What are the contributions of the paper? - This paper presents a
ubiquitous security mechanism called Cerberus that integrates
context-awareness with automated reasoning to perform authentication
and access control in ubiquitous computing environment. - Security
requirements for Smart Spaces are identified as: (1) ubiquitous, (2)
multilevel, (3) security policy language must be descriptive,
flexible. - Four main components of Ceberus are well built to support
the security requirements.Those components are: (1) Security Service,
(2) Context Infrastructure (3) Security Policies, (4) Inference
Engine.
--------------------------------------------------------------------------------------------------------------------------
What is the quality of the presentation? - The presentation is well
done with smooth transition from one section to another. - This is a
significant contribution to GAIA community.
--------------------------------------------------------------------------------------------------------------------------
What are the strengths of the paper? - Figures and explanatory
examples help the audience to understand the fundamental concepts of
Ceberus. - Using First Order Logic gives Ceberus the descriptive
power and flexibility to express security rules. - Components of
Ceberus work tightly together to provide "ubiquitous" experience to
the users. Also, intrusiveness and authentication levels could be
adjusted without difficulty by changing the confidence value.
----------------------------------------------------------------------------------------------------------------------------
What are its weaknesses? - This work did not say anything about crash
recovery. As the number of components and devices in a ubiquitous
environment is plenty, what things could happen when one or two
components crash. Would the whole system crash? - What type of
security measure does Ceberus have to protect the communication
channel between Security System and Inference Engine, and the Security
Policies. It seems that one could change the confidence value if he
gained access to that channel or Security Policies. - Ceberus is tied
with GAIA applications. Extendability, scalability are not mentioned
in this paper.
-------------------------------------------------------------------------------------------------------------------------------
What is some possible future work? - Security Policies could be
dynamically changed over time.Elaborating more on how to the policies
were updated, or discarded can be future work. - Extendability,
scalability, interoperability with other infrastructure can be future
work as well.
=============================================================================
What are the contributions of the paper? The paper introduces Cerberus
-- an expressive, federated, context-aware, security scheme -- to
provide currently vulnarability-abound "smart space" with a solution
that is non-intrusive, intelligent and able to adapt to rapidly
changing contexts.
What is the quality of the presentation? The paper exhibits good
quality for three reasons. First, a closer look at the outline of the
paper reveals that it is well-organized in a very coherent
way. Second, the sentences in this paper are expressed in such a way
that they are really easy to read and follow. Finally, examples given
in this paper effectively help readers to understand the paper. For
instance, the examples in section 4.2 really help readers to correctly
understand the semantic meanings of those context expressions.
What are the strengths of the paper? The Cerberus intruduced in this
paper is nearly practical and it addresses many the common problems
haunting ubiquitous computing systems. The design is very modular,
flexible and thus could be easily adopted in real ubiquitous computing
environment.
What are its weaknesses? This paper doesn't include the performance
analysis of the proposed system such as how fast the system can
response to the constantly changing context, and how much computing
power will be required to support such a system to run smoothly.
What is some possible future work? Inference Engine works on a basis
of an assumption that quantification is done over finite
sets. However, this may no always be true in reality. So, more efforts
can be put to improve the Inference Engine to make it work even in
real world.
=============================================================================
1.What are the contributions of the paper? This paper provides some
practical module and scheme of “smart space” security. Also, there
are some discussions of its implementation which makes the concept
more convinced. Moreover, the authentication modules are impressive
since it is both flexible and secure. When it comes to the context-
aware, the paper provides some operations in order to achieve the
security request, such as predicating, classifying the confidence
level and so forth.
2.What is the quality of the presentation? It is good organized. The
structure is clear and helpful for understanding. And I think the
authors were successfully illustrated their concept and works.
3.What are the strengths of the paper? It’s pretty strong in my
view. It provides the whole procedure of achieving the Cerberus. And
the implementation makes the concept reliable. However, whether it can
achieve the security level of the “smart space” is need further
discussion.
4.What are its weaknesses? The context-aware scheme has some limit
when we try to use it. If the paper could provide how it can adapt
diversity devices and condition, then its advantage will be more
significant. Also, there are some weaknesses about the security
policy. As the topic of the last class, several low confidence level
things when get together maybe become a high level thing, the author
should take consider of this part. Then when there is one thing
unavailable at one time, we can use some combination to achieve its
confidence level.
5.What is some possible future work? The security protection of
“Smart Space” are not been achieved now. Since the paper makes a
good organization of the model and make some implementation, they
should keep on considering how can we make use of the concept in our
global ubiquitous computing.
=============================================================================
Ubiquitous computing imposes additional requirements on security and
privacy and this paper issues four new requirements: ubiquitous
security service, multilevel security, support a proper security
policy language and allow authentication for all kinds of
entities. The paper focuses on the second and the third
requirements. An ubiquitous security scheme Cerberus, is presented in
this paper, which integrates context-awareness with automated
reasoning to perform authentication and access control in ubiquitous
computing environments. The system supports multilevel authentication,
where principals are associated with confidence values. The context
infrastructure captures rapidly changing context information and
incorporates it into the knowledge base. Context-aware security
policies are described in an expressive language that support binary
operators, quantification, and complex inferring. The language
proposed can be evaluated efficiently using an inference engine. The
paper also presents a simple and efficient method for revoking access
if context related information changes. The presentation of the paper
is good. The figures help readers learn about the structures easily
and the inside logic of the paper is very clear. This paper not only
discuss concepts, principles and difficulties in the research area
security for ubiquitous computing , tackled some of the problems with
Cerberus theoretically, but also implemented something in practice:
the "Powerpoint Viewer". Although this implementation is quite simple,
it indeed helps a lot in persuading readers that the security scheme
introduced in this paper does make some sense and is useful. To show
the scheme is really efficient, the paper should have presented some
experimental results, such as reaction time in practice for given
finite sets. It is reasonable for the paper to assume that the
inference Engine maintains only a finite set of sentences and
quantification is done over finite sets, but finite sets can be large
and thus efficiency can not be guaranteed. Rapidly changing context
information can be captured with the suggested method in this paper
theoretically, but there's no evidence that this can be done
efficiently in practice. In fact, ubiquitous computing devices should
try to spend most of the time in a sleep mode in which they only
listen for radio signals once in a while(the period can be set from a
few seconds to several minutes). Thus, in the example mentioned in the
paper, if the UbiComp Seminar went away, this change of context may
not be found out immediately. This paper doesn't mention future work
explicitly but it is intuitive to think that they will do more work in
implementation and try to tackle more problems they have raised in
this paper in practice.
=============================================================================
The paper entitled "Cerberus: A Context-Aware Security Scheme for
Smart Spaces" is an interesting and well developed report. The
authors introduce Cerberus, a core service in the Gaia project that
integrates identification, authentication, context awareness,
reasoning, and security. The Gaia project is described as a
computational environment where physical spaces and ubiquitous
computing devices are integrated together - a "Smart" space. This
paper discusses the importance of security services and its ability to
adapt in a changing ubiquitous environment. This is an important
topic since ubiquitous computing raises security and privacy issues.
I feel that the presentation of this paper is somewhat scattered.
Although the content of the report is rich in information, it seems
that many ideas are just placed into sentences, one after the other.
The paper did not "flow". Nevertheless, I am impressed with the depth
of information that is provided. The authors demonstrate that a great
deal of research has been done in this area. They cite many papers in
reference to other components of Gaia. Many of the other modules from
Gaia are not described in great detail but their brief overviews are
enough for a basic understanding of the environment as a whole. The
figures presented in this paper are clear and easy to understand.
This paper also provides many examples that makes it easy to
understand the whole picture and its various components.
The Gaia context infrastructure is a simple yet seemingly powerful
model. It uses nouns and verbs from the English language as
predicates which make it very easy to read and understand. Yet, I
question whether this method is easily scalable since there are many
nouns and verbs in the English language. The authors then describe
that the set of values are finite, which lead to expressions that will
always terminate. Would these sets be hard to maintain?
The security policies discussed only involve certain confidence levels
for various devices. Finger print scans would have a higher
confidence value than, say, a smart badge. Is this sort of model good
enough for security? Who sets these levels? The calculation for the
net confidence makes sense, yet, again, is this good enough? How is
the privacy of context information secure? Some future work might
include some investigation into strengthening the security model,
addressing vulnerabilities that have been discussed in the papers
cited, and addressing the privacy of context information.
=============================================================================
* What are the contributions of the paper? The paper deals with the
* context sensitive security introduced in Cerberus, which is a core
* service in Gaia (a generic ubiquitous computing environment) for
* authentication, context awareness and reasoning. Concepts of the
* context awareness and automated reasoning are used for the purpose
* of achieving context sensitive security.
* What is the quality of the presentation? This is a system paper. It
* describes a system in informative way. Language of the paper is easy
* to comprehend, but there is lots of repetition of the material.
* What are the strengths of the paper? This paper provides an systems
* which theoretically takes care of the all the major security issues
* involved in ubiquitous computing environment like Gaia. A practical
* implementation which accompany it, adds the value to it.
* What are its weaknesses? Authors though mention to include more
* facts about their implementation, as required, in the final version
* of the paper are missing in this proceeding version. Also, other
* raising security issues like server compromise, forward security
* also needs to be considered in such a system.
* What is some possible future work? As mentioned in weakness, more
* implementation fact should be put forth, which might require more
* experiments, also other raising security concern like existence of
* eavesdropper, compromised devices also needs to be taken care of.
=============================================================================
What are the contributions of the paper? This paper introduced
Cerberus, a federated, context-aware, security scheme. It supports
multilevel authentication, where access control is associated with
confidence level. Context-aware security policies are described in
first-order language which can be evaluated using an inference
engine. It also presented a simple and efficient method for revoking
access if context related information changes.
What is the quality of the presentation? It gives a novel way of
expressing access policies. And implementation of this context-aware
system is also given.
What are the strengths of the paper? It uses first order predicate
logic to present system policies, which provides greater flexibility
and dynamism while allowing rules to be evaluated efficiently.
What are its weaknesses? The adapability and feasibility of the
system should be tested further. The concept of confidence level is
not very clear. And how do we use confidence level to realize
security? Will be there some misuse or misunderstanding of access
rights?
What is some possible future work? It needs to provide more details
about the implementation and performance of the Cerberus system.
=============================================================================
One of the most innovative development in the computer systems has
been the notion of ubiquitous computing. As novel and appealing the
idea seems, it also comes bundled with a multitude of computing issues
that have evaded computer scientists ever since it was first
envisioned by Mark Weiss in 1991. One of the issues that is the topic
of various on-going research projects in this area is providing
adequate security measures for smart spaces which are above all
non-intrusive, intelligent and are able to adapt to rapidly changing
contexts. The topic of this paper is Cereberus, a context-aware
security scheme for smart spaces, which tends to provide such
security. The authors start by providing an introduction to ubiquitous
computing in general and smart spaces in particular, the security
issues involved, security requirements for such spaces and describe a
generic computation enviroment the Gaia project. They proceed by
giving an overview of the proposed system and then incrementally
reveal each component and its functionality at a more detailed level.
The work presented here is of unique significance to the field of
ubiquitous computing and security in general. Authors did a great job
in presenting the core architecture of the system in a comprehensive
way without sacrificing the readability. The major strengths of
Cerebrus are its dynamic nature of implementing security, support for
multi-level authentication, adaptability to rapidly changing contexts
and a simple method for revoking access rights. The authors have used
predicate logic to define and perform operation on contexts using a
Prolog type sytax which allows to express/evaluate various complex
rules involving contexts very easy and also allows to infer more
complex contex rules from simple ones. The only thing missing here is
the lack of implementation details and performance evaluation measures
of Cerebrus, leaving an impression of a rather abrupt end. Authors
should be looking forward to address these issues in future work.
=============================================================================
> CONTRIBUTIONS
The authors introduce Cerberus, a context-aware security scheme for
active spaces based on the Gaia ubiquitous computing platform. To
achieve this, the authors have developed a security service which uses
pluggable modules (GAMM: Gaia Authentication Mechanisms, GADM: Gaia
Authentication Device Modules), a context infrastructure based on
first-order predicate logic to model Gaia's environment, a security
policies knowledge base that stores rules (also in first order logic)
and lastly, an inference engine which enforces these security policies
through automated reasoning.
> QUALITY
The paper is clear and well-written. The authors make good use of
diagrams to explain how Cerberus interfaces with Gaia and how various
components of Cerberus (such as the context infrastructure and
authentication service) work, allowing people such as myself who have
no prior knowledge of Gaia to understand how Cerberus operates.
> STRENGTHS
Cerberus security policies adapt to changes in context and are
represented in a descriptive and flexible language. For example,
Cerberus facilitates the use of call-backs whereby applications can be
notified when a change in context results in a user's access to
resources being revoked. The use of CORBA for communication between
various components of Cerberus allows for the discovery and remote
invocation of Cerberus authentication services by applications and
devices operating in a Gaia smart space served by Cerberus. The use of
pluggable authentication modules (GAMM and GADM) allows Cerberus to
utilize new authentication mechanisms and devices on the fly, as they
become available.
> WEAKNESSES
I'm not sure how transparent this security system really is if users
still need to carry ID badges, enter passwords and use retina
scanners. There is little discussion of how Cerberus could be used to
authenticate mobile devices, applications and mobile code. The authors
state that their system is efficient without providing any performance
figures for their implementation. No implementation details are
provided, although these would probably be more interesting if we were
given performance figures.
> FUTURE WORK
A study that produces detailed performance figures that demonstrate
Cerberus's efficiency. Extensions to the existing implementation that
show how Cerberus could be used to authenticate mobile devices,
applications and mobile code.
=============================================================================
Contribution:
The paper advanced research in the field of security in the ubiquitous
systems by presenting Cerberus. Cerberus is a ubiquitous security
system for Gaia, an infrastructure that focuses on supporting the
development of applications for Smart Spaces. It focuses on
context-awareness and automated reasoning to provide both the
identification and authentication for users and access control to
resources and services. The Cerberus’s context infrastructure uses
first-order predicate calculus and Boolean algebra, which is a very
flexible and powerful way of writing and evaluating various
context-dependent rules. Centralized inference engine that takes
context into account is used to enforce security policies. The paper
focuses attention to the dynamic nature of security requirements in
the ubiquitous systems.
Quality: Overall, paper was well written. The sections were presented
in a logical order and the system was described in a concise and
consistent manner. However, I was bothered by the figures
offered. They appeared overly cluttered, and I found it hard to
distinguish one depicted object from another. Although authors did
attempt to address the issue by using different colors, the figures
still appeared overly crowded. Additionally, the entire paragraph
providing an overview of the paper should have been omitted. It was
poorly written, and at times pointless (i.e. Section 9 concludes).
Strengths: Security requirements for Smart Spaces are well defined and
the proper awareness was brought to the problem. Description of the
system and its implementation are outlined in great detail. Main
features of the Cerberus system (multi-level authentication,
context-aware, federated, flexible, automated-reasoning) were clearly
stated. The topic was well researched and a novel solution was
presented. There was no ambiguity as to what the goal and the
contribution of the paper were.
Weaknesses: The authentication modules used were simply mentioned and
the acronyms for them used without prior introduction. Authentication
models such as CORBA, SESAME and Kerberos were mentioned, but the
background information wasn’t provided. Additionally, the author
doesn’t provide any future work directives and doesn’t identify any
weaknesses of this centralized approach (i.e. is Cerberus applicable
to platforms supporting multiple Smart Spaces?).
Future Work: A definite future work directive would be examining the
possibility of extending Cerberus to platforms spanning multiple Smart
Space environments. Examining the overall security of the system and
identifying possible attacks could also be used to verify the strength
of the proposed mechanism.
=============================================================================
Summary: The paper tries to introduce a security system for UbiComp in
a way that it can be considered as a security scheme. To achieve this
goal the first introduce requirements that they believe should be
present in a UbiComp security scheme: 1. Non-intrusive and transparen
2. Multilevel security 3. Support for context aware security policy
4. Adequate support for mobile devices and (software) agents
The rest of the paper deals with a system designed and developed by
the authors, for Ubiquitous Computing, named Gaia. The paper describes
the architecture and also different component of the "security service
core" of Gaia. The components which have been introduced are: 1. The
security service component 2. The context infrastructure 3. The
knowledge base 4. The inference engine
At the end the paper provides an example of the implementation of the
proposed system and some possible future work.
Contributions: The paper uses a precise terminology
('indentification', 'entity', 'identity', 'authentication',
'principal', 'security policy', etc.) and defines them properly. It
also keeps in mind the "balance between authentication strength and
no-intrusiveness." To devise suitable mechanisms to implement
different policies with regard to the above-mentioned "balance" the
authors introduce the concept of "confidence value" in their system
which also helps them deal with different authentication
mechanisms. Their systme uses a federated authentication service that
uses distributed portable modules named GPAM. They also envision two
categories of authentication modules: GAMM for specific protoclos and
GADM for specific devices (independent of any protocol)
The propose to use first-order predicate calculus and boolean algebra
to represent and process context information. This decision along with
the architecture of the context infrastructure allows them good
context awareness in the system. The security polices are also
represented as rules in first order logic. They include
"authentication policies" and "access control polices." These design
decisions about context and policy representation enables the authors
to actually design and implement an "inference engine" which evaluates
the level of confidence of identities and replies to access control
queries from applications.
There are also minor and detailed innovations in the designed system
such as different methods for events to be transfered from sensors and
the notion of "session", etc.
Quality of the presentation: The exact definition of the terminology
used along with many examples in the paper, contribute a lot to the
presentation aspect of the paper. The authors provides diagrams
whenever necessary and give sufficient examples to clarify all the
aspects of the work. Overall the presentation of this paper is "good"
Strengths: The primary strength of the paper comes the fact that all
the ideas of the paper have actually been implemented in a real and
working system. In other words the mere fact that this paper is part
of a large research adds a lot to its value. For example, the authors
have very in-depth knowledge about UbiComp and all the issues in
it. Also they have a working testbed to implement and test the
proposed design.
Another important strength of the paper as mentioned before is its
good choice of terminology and good definition of all the important
aspects of the proposed system.
Weaknesses: In many cases the authors do not give enough (or any)
reasons for some of the statements for example, they mention that "the
dynamism and mibility that smart space advocate can give additional
leverage for cyber-criminal, techno villains, and hackers by
increasing opportunities to exploit ..." without any reason and they
don't state that this is an assumption.
The authors could have done more work on modeling the system in an
abstract manner and evaluate it, mathematically. Before really
implementing it. They also don't give any results about the level of
the success (or failure) of their system and don't mention its
weaknesses.
Possible future work: Although the system has been really implemented,
it seems to be far away from real life deployment. I think further
testing of the system and evaluating the results is also necessary.
=============================================================================
What are the contributions of the paper?
This paper introduces a new security scheme called Cerberus for so
called "smart spaces", or environments with sensors and embedded
devices to allow easy interaction between people and computers. These
smart spaces are assumed to be built using the Gaia model, a model
previously introduced by the authors for integrating physical spaces
with computing and communication systems. Gaia manages context using
predicates, such as Location(person, entering, roomX). Cerberus adds
another layer to these contexts by combining them with queries as to
whether or not a person has access to a service based on confidence
levels. Confidence levels depend on the type of authentication
used. An (easily misplaced) ID card may only offer a low level of
confidence, while a biometric reading may represent a high level of
confidence. By checking the confidence of a user’s authentication,
the system can allow or deny access to specific services, only
requiring active authentication by the user when necessary.
What is the quality of the presentation?
The related work section is the second last section of the paper, when
it should be in the introduction or right after. Summarizing related
work early in the paper allows the reader to learn what existing
solutions exist, why they are insufficient, and how the results that
will be presented improve upon them. In addition, the current existing
work states that an existing paper raised some security issues, and
that the authors solution "address some of these" without being any
more specific. Does this mean that there are known security issues in
Cerberus that have been identified and not addressed?
The rest of the paper is well organized.
What are the strengths of the paper?
The main strength of the paper is the flexible predicate language
defined for use in Cerebus and Gaia. They provide a simple method of
tracking context and responding to context changes based on a security
privileges. The predicates are both easy to create and interpret from
both a human and computational stand-point.
What are its weaknesses?
Some implementation details of Gaia/Cerberus are unclear. As is, an
administrator manually states that personX has access to resourceY
subject to some constraint, such as time. For example, use of a
projector may be granted to the presenter during his time slot at a
conference. If the user's rights are to be revoked when the time slot
ends, the administrator must explicitly add an entry stating
this. Real world situation do not always follow strict time
guidelines, and so a presenter running late may have his access rights
revoked before his presentation is finished, or a presenter wishing to
start early to keep things on schedule may be locked out of the
projector despite the fact that no one is using it. Every small
schedule change requires the administrator to modify the context
information.
What is some possible future work?
The authors did not provide any future research considerations in the
paper.
Future research using the Cerebus system should focus on the privacy
of the end user. It is clear that Cerebus provides a framework for
secure access to resources, but no consideration is given to how this
information may be used to track the location of an individual. The
predicate language used by Gaia/Cerebus allows for events to be
triggered whenever a person enters a room, raising concerns of
location privacy.