Threats, Risk Assessment, and Policy Management in UbiComp - PowerPoint PPT Presentation

About This Presentation
Title:

Threats, Risk Assessment, and Policy Management in UbiComp

Description:

'Access to a system or its resources/ information is the first line of attack' ... excess of computational capacity denial of service or malicious code attacks ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 12
Provided by: PhilipR52
Learn more at: https://www.teco.edu
Category:

less

Transcript and Presenter's Notes

Title: Threats, Risk Assessment, and Policy Management in UbiComp


1
Threats, Risk Assessment, and Policy Management
in UbiComp
  • Workshop on Security in UbiComp
  • UBICOMP 2002, 29th Sept. Göteborg, Sweden
  • Philip Robinson, SAP Corporate Research
    Telecooperation Office

2
Management Access Scope of UbiComp Environments
and Applications
Closed/ Embedded
Personal
Static Groups
Ad Hoc Groups
Public
3
Point of Alert
Static Threat Unsolicited interactive access to
system by non-group member
Closed Threat Unsolicited access to system
location
Personal Threat Unsolicited possession of
system (tangible access)
Ad Hoc Threat Unsolicited use of special
services access beyond role and rights
Public Threat unsolicited modification/ misuse
of system
Access to a system or its resources/ information
is the first line of attack
4
Risk all about Context
  • Information and Resources have no value without a
    particular Context.
  • Context information changes the awareness and
    evaluation of risks
  • Awareness of risks changes the utility of and
    contribution to the Context information

4999 910 876 1234
Credit Card
5
When is the risk pending?
Data
6
Attack Profile
Attacker listens in on communications channel.
Attacks on confidentiality privacy!
Attack by embedding false sensor and actuator
devices into environment attack on context
derivation integrity
Attack by falsifying the physical environments
signals attack on context reading integrity
Attack by abusing lack or excess of computational
capacity denial of service or malicious code
attacks
R E S O U R C E S
C O N T E X T
Interactive (Stimuli Response)
ATTACK
ATTACK
Perceptive (Sensors Actuators)
Computational (Memory, Power Processing)
ATTACK
Communicational (Reception Transmission)
ATTACK
7
Policy ManagementAdministrative Distribution
  • Definition
  • Document encoded
  • Application encoded
  • Entity encoded
  • Enforcement
  • Security Mechanism selection
  • Physical vs. Logical
  • Modification Dissolution
  • Static vs. Dynamic
  • Consistency notification
  • Auditing
  • Centralized vs. Distributed

Behavioral policy, relational policy
Authorization policies
Signal integrity policy
Communication policies
Context-based policies
Computational policies
8
Summary
  • Identify access scope of UbiComp application
  • Determine point-of-alert based on access scope
  • Determine when the context creates a manageable
    risk
  • Perform a Threat Analysis
  • Define policy model to circumvent threats
  • Implement mechanisms to enforce policy
  • Establish methodology for managing policy
    information

9
Policy Enforcement
10
Policy Dissolution
11
Policy Modification
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Threats, Risk Assessment, and Policy Management in UbiComp" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!