欢迎来到文驰范文网!

CONTEXT-CERTIFICATE

时间:2022-08-31 13:05:02 来源:文池范文网

下面是小编为大家整理的CONTEXT-CERTIFICATE,供大家参考。

CONTEXT-CERTIFICATE

 

 Page 1 An Anonymous Context Aware Access Control ArchitectureAn Anonymous Context Aware Access Control Architecture

 2006.5.9 Shigetoshi YOKOYAMA

 NTT DATA Eiji KAMIOKA

 National Institution of Informatics Shigeki YAMADA

 National Institution of Informatics ACA2

 Page 2 Table of ContentsTable of Contents

  Context Aware Platform  Problems of Access Control in Ubiquitous

 Environment  Requirements  Related Works  Proposed Architecture ACA2  Approach  ACA2 Connection Model  Context-certificate validity monitoring context  Conclusion

 Page 3 Ubiquitous needs Context

 It has been widely considered that needs for context-aware applications will increase as ubiquitous computing era comes … Ubiquitous needs Context- -Awareness !Awareness !

 Select service and

 request explicitly provide services Users need to use computers actively to process tasks Conventional Computing Paradigm Computers offer appropriate services using ambient information Context-aware Computing Paradigm Automatically offer preferable services user computers computers user collect ambient

 info TROUBLESOME HAPPY!

 Page 4 Context DescriptionContext Description

 Description of a situation which is a moment for the application Parameter

 Query description to acquire certain events and status from

  sensors and other information sources Condition

 Rules by which the context analyze the situation Description for Action Action

 Generate events according to the situation

 Page 5 Context Aware Platform ArchitectureSensor Sensor Sensor Context Aware Platform Architecture

 Context Server Messaging Service (P2P, Publish/Subscribe) Publish Publish Retrieval Process Client API Publish Information Source (Sensor) Information Source (ex. RFID) RFID Reader RFID RFID RFID RFID Reader RFID Information Source (ex. Thin Client) HTTP Connector HTTP Context Context Context ・ Taro Nakao, Daisuke Yamada, Tatsuya Nakamura, Shigetoshi Yokoyama, Design and Implementation of an Application-Oriented Context Awareness Framework, pp.177-184, Eurescom 2005. Client API Service Logic Client API Subscribe Publish Subscribe SIP Connector Service Logic Subscribe ex. Telephone Call

 Page 6 Problems of Access Control in Ubiquitous

 Environment Problem1The relationship between entities that need services and an access-control mechanism based on ID and role difficult to implement.

   Problem2Because access conditions in a ubiquitous environment are changes.

   Problem3In a ubiquitous environment, the number of entities that operation bottlenecks to occur if access control is centralized. Problems of Access Control in Ubiquitous

 Environment

 entities that provide services are often ad-hoc in nature, which makes always changing, an access-control mechanism should follow such Access Control Mechanism need and provide services can be enormous. This makes it easy for Access Control Mechanism Access Control Mechanism  ? ? ? ? t1 t2 Change to t2 Access should be suspended at t2 Access Permission at t1

 Page 7 Requirementswithout having formed a trust-based relationship beforehand, access control must be based on current conditions such as the state of the service user.

  TrackingIt must be possible to suspend a service if context changes during

   Distributed ProcessingAccess control and decision making must be a single access-control server. Access control Mechanism Requirements

  Ad-hoc Operation For two parties that begin to communicate with each other service provision and the range of permitted access is exceeded. implemented in a distributed manner instead of centralizing access functions at Access Control Mechanism  ? ? ? ? Access control Mechanism Access control Mechanism Access control Mechanism Context Context Context Context Access Control Mechanism t1 t2 Change to t2 Access should be suspended at t2 × Access Permission at t1

 Page 8 Pre-registered ID Area Context Constraints Access

 Control Permission Context Sensors Role

 Access

 Access Subject Object Policy DB Related Works (Extended RBAC)Related Works (Extended RBAC)

 Role Subject Permission Context Condition1 Context Condition2 ・・・ ・ J. Canny and T. Duan, “Protecting user data in ubiquitous computing environments: Towards trustworthy environments,” Privacy-Enhancing Technologies (PET) 2004, pp. 167-185, Toronto, Canada, May 2004. ・ Tripathi, T. Ahmed, D. Kulkarni, R. Kumar, and K. Kashiramka, “Context-based secure resource access in pervasive computing environments,” Proc. Second IEEE Annual Conf. on Pervasive Computing and Communications Workshops (PERCOMW04), pp.159–163, March 2004.

 Page 9 Related Works (Delegation)Pre-registered ID Area Related Works (Delegation)

 ・ Lalana Kagal, Tim Finin, and Anupam Joshi, “Trust-Based Security in Pervasive Computing Environments”, pp.154-157, Computer Dec 2001 Object Delegates Delegatee Subject Access control Access control Access Permission Use transferred

 rights

 Page 10 Related Works (Pure CAAC)Pre-registered ID Area Related Works (Pure CAAC)

 Policy DB Context Context Control

 Sensors

 Access

 control

 Access Permission Subject Object Context Subject Permission ID for obtaining context ・ A. Corradi, R. Montanari, and D. Tibaldi, “Context-based access control management in ubiquitous environments”,

 Proc. third IEEE International Symposium on Network Computing and Applications, (NCA’04), pp.253–260, Aug. 2004 ・ G. Sampemane, P. Naldurg, and R.H. Campbell, “Access control for active spaces”, Proc. 18th Annual Computer Security Applications Conf. (ACSAC04), pp.343–352, Dec. 2002.

 Page 11 ApproachApproach

 Extended RBAC Delegation Pure CAAC Require

 Pre-registration Delegates become busy ACA2 1) Connection Model 2) Validity Monitoring

 Context 3) Proxy-based

  Architecture 1) Ad-hoc Operation

 2)

 Validity Tracking

 3) Distributed Processing

 Page 12 ACAArchitecture)ACA2 Architecture)

 2 (Anonymous Context Aware Access Control (Anonymous Context Aware Access Control Pre-registered ID Area Context-certificate validity

 monitoring context

 Policy DB Context Control Context Sensors Attach Attach Subject Object Context Subject Permission Certificate

 for obtaining

 context

 アクセス制御 アクセス制御

 Subject side

 Access control

 アクセス制御 アクセス制御 Access control

 Object side

 Access control

 Control Access ① Ad-hoc operation アドホック性 匿名性 ③ Distributed processing

 ② Tracking

 Page 13 ACAACA2 2

 Components(Service Consumer) Components

 Subject use Subject_ terminal attach Subject_ Proxy Context Server Object_ Proxy Object_ Terminal Object Sensors subscribe attach subscribe subscribe use (Service Provider) Message Service

 Page 14 ACAPublic-telephone connection model

 ① Pick up

 ② Ask operator

  ACA2 2

 Connection ModelConnection Model

  receiver

 ③ Submit money

 ④ Dial

 ⑤ Talk

 ⑥ Call terminates

  runs out

  if money

  for charge

 ACA2 connection model

 ① Attach subject to subject proxy

 ③ Transfer context-collection-

 source certificate

  ④ Transfer context certificate and

 ⑤ Access object

 ⑥ Access rights are revoked and

 changes.

 request access to object

 access is cut off when context

 ② Ask object proxy for policy

 ×

 Page 15 Context Certificates and Anonymity Connect

 with

 proxy?

 OK Context Certificates and Anonymity  1/31/3 

 Subject_Proxy γ Subject_Proxy α Subject_Proxy β Subject_Proxy group Message Service Pre-registered ID Area ・・・ Attaches Subject_Proxy B in the Subject_Proxy pool to Subject_Terminal through a http session or other means

 Attach OK

 Page 16 Subject_Proxy β

 Pre-registered ID Area Context-collection- source certificate Message Service Web service Cell phone Sensors Blog/WiKi RFID Sensors Sends context-collection-source certificate stored in Subject_Terminal so that Subject_Proxy can create the context certificate needed for accessing Object. Context-collection-source Put Send context- collection- source

 certificate?

 OK OK Context Certificates and Anonymity Context Certificates and Anonymity  2/32/3 

 Page 17 Subject_Proxy β

  Context-collection Pre-registered ID Area Context Server

  Subscribe Context-certificate Context-certificate validity monitoring

 context Message Service Web service Cell phone Sensors Blog/WiKi RFID Sensors Context-collection- source certificate Access Configures a “context certificate” certifying that Subject has the necessary context to access Object, generates “context-certificate validity monitoring context” for monitoring change in context, and registers that context with Context Server. Subscribe Call Engineer-Y2

 at

 050-yy-YYYYYY?

 OK OK Context Certificates and Anonymity Context Certificates and Anonymity  3/33/3 

 Page 18 SummarySummary

   We proposed Anonymous Context Aware Access Control Architecture (ACA2) assuming context that does not require the user to register beforehand on the service provider side. This scheme therefore has particular value in ubiquitous environments.

  In addition to requiring no pre-registration, ACA2 features continuous monitoring of context for any changes and dynamic access control performed in step with those changes.

 Page 19 Thank you

 Page 20 Related WorksType Extended RBAC

 Related Works

 Pros Cons Can be achieved by extending an existing and well-known solution.

 Can be achieved by adding a delegation function to an existing solution.

 Holds the possibility of achieving access control based only on context.

 ID and role must be registered beforehand.

 Places a burden on the delegates Delegation

 Pure CAAC A new mechanism must be realized.

 Page 21 Context construction on AOCA (Application Oriented Context Awareness) Application developers use schema of the data to monitor.  Assumption:

 • Data is expressed using domain-specific ontology and structured based on a schema of the each application domain. • Therefore the schema is well-known among the application domain. Context construction on AOCA

  (Application Oriented Context Awareness)

 content content content (structured data) data holder raw data sensor etc schema sensor etc real / virtual world content context context de...

【CONTEXT-CERTIFICATE】相关文章:

1.户外活动主持人演讲稿(2篇)

2.2024年烟草工作作风存在的问题(5篇)

3.厂房租赁协议书合同范本(4篇)

4.履行好管党治党强基固本的政治责任

5.老年大学舞蹈课教案(7篇)