ΠΑΝΕΠΙΣΤΗΜΙΟ ΚΡΗΤΗΣ ΣΧΟΛΗ ΘΕΤΙΚΩΝ ΕΠΙΣΤΗΜΩΝ ΤΜΗΜΑ ΕΠΙΣΤΗΜΗΣ ΥΠΟΛΟΓΙΣΤΩΝ - PDF

Description
ΠΑΝΕΠΙΣΤΗΜΙΟ ΚΡΗΤΗΣ ΣΧΟΛΗ ΘΕΤΙΚΩΝ ΕΠΙΣΤΗΜΩΝ ΤΜΗΜΑ ΕΠΙΣΤΗΜΗΣ ΥΠΟΛΟΓΙΣΤΩΝ ΑΝΑΠΤΥΞΗ ΚΑΙ ΥΛΟΠΟΙΗΣΗ ΓΛΩΣΣΑΣ ΓΙΑ ΤΗΝ ΔΙΑΔΙΚΑΣΙΑ ΑΔΕΙΟΔΟΤΗΤΗΣ ΣΕ ΠΕΡΙΒΑΛΛΟΝΤΑ ΔΙΑΧΥΤΗΣ ΝΟHΜΟΣΥΝΗΣ ΜΕΤΑΠΤΥΧΙΑΚΗ ΕΡΓΑΣΙΑ Γενιτσαρίδη

Please download to get full document.

View again

of 47
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information
Category:

Nature & Wildlife

Publish on:

Views: 14 | Pages: 47

Extension: PDF | Download: 0

Share
Transcript
ΠΑΝΕΠΙΣΤΗΜΙΟ ΚΡΗΤΗΣ ΣΧΟΛΗ ΘΕΤΙΚΩΝ ΕΠΙΣΤΗΜΩΝ ΤΜΗΜΑ ΕΠΙΣΤΗΜΗΣ ΥΠΟΛΟΓΙΣΤΩΝ ΑΝΑΠΤΥΞΗ ΚΑΙ ΥΛΟΠΟΙΗΣΗ ΓΛΩΣΣΑΣ ΓΙΑ ΤΗΝ ΔΙΑΔΙΚΑΣΙΑ ΑΔΕΙΟΔΟΤΗΤΗΣ ΣΕ ΠΕΡΙΒΑΛΛΟΝΤΑ ΔΙΑΧΥΤΗΣ ΝΟHΜΟΣΥΝΗΣ ΜΕΤΑΠΤΥΧΙΑΚΗ ΕΡΓΑΣΙΑ Γενιτσαρίδη Ειρήνη Ηράκλειο Ιούλιος 2011 ii ΠΑΝΕΠΙΣΤΗΜΙΟ ΚΡΗΤΗΣ ΣΧΟΛΗ ΘΕΤΙΚΩΝ ΕΠΙΣΤΗΜΩΝ ΤΜΗΜΑ ΕΠΙΣΤΗΜΗΣ ΥΠΟΛΟΓΙΣΤΩΝ Ανάπτυξη και Υλοποίηση Γλώσσας για την Διαδικασία Αδειοδότησης σε Περιβάλλοντα Διάχυτης Νοημοσύνης Εργασία που υποβλήθηκε από την Ειρήνη Γενιτσαρίδη ως μερική εκπλήρωση των απαιτήσεων για την απόκτηση ΜΕΤΑΠΤΥΧΙΑΚΟΥ ΔΙΠΛΩΜΑΤΟΣ ΕΙΔΙΚΕΥΣΗΣ Συγγραφέας: Εισηγητική Επιτροπή: Γενιτσαρίδη Ειρήνη, Πανεπιστήμιο Κρήτης Γρηγόρης Αντωνίου, Καθηγητής, Πανεπιστήμιο Κρήτης, Επόπτης Δημήτρης Πλεξουσάκης, Καθηγητής, Πανεπιστήμιο Κρήτης, Μέλος Δεκτή από: Φουντουλάκη Ειρήνη, Ερευνήτρια, Μέλος ΙΤΕ-ΙΠ Άγγελος Μπίλας, Αναπληρωτής Καθηγητής, Πανεπιστήμιο Κρήτης Πρόεδρος Επιτροπής Μεταπτυχιακών Σπουδών Ηράκλειο, Ιούλιος 2011 iii iv An Authorization Language in Ambient Intelligence Environments Genitsaridi Eirini Master of Science Thesis Computer Science Department, University of Crete Abstract Ambient Ιntelligence (AmI) is a new wave of information technology that integrates microprocessors into everyday objects in order to improve the quality of everyday life. The information is distributed among various devices that collect, process, change and share it. As a new paradigm of information technology, Αmbient Ιntelligence has introduced new research challenges in many areas including the field of authorization. The implementation of authorization policies is vital in order to develop a secure AmI system. Every Αmbient Ιntelligence device should be able to specify access rights policies to the resources that it controls. However, the distributed and often imperfect information, the open and dynamic nature of AmI environments and the special characteristics of the involved devices make the enforcement of authorization policies problematic. Previous work by Bikakis et. al. presented Contextual Defeasible Logic (CDL), a fully distributed approach for reasoning with conflicts in Αmbient Ιntelligence systems. Here we extend this approach to address authorization issues in distributed environments. We present Distributed Environment Authorization Logic (DEAL), a formal high level logic-based language to specify access control policies in open and dynamic distributed systems. The language has rich expressive power supporting negative authorizations, rule priorities, hierarchical category authorizations and nonmonotonic reasoning. We define the language semantics through Defeasible Logic. We also demonstrate DEAL authorization policies in two concrete implemented Αmbient Ιntelligence scenarios. v vi Ανάπτυξη και Υλοποίηση Γλώσσας για την Διαδικασία Αδειοδότησης σε Περιβάλλοντα Διάχυτης Νοημοσύνης Γενιτσαρίδη Ειρήνη Μεταπτυχιακή Εργασία Τμήμα Επιστήμης Υπολογιστών Περίληψη Η Διάχυτη Νοημοσύνη είναι ένα νέο κύμα τεχνολογίας πληροφοριών που ενσωματώνει μικροεπεξεργαστές σε καθημερινά αντικείμενα προκειμένου να βελτιωθεί η ποιότητα της καθημερινής ζωής. Οι πληροφορίες είναι κατανεμημένες μεταξύ διάφορων συσκευών που τις συλλέγουν, επεξεργάζονται, μεταβάλλουν και μοιράζονται. Ως νέο παράδειγμα τεχνολογίας πληροφοριών, η Διάχυτη Νοημοσύνη έχει δημιουργήσει νέες προκλήσεις σε πολλές ερευνητικές περιοχές συμπεριλαμβανομένου του τομέα της αδειοδότησης. Η εφαρμογή των πολιτικών αδειοδότησης είναι ζωτικής σημασίας για την ανάπτυξη ενός ασφαλούς συστήματος Διάχυτης Νοημοσύνης. Κάθε συσκευή Διάχυτης Νοημοσύνης πρέπει να είναι σε θέση να προσδιορίσει πολιτικές δικαιωμάτων πρόσβασης στους πόρους που ελέγχει. Εντούτοις, οι κατανεμημένες και συνήθως ελλιπείς πληροφορίες, η ανοικτή και δυναμική φύση των περιβαλλόντων Διάχυτης Νοημοσύνης και τα ειδικά χαρακτηριστικά των εμπλεκόμενων συσκευών δημιουργούν προβλήματα στην επιβολή των πολιτικών αδειοδότησης. Προηγούμενη έρευνα (Bikakis et. al.) παρουσίασε την Αναιρέσιμη Συλλογιστική Περιβάλλοντος (Contextual Defeasible Logic ή CDL), μια πλήρως κατανεμημένη προσέγγιση για συλλογιστική με συγκρούσεις σε περιβάλλοντα Διάχυτης Νοημοσύνης. Εδώ επεκτείνουμε αυτήν την προσέγγιση ώστε να χειρίζεται ζητήματα αδειοδότησης σε κατανεμημένα περιβάλλοντα. Παρουσιάζουμε την Γλώσσα Αδειοδότησης Κατανεμημένου Περιβάλλοντος (Distributed Environment Authorization Logic ή DEAL), μια επίσημη υψηλού επιπέδου λογική γλώσσα για να προσδιορίζουμε πολιτικές πρόσβασης πόρων σε ανοικτά και δυναμικά κατανεμημένα vii συστήματα. Η γλώσσα έχει πλούσια εκφραστική δύναμη υποστηρίζοντας αρνητικές άδειες, προτίμηση σε αντικρουόμενους κανόνες, άδειες σε ιεραρχημένες κατηγορίες και μη μονοτονικό συλλογισμό. Ορίζουμε τη σημασιολογία της γλώσσας μέσω της Αναιρέσιμης Συλλογιστικής. Περιγράφουμε επίσης την εφαρμογή πολιτικών αδειοδότησης σε δύο συγκεκριμένα υλοποιημένα σενάρια Διάχυτης Νοημοσύνης. Επόπτης Καθηγητής: Γρηγόρης Αντωνίου Καθηγητής Τμήματος Επιστήμης Υπολογιστών Πανεπιστημίου Κρήτης viii Ευχαριστίες Θα ήθελα να ευχαριστήσω τον επόπτη καθηγητή μου, κύριο Γρηγόρη Αντωνίου για την καθοδήγηση και τις συμβουλές του με τις οποίες συνέβαλλε καθοριστικά στην επιτυχή ολοκλήρωση των μεταπτυχιακών μου σπουδών. Επίσης ευχαριστώ την κυρία Φουντουλάκη Ειρήνη και τον κύριο Δημήτρη Πλεξουσάκη για τις εύστοχες παρατηρήσεις και συμβουλές τους ως μέλη της εισηγητικής επιτροπής. Επίσης, οφείλω να αναφερθώ στον διδάκτορα Αντώνη Μπικάκη και στον μεταπτυχιακό Κώστα Παπαθεοδώρου, για τις συμβουλές τους και την ανεκτίμητη βοήθεια τους στην ολοκλήρωση της εργασίας μου κατά την διάρκεια των μεταπτυχιακών μου σπουδών. Ακόμα, ευχαριστώ τους φίλους μου και συμφοιτητές μου για την ψυχολογική υποστήριξη, την θετική διάθεση και αισιοδοξία που μου μετέφεραν όλον αυτό το καιρό. Τέλος, θέλω να ευχαριστήσω ιδιαίτερα τους γονείς μου Κώστα και Στέλλα και τις αδερφές μου Ελένη και Γιάννα για την στήριξή και συμπαράσταση που μου παρείχαν και εξακολουθούν να μου παρέχουν σε κάθε βήμα της ζωής μου. Σας ευχαριστώ! ix x Στους γονείς μου Κώστα Γενιτσαρίδη και Στέλλα Κόκκινου. xi xii List of Figures Figure 1.1: Related areas to Ambient Intelligence... 5 Figure 1.2: Context information flow in the AmI hospital scenario... 8 Figure 1.3: Context information flow in the AmI university scenario Figure 2.1: The request-pair of a simple Ambient Intelligence example Figure 2.2: An authorization example in language [29] Figure 2.3: Two query examples of service requests Figure 2.4: An example of conflicting rules in language of [29] Figure 3.1: An authorization policy with negative authorizations Figure 3.2: Context information flow in the scenario Figure 3.3: An authorization policy that requires rule priorities Figure 3.4: An example of user hierarchical categories Figure 3.6: An example of action hierarchical categories Figure 3.7: An example of object hierarchical categories Figure 3.8: An authorization policy with nonmonotonic reasoning Figure 4.1: Model of authorization in Woo, Lam approach [45] xiii xiv List of Tables xv xvi Table of Contents List of Figures... xiii List of Tables... xv 1. Introduction Ambient Intelligence Authorization in Ambient Intelligence Motivating Scenarios Ambient Intelligence Hospital Scenario Ambient Intelligence University Scenario Approach Thesis Contribution Thesis Organization Basic Concepts of the Authorization Problem Request-Pair Authorization Service Grantor Grantee Authorization Conflict Authorization Policy Desirable Characteristics of an Authorization Language Negative Authorization Rule Priorities Hierarchical Category Authorization Nonmonotonic Reasoning 4. Related Work Non logic-based Authorization Approaches Logic-based Authorization Approaches Centralized Authorization Approaches Decentralized Authorization Approaches Background Information Defeasible Logic Proof Theory Multi-Context Systems Contextual Defeasible Logic Representation Model A Distributed Environment Authorization Language: DEAL Language Syntax Alphabet of DEAL Language Rules of DEAL Language Characteristics of DEAL Language Language Semantics DEAL alphabet transformation DEAL rules transformation Contextual Defeasible Logic Extensions Motivating Scenarios Implementation Implementation of AmI Hospital Authorization Scenario Implementation of AmI University Authorization Scenario Conclusion Synopsis Future Directions 8. Appendix A A.1 TuProlog Reasoner A.2 Defeasible Logic Metaprogram A.3 DEAL Metaprogram Bibliography Chapter 1 Introduction Access control is the ability of a system to prohibit unauthorized entities to consume specific system services. In physical security, the term access control refers to the practice of restricting entrance to physical objects such as a property, a building or a room to authorized persons (e.g. ticket inspector in a bus). In computer security, access control refers to any mechanism that manages the admission to computer services such as accessing system information or performing some action to system resources (e.g. update information in a Web server). Access control is a very important topic in the development of nowadays computer applications. Companies usually require access control in order to grant access to areas and information only to individual users and groups with the appropriate permission level. Access control is crucial in systems that include sensitive data such as medical information in hospital facilities, political beliefs in online voting systems, bank account passwords in e-commerce systems or religion and sex preferences in social networks. Access control involves various measures such as biometric scans and metal locks, digital signatures, encryption, camera monitoring and others. Moreover access control consists of three basic processes, Authentication, Authorization and Auditing (AAA). Authentication is the process of verifying if the identity that a requester provided is authentic. Authentication answers the question: Is the requester who he claims to be? Authorization is the process that determines if a requester is permitted to consume a specific service according to various system policies. Authorization answers the question: Is the requester permitted to consume this service? Accountability is the process of maintaining a record of actions performed by every requester (successful or failed attempts to consume services). In this research we study the process of authorization in the Ambient Intelligence domain. 1.1 Ambient Intelligence Ambient intelligence (AmI) is a new wave of information technology that typically integrates microprocessors into everyday objects in order to improve the quality of everyday life. AmI environments include heterogeneous intelligent devices that 4 Chapter 1 communicate by means of ad-hoc wireless networks. Every intelligent device acts as an autonomous entity that controls resources, handles requests and sends requests to other entities. The core difference between AmI and traditional computer systems is their user centric approach. AmI systems adapt and respond to people by acknowledging their presence and gestures instead of the other way around. Therefore an Ambient Intelligence system can be seen as the most evolved form of a computer system that requires the minimal user interaction in order to adjust to the user's needs. A simple example of Ambient Intelligence is a house with the ability to acknowledge human presence in a variety of places and adjust the light accordingly. Ambient Intelligence is a multidisciplinary approach as presented in [1, 4], since it requires the convergence of many areas in Computer Science in order to fulfill its purpose. The relevant areas are depicted in Figure 1.1. Figure 1.1: Related areas to Ambient Intelligence 1.2 Authorization in Ambient Intelligence Ambient Intelligence systems aim at providing the right information or behavior to the right users, at the right time, in the right place. In order to achieve this, a system must have a thorough knowledge and, as one may say, Understanding of its environment, the people and devices that exist in it, their interests and capabilities, 5 Chapter 1 and the tasks and activities that are being undertaken. All this information falls under the notion of context. Dey et al. [6] described context as any information that can be used to characterize the situation of an entity. An entity is a person, place or object that is considered relevant to the interaction between a user and application, including the user and applications themselves . Other context definitions can be found in [7-9]. An example of context information in a computer application for a hospital can be information about the role of a person as doctor, patient or nurse. A special characteristic of Ambient Intelligence environments is the imperfect nature of context information. Henricksen and Indulska in [10] characterize four types of imperfect context information: unknown, ambiguous, imprecise, and erroneous. Sensor or connectivity failures (which are inevitable in wireless connections) result in situations, that not all context data is available at any time. When data about a context property comes from multiple sources, then context may become ambiguous. Imprecision is common in sensor-derived information, while erroneous context arises as a result of human or hardware errors. Another special characteristic of AmI environments is their open and dynamic nature. In an open and dynamic environment participating entities enter or leave the environment regularly and cannot be predetermined. The entities that operate in an Ambient Intelligence environment are expected to have different goals, experiences and perceptive capabilities. They may use distinct vocabularies and they may even have different levels of sociality. Moreover, due the unreliable and restricted (by the range of the transmitters) wireless communications, not all entities are present at a specific time instance and direct communication with all of them may be impossible. The special characteristics of ambient intelligence environments have introduced new research challenges in many areas, as presented in [1-5], including the field of authorization. The implementation of authorization policies is vital in order to develop a secure Ambient Intelligence system. Every AmI device should be able to specify access right policies to the resources that it controls. However, the imperfect nature of context information and the open and dynamic characteristics of AmI environments make the enforcement of authorization policies problematic. The following questions highlight some of the implications that AmI environments create to authorization as part of a system's security. How to adjust security according to context changes? 6 Chapter 1 How to protect recourses from entities when they cannot be predetermined? How to adjust security that relies on other entities when they leave the environment? 1.3 Motivating Scenarios In this section we describe two concrete application scenarios in ambient intelligence environments that demonstrate the special requirements and challenges of authorization in such environments. Both scenarios require the specification of authorization policies for accessing sensitive information. The first takes place in an Ambient Intelligence hospital environment and focuses on the protection of medical data, while the second takes place in an Ambient Intelligence university and focuses on the access control of secretarial services. In section 6.4 there is a full technical description of these two interesting types of scenarios that served as motivations for our research Ambient Intelligence Hospital Scenario A hospital usually consists of several autonomous departments that are responsible for diagnosing and treating different diseases. The motivation for this scenario is based on the fact that a doctor may send a patient to different departments for medical tests in order to diagnose his disease. The results of the exams are distributed in the different departments. Doctors usually must visit the departments periodically to ask if the results of their patients are ready. In order to automate this process, we simulated an Ambient Intelligence hospital environment and handled the raised authorization issues. The hospital of the scenario consists of three autonomous departments, the Cardiology, the X-ray and the Gastroenterology. The Cardiology department provides medical care and performs medical procedures to patients who have p
Related Search
Similar documents
View more...
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks