SECURITY AND TRUST IN OPEN, DYNAMIC, AUTONOMOUS SYSTEMS
Tim Finin, Anupam Joshi and Yelena Yesha
Computer Science and Electrical Engineering
University of Maryland, Baltimore County
1000 Hilltop Circle, Baltimore MD 21250
{finin|joshi|yeyesha}@cs.umbc.edu
410-455-{3522|2590|3542}
September 2003
ABSTRACT. Information assurance, security and privacy have moved from
narrow topics of interest to information system designers to become
critical issues of fundamental importance to society. As part of this
shift, the scope of associated problems, applications, and technical
issues is broadening, opening up new requirements and approaches.
Challenges arise as information systems evolve toward dynamic, open
and heterogeneous distributed systems, as seen in peer-to-peer
systems, grid computing, ad hoc networking, web services, pervasive
computing environments and multi-agent systems. A grand challenge we
might set is to create "smart spaces" in which pervasive computing
technology allows people, agents, services and devices to seamlessly
interact while preserving appropriate security and privacy policies.
To realize this grand challenge, we must vigorously explore new ideas,
including (1) approaches to security and privacy based on trust and
reputation, (2) declarative policies for information assurance and
control and (3) new languages for sharing knowledge models and
information.
INTRODUCTION. New models of distributed communication and computation
are being introduced, leading to distributed systems that are *open*
in that they do not pre-identify a set of known participants, and
*dynamic* in that the participants change regularly, and not just due
to occasional failures. It is interesting to note that this evolution
is occurring at several levels -- communication, infrastructure and
application. At the communication level, for example, ad hoc
networking systems such as Bluetooth and UWB-based 802.15.3, treat
nodes as autonomous routers, requiring new techniques to protect
against malicious or faulty nodes that subvert or blackhole packets
[5]. Similarly, as applications become more sophisticated and
intelligent, they require greater degrees of decision making and
autonomy. The long range vision is described as societies of
intelligent, autonomous agents that are goal-directed and adaptive.
But even today, we find the new levels of autonomy emerging in
infrastructures like the Grid computing, web services and pervasive
computing. These systems must exchange information about services
offered and sought and their associated security and privacy policies,
negotiate for information sharing, and monitor for and report on
suspicious or anomalous behavior.
A GRAND CHALLENGE. A new grand challenge thus emerges -- securing
these open dynamic environments. As a concrete instance, consider
providing a secure and privacy enhancing pervasive computing
environment in spaces such as an office, hospital, school or subway
stop. The space will be filled with devices and agents offering and
seeking services. As people move, agents on their personal devices
detect, and are detected by, the pervasive infrastructure. The new
devices must discover the services of interest from the infrastructure
and other devices in the vicinity, negotiate for access, control
information exchange, and monitor for suspicious events to be reported
to the community. Shared knowledge models (ontologies) and norms of
behavior (policies) will undergird the society of communication and
cooperating applications, agents and devices. Addressing this grand
challenge will require contributions not just from diverse areas
within computer science, but also from other disciplines such as
policy, law, and various social sciences.
Without appropriate security and privacy mechanisms, these exciting
new ideas will be hobbled and the applications they enable will not be
deployed or be found socially acceptable. For example, the DARPA
LifeLog program was recently forced to eliminate many of the more more
exciting possibilities from its scope because good privacy mechanisms
were not available. Notice also the split in the computing community
(USACM vs ACM SIGKDD) on the issue of data mining and the TIA program.
We must develop new models for security and privacy that work in such
highly distributed, open, and dynamic systems, and will find immediate
applications in grid computing, semantic web, and pervasive computing.
We identify three topics where new challenges are emerging:
trust-based security, computational policies, and knowledge sharing.
TRUST-BASED SECURITY. Security and privacy based on authentication is
not enough in open systems where principals may be able to provide
authentication, but are otherwise unknown to the system and hence not
authorizable for specific actions. Traditional role based approaches
also fare poorly. Such environments are common on the web and in
envisioned pervasive computing environments. A solution is to make
security and privacy decisions based on attributes related to trust
for which a principal can provide evidence -- e.g., proof of key
attributes, a signed statements from a trusted source delegating a
permission, or undertaking an obligation in return for access. Human
societies use trust and reputation to make decisions about requests
for "service" where a right to that service is not pre-established,
and social networks are an important way of transferring trust and
reputation [3]. Such societies have overlapping systems of behavioral
norms, constraints and rules. We are over constrained, so we can not
always satisfy all of them, but deviating too much or too often has
its consequences - loss of reputation, penalty clauses, imposition of
sanctions, etc. These mechanisms need to be understood and
computational analogues developed in order for computational agents to
better support information sharing and control in human societies.
Challenges: Can the very human notions of reputation and trust be used
by computer applications and agents? Is reputation inherently
distributed and emergent, or will a system of well known reputation
servers suffice? How can we build scalable systems that combine traditional
authentication based security regimes with security and privacy
decisions based on trust and reputation ?
COMPUTATIONAL POLICIES. By policy we mean an explicit representation
of constraints and rules that govern or inform an agent or system's
behavior. Policies can define permissions, obligations, norms and
preferences for an agent's actions and interactions with other agents
and programs [2,4]. Explicit policies, especially those expressed in
high level declarative languages, can be used as the basis for
electronic contracts and provide a sublanguage useful for the
negotiation for agreements and commitments. We believe that explicit
policies for security, trust and privacy are promising areas for
research.
Challenges: Can we develop meaningful machine interpretable policies
for security, digital rights management, and privacy? Can we design
policy languages that are simultaneously expressive enough to serve
their many needs, intuitive and understandable by humans, and writable
by non programmers? Can we implement policy languages over which we
can reason at a high level, answering hypothetical questions about the
limitations and vulnerabilities in the security and privacy systems
they model (will this policy allow X to happen, and if so under what
circumstances)? Can we do all this tractably.
KNOWLEDGE SHARING. As our distributed information systems become more
ubiquitous, autonomous and complex there is a stronger need for
grounding them on common models of data and knowledge. The agents in
such systems need to be able to exchange information, queries, and
requests with some assurance that they share a common meaning. The
lack of a common understanding of shared information opens up new
security and privacy vulnerabilities [1]. Monitoring and enforcing
security in a distributed system, e.g. for intrusion detection,
requires a common model for sharing information about individuals,
events and situations [6,7]. We need better languages in which to
define and publish ontologies for security and privacy to support
information sharing and cooperation in distributed systems.
Challenges: Will semantic web languages such as RDF and OWL solve the
common ontology problem for sharing information relating to security
and trust? How can consensus models be developed and selected?
SUMMARY. Information systems are evolving along several dimensions
requiring new techniques and technology to ensure security and
privacy. Key areas that must be explored in the coming years most of
which can be traced to the further development of highly distributed
and dynamic computing environments. Such environments are envisioned
in advanced versions of web services and grid computing as well as in
pervasive computing and multi-agent systems.
[1] G. Denker, L. Kagal, T. Finin, M. Paoucci, K. Sycara, Security
for DAML Web Serviced: Annotation and Matchmaking, 2nd Int. Semantic
Web Conf., Oct 2003. http://umbc.edu/~finin/papers/iswc03a.pdf
[2] L. Kagal, T. Finin, A. Joshi, A Policy Based Approach to Security
for the Semantic Web, 2nd Int. Semantic Web Conf., Oct
2003. http://umbc.edu/~finin/papers/iswc03b.pdf
[3] L. Ding, L. Zhou, T. Finin, Trust Based Knowledge Outsourcing for
Semantic Web Agents, 2003 IEEE/WIC Int, Conf. on Web Intelligence,
Halifax, Oct 2003. http://umbc.edu/~finin/papers/wi03.pdf
[4] L. Kagal, T. Finin, A. Joshi, A Policy Language for Pervasive
Systems, 4th IEEE Int. Workshop on Policies for Distributed Systems
and Networks, Lake Como, June 2003. http://umbc.edu/~finin/papers/policy03.pdf
[5] S. Buchegger, J. Le Boudec, Nodes Bearing Grudges: Towards Routing
Security, Fairness, and Robustness in Mobile Ad Hoc Networks, 10th
Euromicro Workshop on Parallel, Distributed and Network-based Processing, 2002
[6] J. Undercoffer, J. Pinkston, A. Joshi, T. Finin, A Target-Centric
Ontology for Intrusion Detection, Knowledge Engineering Review, to
appear, 2004.
[7] J. Undercoffer, A. Joshi, J. Pinkston, Modeling Computer Attacks:
An Ontology for Intrusion Detection, 6th Int. Symp. on Recent Advances
in Intrusion Detection. Springer-Verlag, LNCS 2516, Sept 2003.
BIOSKETCHES
TIM FININ (http://umbc.edu/~finin/) is a Professor of Computer Science
and Electrical Engineering at the University of Maryland Baltimore
County (UMBC). He has over 30 years of experience in the applications
of Artificial Intelligence to problems in information systems,
intelligent interfaces and robotics. He holds degrees from MIT and
the University of Illinois. Prior to joining the UMBC, he held
positions at Unisys, the University of Pennsylvania, and the MIT AI
Laboratory. Finin is the author of over 190 refereed publications and
has received research grants and contracts from a variety of sources.
He has been the past program chair or general chair of several major
conferences, is a former AAAI councilor and is AAAI's representative
on the board of directors of the Computing Research Association.
ANUPAM JOSHI (http://www.cs.umbc.edu/~joshi/) is an Associate
Professor of Computer Science and Electrical Engineering at UMBC. He
obtained a B. Tech degree in Electrical Engineering from IIT Delhi,
and a Ph.D. in Computer Science from Purdue University. His research
interests are in mobile/pervasive computing, data management/mining,
semantic web, and security. He has published over 90 refereed papers,
and has obtained research support from NSF, NASA, DARPA, DoD, IBM,
Fujitsu, AetherSystens, HP, AT&T and Intel. He has presented tutorials
in conferences, served as guest editor for special issues for IEEE
Personal Comm., Comm. ACM etc., and served as an Associate Editor of
IEEE Transactions of Fuzzy Systems from 99-03. At UMBC, Joshi teaches
courses in Operating Systems, Mobile Computing, Networking, and Web Mining.
YELENA YESHA received the Ph.D degree in Computer and Information
Science from The Ohio State University in 1989. Since 1989 she has
been with the Department of Computer Science and Electrical
Engineering at UMBC, where she is presently a Professor. Yesha was the
Director of the NIST Center for Applied Information Technology in 1994
and the Director of the NASA Center of Excellence in Space Data and
Information Sciences from 1994 to 1999. Yesha's research interests are
in the areas of distributed databases, distributed systems, mobile
computing, digital libraries, electronic commerce, and trusted
information systems. She has published over 100 refereed articles and
also 8 books in these areas. Yesha has received a substantial amount
of research funding from NASA, NSF, NIST, NSA, DHMH, Aether Systems,
Cisco, and IBM. She is a member of the editorial board of VLDB
Journal, and the IEEE Trans. Knowledge and Data Engineering, and is
editor-in-chief of International Journal of Digital Libraries. She
served as general and program chair of several major international
conferences, and will serve as the general chair of ACM SIGMOD 2005.
14 January, 2004 14:04
|