23/03/2007 mail-to: [email protected]@cc.jyu.fi site: annaumenannaumen A Security Framework...
-
date post
21-Dec-2015 -
Category
Documents
-
view
215 -
download
1
Transcript of 23/03/2007 mail-to: [email protected]@cc.jyu.fi site: annaumenannaumen A Security Framework...
23/03/2007mail-to: [email protected] site: www.cc.jyu.fi/~annaumen
A Security Framework for Smart Ubiquitous Industrial Resources
Anton Naumenko, Artem Katasonov and Vagan TerziyanDept. of Mathematical Information Technology, University of JyväskyläP.O. Box 35, FIN-40014, Jyväskylä, Finland
We are grateful to National Technology Agency of Finland, Agora Center (University of Jyväskylä), and cooperating companies (ABB, Metso Automation, TeliaSonera, TietoEnator, and Jyväskylä Science Park) of the SmartResource research project for the financial support.
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 2
Introduction
• Conventional approaches to manage and control security seem to have reached their limits in new complex environments.
• These environments are open, dynamic, heterogeneous, distributed, self-managing, collaborative, international, nomadic, ubiquitous, etc.
• We are currently working on a middleware platform focused on the industrial needs, UBIWARE.
• UBIWARE integrates Ubiquitous Computing with Semantic Web, Distributed AI, Security and Privacy, and Enterprise Application Integration.
• In this paper, we describe our long-term vision for the security management in complex multi-agent systems like UBIWARE, SURPAS.
• SURPAS aims at policy-based optimal managing of security measures.
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 3
Contents
• The UBIWARE concept
• The motivating industrial case
• The security implications of UBIWARE
• The SURPAS research framework
• The SmartResource platform
• The SURPAS abstract architecture
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 4
field crewoperator expert consumers owner manager administration
USERS
UBIWARE
ProductionAutomation Intelligence External Applications
Distributed SemanticData Warehousing
Web Service
Services
ERPs, CRMs,SCADAs, Portals, etc
W3C Semantic WebStandards
The UBIWARE concept
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 5
The security implications of UBIWARE
• Existing security measures for the technologies on which UBIWARE relies are not in a mature stage.
• The security cannot be added to UBIWARE later. Security design has to be conducted throughout the development of UBIWARE.
• Characteristics of UBIWARE have different impact on security– Openness
– Dynamics
– Heterogeneity
– Distributed nature
– Collaborative social nature
– Internationality
– Self-management
– Mobility
– Ambient intelligence and pervasiveness
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 6
The Motivating Industrial Case
• Industrial impact, business benefits and security issues of UBIWARE for a domain of distributed power network management
• ABB is a global vendor of hardware and software for power networks. • The power networks themselves are owned, controlled and maintained
by some local companies.
• Four scenarios with potential add-value.– Information exchange between sub-networks – Transferring the tacit knowledge of humans to machines– New business model (Externalization of services)– Integration of contextual data for fault localization and risk analysis
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 7
DATADATA
DATADATA
DATADATA
NONONONO
????
Heterogeneity Heterogeneity of applicationsof applications
Semantic Semantic requestrequest
Semantic Semantic responseresponse
DATADATA
Information exchange between sub-networks
How to elaborate flexible and expressive framework for the distributed, collaborative and policy-based management of security?
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 8
AlgorithmAlgorithm
AlgorithmAlgorithmAlgorithmAlgorithmAlgorithmAlgorithm
History History datadata
LearningLearning
Service - Service - FacilitatorFacilitatorService - Service - FacilitatorFacilitator
Transferring the tacit knowledge
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 9
ABB ABB webServicewebServiceABB ABB webServicewebService
AlgorithmAlgorithmAlgorithmAlgorithmAlgorithmAlgorithm AlgorithmAlgorithm AlgorithmAlgorithmAlgorithmAlgorithm
New business model
Secure provisioning of (semantic) web services is still an open research question
How to treat the privacy concerns of the owners of different sub-networks?
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 10
Service - Service - FacilitatorFacilitatorService - Service - FacilitatorFacilitator
Context ProviderContext ProviderContext ProviderContext Provider
Context ProviderContext ProviderContext ProviderContext Provider
Context ProviderContext ProviderContext ProviderContext Provider
Context ProviderContext ProviderContext ProviderContext Provider
Fault prediction:Fault prediction:Fault prediction:Fault prediction:
Integration of contextual data: risk analysis
How to compute reputation and trust for the external contextual services because these issues influence the confidence in predicted risks, fault locations, etc
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 11
SU
RP
AS
Meth
od
olo
gy UBIWARE Domains
SURPAS Functionality
SURPAS Conceptual Semantics
Maintenance Servicesin Paper Industry
Power-NetworkManagement
TelecomNetwork Services
etc
Merged semantics of domains and SURPAS
SURPAS in UBIWARE Applications
Functional Semantics Algorithms Abstract Architecture Reference Implementation
Enforcement Function
Administration Function
The SURPAS research framework• UBIWARE: Configuring and adding new functionality to the
underlying industrial environment on-the-fly by changing high level declarative descriptions.
• SURPAS: Including new, and reconfiguring existing, security mechanisms, for the optimal secure state in response to the dynamically changing environment.
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 12
The SmartResource platform
• UBIWARE relies on results from the SmartResource project (Proactive Self-Maintained Resources in Semantic Web, see http://www.cs.jyu.fi/ai/OntoGroup/SmartResource_details.htm)
• SmartResource technology gives a possibility to be smart to every resource in an industrial system.
• SmartResource is able – To proactively sense, monitor and control own state, – To communicate with other components,– To compose and utilize own and external experience and
functionality for self-diagnostics and self-maintenance.
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 13
Liv
eL
ive
acti
vit
acti
vit yy
Agent’s Roles
Act
ivit
yA
ctiv
ity
Act
ivit
yA
ctiv
ity
Act
ivit
yA
ctiv
ity
Act
ivit
yA
ctiv
ity
Ass
ign
Ro
le
Ass
ign
Ro
le
acti
vit
acti
vit yy Beliefs storage
SmartResource AgentSmartResource Agent ..classclass
.cla
ss
Repository of Repository of the Rolesthe Roles
Advantages include:Advantages include: Flexibility for control and coordinationFlexibility for control and coordination
Remote controlRemote control Up-to-date role scriptsUp-to-date role scripts An agent may ‘learn’ how to play a new role in An agent may ‘learn’ how to play a new role in
run-timerun-time Inter-agent behavior awarenessInter-agent behavior awareness
To ‘understand’ how to interact with another To ‘understand’ how to interact with another agentagent
To coordinate behavior of several agents To coordinate behavior of several agents
Externalization of behaviour models
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 14
Liv
eL
ive
acti
vit
acti
vit yy
Agent’s Roles
Act
ivit
yA
ctiv
ity
Act
ivit
yA
ctiv
ity
Act
ivit
yA
ctiv
ity
Act
ivit
yA
ctiv
ity
Ass
ign
Ro
le
Ass
ign
Ro
le
acti
vit
acti
vit yy Beliefs storage
SmartResource AgentSmartResource Agent ..classclass
.cla
ss
Pool of Atomic Pool of Atomic BehavioursBehaviours
Repository of Repository of the Rolesthe Roles
Added advantages:Added advantages: Ability to ‘learn’ new behavioursAbility to ‘learn’ new behaviours ““Light start” with on-demand Light start” with on-demand
extension of functionalityextension of functionality
On-demand access of RABs
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 15
Reusable
atomic behaviours
Agent’s Roles
Act
ivit
yA
ctiv
ity
Act
ivit
yA
ctiv
ity
Act
ivit
yA
ctiv
ity
Act
ivit
yA
ctiv
ity
Ass
ign
a r
ole
act
ivit
yA
ssig
n a
ro
le a
ctiv
ity
Beliefs storage
Repository of Repository of RolesRoles
Pool of Atomic Pool of Atomic BehavioursBehaviours
SURPAS Policy
Pool of Security Pool of Security MechanismsMechanisms
MechanismMechanismMechanismMechanism
Repository of Repository of PoliciesPolicies
SmartResource Secure AgentSmartResource Secure Agent
Liv
e ac
tivi
ty
Liv
e ac
tivi
ty
wit
hw
ith
SURPAS Policy Enforcement MechanismSURPAS Policy Enforcement Mechanism
The SURPAS Agent’s architecture
23/03/2007
A Security Framework for Smart Ubiquitous Industrial Resources 16
Conclusions• UBIWARE targets physical world objects and thus put security as the
core need-to-be-addressed issue.
• We presented – The SURPAS long-term vision of policy-based optimal management of
security in multi-agent systems like UBIWARE. – The security implications of UBIWARE. – The motivating industrial case.– The SURPAS research framework. – The SURPAS abstract architecture.
• SURPAS as an ambitious target further demands – prototyping of ideas,– reference implementations,– industrial deployments and evaluations,– rigorous and convincing specification of advantages.