Smart-m3 Security Model
0 likes445 views
The document discusses the development of a security model for distributed service environments like smart spaces. The goals are to develop identification, authentication, authorization and access control mechanisms for smart space platforms. Specifically for the Smart-M3 platform, the presentation covers developing a HIP-based authentication agent, mapping the smart space RDF graph to a virtual file system for access control, and initial implementation and testing of these components in Smart-M3. Future work includes further developing and integrating the HIP agent and access control mapping into the Smart-M3 platform.
![Smart-M3 security
What do we have?
access control at triple level [1];
context-based and access control policies;
security objects as triple patterns;
What do we want?
identification and authentication mechanism of the SS
subjects;
authorization and access control mechanism of SS subjects;
data privacy;
[1] A.D’Elia, J.Honkola, D.Manzaroli, T.S.Cinotii – Access Control at Triple Level: Specification and Enforcement of a
Simple RDF Model to Support Concurrent Applications in Smart Environments, 2011.
FRUCT 12th 8 Nov 2012 5](https://image.slidesharecdn.com/fruct12smart-m3securityyudenokkrinkin-121112072927-phpapp01/85/Smart-m3-Security-Model-5-320.jpg)
Smart-m3 Security Model
- 1. Distributed service environment (smart spaces) security model development Kirill Yudenok, Kirill Krinkin FRUCT LETI Lab, Open Source & Linux Lab FRUCT 12th, Oulu, November, 2012
- 2. Agenda Motivation; Goal and tasks; Current Smart-M3 security; Security model development; Smart-M3 security realization: HIP-agent; smart space RDF-graph mapping to the virtual file system (VFS); What was done? Future research and development; FRUCT 12th 8 Nov 2012 2
- 3. Motivation access control mechanism for the smart space platform, for example Smart-M3; protection information mechanism of the space; research information security within the smart space area. FRUCT 12th 8 Nov 2012 3
- 4. Goal and Tasks The project goal Development a security model for distributed service environment (smart spaces, SS), access control algorithms and test developed components as a part of the SS Smart-M3 platform; The main tasks of the project investigation of the basic security models and creation own security solutions; development a security model for Smart Spaces; modeling and development security model components for the Smart-M3 platform; testing developed components and algorithms within the Smart-M3 platform; FRUCT 12th 8 Nov 2012 4
- 5. Smart-M3 security What do we have? access control at triple level [1]; context-based and access control policies; security objects as triple patterns; What do we want? identification and authentication mechanism of the SS subjects; authorization and access control mechanism of SS subjects; data privacy; [1] A.D’Elia, J.Honkola, D.Manzaroli, T.S.Cinotii – Access Control at Triple Level: Specification and Enforcement of a Simple RDF Model to Support Concurrent Applications in Smart Environments, 2011. FRUCT 12th 8 Nov 2012 5
- 6. Security model development Identification and authentication of space subjects: HIP, PAM; Authorization and access control of space subjects: discretionary security model; smart space RDF-graph mapping to the virtual file system (VFS); named graphs; access control ontology; security extensions for smart space database. FRUCT 12th 8 Nov 2012 6
- 7. Smart-M3 security realization Identification and authentication mechanisms prospective architecture of HIP-agent; interaction of HIP-agent components. Authorization and access control mechanisms smart space RDF-graph mapping to the VFS; intermediate solution of the graph mapping; implementation mechanism to the Smart-M3 platform. FRUCT 12th 8 Nov 2012 7
- 8. Prospective architecture of HIP-agent Identification and authentication of the client: 1. Client connection request to the SS; 2. Request intercepting by the HIP-agent; 3. Protocol-based HIP identification and authentication of the client. FRUCT 12th 8 Nov 2012 8
- 9. Interaction of HIP-agent components The process of SIB HIP-agent Client connecting the client to hash, SS, request the space: 1. Transmission the client hash key to HIP-agent; hash valid? 2. Checking validity of the hash key; hash valid 3. Identification and hash, SS, response authentication of the client; 4. Connection to the SS. FRUCT 12th 8 Nov 2012 9
- 10. Smart Space RDF-graph mapping information of SS is stored in a relational database, smart space database (SQLite); information of SS is presented in triple form (S, P, O); set of triples stored in specific database tables; Solution: The virtual FS, that mapping information of SS in a certain directory structure. FRUCT 12th 8 Nov 2012 10
- 11. The updated directory structure of VFS provide more accuracy right to triplets (information) of the space; FRUCT 12th 8 Nov 2012 11
- 12. The intermediate solution of the graph mapping Working with SS database: get all triples and save them in memory of data structure (SQLite): receiving all objects, subjects, predicates and their values; Creating a VFS directory structure based on the data: creating of virtual FS using FUSE technology (fusekit), setting permissions; FRUCT 12th 8 Nov 2012 12
- 13. Implementation mechanism to the Smart-M3 platform modification of Smart-M3 platform piglet module: piglet proxy creation for new extensions; replacement of all smart space database operations to mapping FS operations; determine and verify client access permissions; testing operations on the client side. FRUCT 12th 8 Nov 2012 13
- 14. FRUCT 12th 8 Nov 2012 14
- 15. What was done? analyzed and designed the HIP protocol-based mechanism of identification and authentication; the mechanism of authorization and SS subjects access control by mapping RDF-graph to the virtual file system is developed; mechanism tested in the Smart-M3 platform; the implementation process of HIP-agent and mapping mechanism to the Smart-M3 platform is started; FRUCT 12th 8 Nov 2012 15
- 16. Future research and development Main HIP-agent development; implementation of mapping model to Smart-M3 platform; set permissions tool development for mapping FS; Additional named graph authorization system development; adding developed mechanisms to new version of Smart- M3 platform (Redland); FRUCT 12th 8 Nov 2012 16
- 17. Questions & Answers Kirill Yudenok, Kirill Krinkin {kirill.yudenok, kirill.krinkin}@gmail.com Open Source & Linux Lab, http://osll.fruct.org, osll@fruct.org FRUCT 12th, Oulu, November, 2012