Security Service
The additional dynamism and outreach that Active
Spaces advocate require effective mechanisms to secure the underlying
infrastructure. To address these concerns, we are developing a dynamic,
context-aware security architecture for Active Spaces. This security
architecture features a federated authentication system that is based on
distributed, pluggable, "CORBArized" authentication modules. This
module-based service allows the separation of applications from the actual
authentication mechanisms and devices. The dynamically pluggable modules allow
the authentication subsystem to incorporate additional authentication devices
and mechanisms on the fly as they become available.
The access control system is designed to automate
the creation and enforcement of access control policies for different
configurations of an active space. The system explicitly recognizes different
modes of cooperation between groups of users, and the dependence between
physical and virtual aspects of security in Active Spaces. We support both
discretionary and mandatory access control policies, and use role-based access
control techniques for easy policy administration. Our model dynamically assigns
permissions to user roles based on context information. Dynamic protection
domains allow administrators and application developers the ability to customize
access control policies. Our model preserves the principle of least privilege,
promotes separation of duty, and prevents rights-amplification.
Unless proper countermeasures are laid out, an
Active Space environment could be rife with sensors and embedded devices that
could threaten users' privacy. To address these concerns, we introduce Mist,
which is a privacy-preserving communication protocol capable of authenticating
users while hiding their true identities from end applications and services.
]
