Professional Documents
Culture Documents
Roy Campbell
ICDCS 2013 Panel
Is my toaster lying: security, privacy and trust issues in Internet of Things.
Properties of Solution
Reification of trust: resiliency, availability,
confidentiality, privacy
Use of big data: monitoring ensembles
formed by agreement and empowered by
collective action.
Need to know or minimal information
exchanges
Evidence chains, policies and evaluations
Endogenous formation of collective
awareness
Issues
Trust as Discrete Events
e.g., configuration changes, failures, audit logs,
changes beliefs, changes to risk, .
Hard to summarize
Anonymization techniques
Distributed architecture
Cannot rely on a single entity to process information
Confidentiality of records; liability reasons
Multiple monitoring systems interacting without a single
point of aggregation
Information Leaks
Naming system
Requests for resolution reveals that an organization has
control of a resource
Requests
The presence of a request might imply the presence of a
local sequence of events matching the policy
Number of events
Repeating the process multiple times reveals the number of
matching events
6
Trust*
Trust is a mental state comprising:
(1) expectancy the trustor expects a specific
behavior from the trustee (such as providing
valid information or effectively performing
cooperative actions);
(2) belief- the trustor believes that the expected
behavior occurs, based on the evidence of the
trustees competence, integrity, and goodwill;
(3) willingness to take risk - the trustor is willing
to take risk for that belief.
* Huang J, Nicol D (2010) A formal-semantics-based calculus of trust. Internet Comput IEEE
14(5): 3846.
Trust
Confidence in or reliance on some
person or quality --- in this case trustrelated event notification
Such events are all time and context
dependent
Unilateral and Conditional Sharing of
Events
Reasoning about motives, events,
risks, and outcomes.
Tradeoff: Confidentiality vs
Detection
Events provide knowledge
about:
network topology
network traffic
configurations
vulnerable
programs
installed programs
user behaviors
services
critical machines
Complete confidentiality
Complete openness
Only detection of
local security
concerns
Detection of
global security
concerns
Can we find a
10
Monitoring Architecture
Service
Provide
r
Cloud
Provider
Monitoring
server
Monitoring
server
Cloud
Provide
r
Private
Infrastruct
ure
Multi-organization event-based
monitoring
Built on top of current monitoring
architecture
Each organization detect problems
in its infrastructure independently
Contributions:
Minimum information sharing /
need-to-know in multiorganization systems
Distributed logic reasoning
algorithm for policy
compliance
Minimal sharing obtainable for
simple policies; reduces
information exposure for more
11
Secure Two-Party
Computation
Conditional Sharing
r=sharing if events a,b match the policy
Event a known only by org A
Event b known only by org B
Determine if the two events match without
revealing them to the other party
Garbled Circuits [Yao, 1986; Huang,
2012]
Fast secure two-party computation
runsCritService
(inst0, p)
partial(inst0)
0/1
12
References
Limiting Data Exposure in Monitoring Multidomain Policy Conformance, Mirko Montanari,
Jun Ho Huh, Rakesh B. Bobba and Roy H.
Campbell, Trust 2013.
Transforming Big Data into Collective
Awareness, Pitt, Bourazeri, Nowak, et al,
Computer, June, 2013
Garbled Circuits [Yao, 1986; Huang, 2012]
A formal-semantics-based calculus of trust.
Huang J, Nicol D (2010)Internet Comput IEEE
14(5): 3846.