• Design and implement a device community management framework supporting ubiquitous computing scenarios.
• Contributions of this work: – Generalized concept of structured device
communities applied to ubiquitous computing.– Framework prototype: Spheres of Influence.– Sample applications illustrating value and generality
of framework
52
Spheres of Influence: Secure organization and coordination
of diverse device communities
Spheres of Influence: Secure organization and coordination
of diverse device communities
Kevin Eustice
April 20th, 2005
Kevin Eustice
April 20th, 2005
55
SphereID is a globally unique identifier.
L is the language that describes all valid system events.
History is a set of past States.
State is the current sphere state and is defined as:
Formal Foundations of Spheres of Influence
{ , , , , }S SphereID State History L
{ , , , }State C P R
where,C is the set of spheres that are S’s children P is the set of spheres that are S’s parents R is the set of resources that are available in S. is a set of policy rules that constrain interactions within the sphere.
56
Formal Foundations of Spheres of Influence
1 1
1 1
( , , )
( , ,{( { }) ( )})
where ,
i i
i i
i i i i
State History e L
State History C P S E L
C C C P P P
is the time-step function that updates the sphere based on current state and incoming events. A basic time-step function is given as:
58
Group Coordination through Sphere Events
• Interest-based Event Management
• Sphere structure scopes event flow– Event processing influenced by current
connections– Different possible semantics
• Policy regulates interactions
59
Home
Living Room
Physical Sphere
Personal Sphere
Elemental Device Sphere
MediaPC
Registers interest in “MediaControl” events
Kevin
60
Home
Living Room
Physical Sphere
Personal Sphere
Elemental Device Sphere
MediaPCLaptop generates a
“MediaControl” event
Kevin
61
Interconnection Topology
• What device configuration?– Hierarchical– Acyclic Peer-Peer– General Peer-Peer
• Hybrid model– Many communities tends to be hierarchical– Multiple community memberships requires
peer-to-peer
62
Doorman (External Agent)
• Advertisement
• Discovery
• Enrollment
• Connection management
Sphere Manager
PolicyManager
Sphere StateMember tableAccess Rights
Event Registration…
Doorman
Int.EventIface
Ext.EventIface Applications Connection
to any related Spheres
63
Discovery/Advertisement Modes
• Broadcast & Multicast– Most feasible for physical spheres– Technical issues regarding visibility of advertisements
• Lookup Server– DNS-based approach– Most appropriate for abstract spheres
• Static mappings– Most appropriate for locations– Staleness and Size– Dissemination modes?
64
Planned Enrollment Techniques
• USB/RFID location-limited sideband (Balfanz et al.)– OOB exchange of hashed public keys– Tie identity to locality
• Network Vouchers
65
Connection Manager
• Initiates Sphere Joins
• Handles incoming supplicants– Eligible supplicants handed to Sphere
Manager– Else, reject connection
• Eligibility is determined by policy manager
66
Sphere Manager
• Manages existing relationships
• Manages events– Registration– Processing– Delivery
• Network interface manager
• Sphere state container
Sphere Manager
PolicyManager
Sphere StateMember tableAccess Rights
Event Registration…
Doorman
Int.EventIface
Ext.EventIface Applications Connection
to any related Spheres
67
Policy Manager
• Policy Manager: – Policy database contains local policy rules– Policy engine answers questions regarding state
changing interactions and local policy
• Policy Language– Describes valid interactions in terms of relational,
deontic, and temporal constraints– Logic-based
• Policy resolution, conflict handling• Focus of V. Ramakrishna’s Dissertation
68
Applications Interface
• Access local sphere via loopback interface
• Device sphere maintains a per-application channel to allow event dissemination– Send/Receive Events– Query Sphere Status
69
Example: Interactive Media
Multimedia application,using sphere behavioras input:• Transitions• Membership• Interactions
Possible applications:• Campus-wide game• LACMA tour group
application
SocialSphere
Location
Sphere
SocialSphere
70
Measure of Success
• Effectiveness– Construct examples similar to those
presented here
• Low Overhead– Measure added complexity of sphere
abstraction as a function of sphere size– Measure time-to-join compared to legacy
network modes– Measure generation and evaluation time of
relationship attestations.
71
Measure of Success
• Complete Implementation– Dynamic demo: automatically manage device
community interactions in face of changing external context, cope with failure
• Usability– Daily use by laboratory inhabitants
• Task Management
– LACMA application– UCLA Campus-based Multimedia Application
72
Contributions
• Model for a consistent representation of device membership spanning heterogeneous communities
• Secure, active management of community memberships
• Secure, cryptographic membership attestation• Intra- and Inter-community event registration and
delivery• Evaluation of model with applications
73
Placement of Management Logic
• Where is sphere management located?– Centralized– Distributed– Partially Distributed
• Security tradeoff– Centralized leadership simpler to secure– Distribute components based on trust
74
Fault Tolerance and Reliability
• Determining failure– Did the sphere fail or did I change contexts?– Analyze external state and see what’s
changed
• Approaches– Distribute management based on trust– Failover based on trust– Rediscover, rebind to sphere and coalesce
75
Application Primitives
• Access to Relational Data– Membership information– Peer information– Request & verify attestations
• Coordination Primitives– Gossiping– Consensus Gathering– Transaction Management
76
Previous Work
QED: mobile integrity management– Quarantine incoming mobile devices– Examine them for vulnerabilities– Decontaminate them, with repairs/updates
• Deployed in LASR to secure laptops– RPM package examination– Package update as needed via secure tunnel
• Measured overhead in QED phases
77
Related WorkStructured
Social
Groups
StructuredLocation Groups
Structured
Service Groups
Structured
Comm.
Groups
Gaia [Roman’02] Users Only Single
Location
Registry
Centaurus2 [Undercoffer’03]
Users Only X X
Super Spaces [AlMuhtadi’04]
Users Only X Distributed
Registry
Mobile Gaia
[Chetan’04]
Registry Personal Device Cluster
Ephemeral
Social Spheres
[Wang’04]
X X
78
Other Approaches
• Infrastructure projects
(Gaia, Centaurus, AIRE/Project Oxygen)– Typical focus is centralized management of
services within a physical space– Database, CORBA ORB, or local registry– Single administrative domain– Limited bootstrapping support
79
Other Approaches
• Gaia SuperSpaces [Al-Muhtadi’04]– Meta structure applied recursively to multiple Gaia
spaces
• Mobile Gaia [Chetan’04]– Personal device cluster management
• Ephemeral Social Groups [Wang’04]• Major Differences:
– Multiple administrative domains.– Common representation model of different groups.
80
Related Work
• Cluster formation work [OCF]– Mobile ad hoc clustering protocols [many]
• Content distribution/pub-sub systems– SIENA [Carzaniga et al. ‘01]– REBECA [Műhl ‘02]
81
Examples of emerging communities
• Personal Device CommunitiesSet of devices with a common owner
• Location-based Device CommunitiesDevices related by proximity
• Social Device CommunitiesDevices connected by user organization
• And others (Interest, Task, Function, ….)