23/03/2007mail-to: annaumen@cc.jyu.fi site: www.cc.jyu.fi/~annaumen

A Security Framework for Smart Ubiquitous Industrial Resources

Anton Naumenko, Artem Katasonov and Vagan TerziyanDept. of Mathematical Information Technology, University of JyväskyläP.O. Box 35, FIN-40014, Jyväskylä, Finland

We are grateful to National Technology Agency of Finland, Agora Center (University of Jyväskylä), and cooperating companies (ABB, Metso Automation, TeliaSonera, TietoEnator, and Jyväskylä Science Park) of the SmartResource research project for the financial support.

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 2

Introduction

• Conventional approaches to manage and control security seem to have reached their limits in new complex environments.

• These environments are open, dynamic, heterogeneous, distributed, self-managing, collaborative, international, nomadic, ubiquitous, etc.

• We are currently working on a middleware platform focused on the industrial needs, UBIWARE.

• UBIWARE integrates Ubiquitous Computing with Semantic Web, Distributed AI, Security and Privacy, and Enterprise Application Integration.

• In this paper, we describe our long-term vision for the security management in complex multi-agent systems like UBIWARE, SURPAS.

• SURPAS aims at policy-based optimal managing of security measures.

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 3

Contents

• The UBIWARE concept

• The motivating industrial case

• The security implications of UBIWARE

• The SURPAS research framework

• The SmartResource platform

• The SURPAS abstract architecture

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 4

field crewoperator expert consumers owner manager administration

USERS

UBIWARE

ProductionAutomation Intelligence External Applications

Distributed SemanticData Warehousing

Web Service

Services

ERPs, CRMs,SCADAs, Portals, etc

W3C Semantic WebStandards

The UBIWARE concept

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 5

The security implications of UBIWARE

• Existing security measures for the technologies on which UBIWARE relies are not in a mature stage.

• The security cannot be added to UBIWARE later. Security design has to be conducted throughout the development of UBIWARE.

• Characteristics of UBIWARE have different impact on security– Openness

– Dynamics

– Heterogeneity

– Distributed nature

– Collaborative social nature

– Internationality

– Self-management

– Mobility

– Ambient intelligence and pervasiveness

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 6

The Motivating Industrial Case

• Industrial impact, business benefits and security issues of UBIWARE for a domain of distributed power network management

• ABB is a global vendor of hardware and software for power networks. • The power networks themselves are owned, controlled and maintained

by some local companies.

• Four scenarios with potential add-value.– Information exchange between sub-networks – Transferring the tacit knowledge of humans to machines– New business model (Externalization of services)– Integration of contextual data for fault localization and risk analysis

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 7

DATADATA

DATADATA

DATADATA

NONONONO

????

Heterogeneity Heterogeneity of applicationsof applications

Semantic Semantic requestrequest

Semantic Semantic responseresponse

DATADATA

Information exchange between sub-networks

How to elaborate flexible and expressive framework for the distributed, collaborative and policy-based management of security?

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 8

AlgorithmAlgorithm

AlgorithmAlgorithmAlgorithmAlgorithmAlgorithmAlgorithm

History History datadata

LearningLearning

Service - Service - FacilitatorFacilitatorService - Service - FacilitatorFacilitator

Transferring the tacit knowledge

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 9

ABB ABB webServicewebServiceABB ABB webServicewebService

AlgorithmAlgorithmAlgorithmAlgorithmAlgorithmAlgorithm AlgorithmAlgorithm AlgorithmAlgorithmAlgorithmAlgorithm

New business model

Secure provisioning of (semantic) web services is still an open research question

How to treat the privacy concerns of the owners of different sub-networks?

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 10

Service - Service - FacilitatorFacilitatorService - Service - FacilitatorFacilitator

Context ProviderContext ProviderContext ProviderContext Provider

Context ProviderContext ProviderContext ProviderContext Provider

Context ProviderContext ProviderContext ProviderContext Provider

Context ProviderContext ProviderContext ProviderContext Provider

Fault prediction:Fault prediction:Fault prediction:Fault prediction:

Integration of contextual data: risk analysis

How to compute reputation and trust for the external contextual services because these issues influence the confidence in predicted risks, fault locations, etc

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 11

SU

RP

AS

Meth

od

olo

gy UBIWARE Domains

SURPAS Functionality

SURPAS Conceptual Semantics

Maintenance Servicesin Paper Industry

Power-NetworkManagement

TelecomNetwork Services

etc

Merged semantics of domains and SURPAS

SURPAS in UBIWARE Applications

Functional Semantics Algorithms Abstract Architecture Reference Implementation

Enforcement Function

Administration Function

The SURPAS research framework• UBIWARE: Configuring and adding new functionality to the

underlying industrial environment on-the-fly by changing high level declarative descriptions.

• SURPAS: Including new, and reconfiguring existing, security mechanisms, for the optimal secure state in response to the dynamically changing environment.

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 12

The SmartResource platform

• UBIWARE relies on results from the SmartResource project (Proactive Self-Maintained Resources in Semantic Web, see http://www.cs.jyu.fi/ai/OntoGroup/SmartResource_details.htm)

• SmartResource technology gives a possibility to be smart to every resource in an industrial system.

• SmartResource is able – To proactively sense, monitor and control own state, – To communicate with other components,– To compose and utilize own and external experience and

functionality for self-diagnostics and self-maintenance.

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 13

Liv

eL

ive

acti

vit

acti

vit yy

Agent’s Roles

Act

ivit

yA

ctiv

ity

Act

ivit

yA

ctiv

ity

Act

ivit

yA

ctiv

ity

Act

ivit

yA

ctiv

ity

Ass

ign

Ro

le

Ass

ign

Ro

le

acti

vit

acti

vit yy Beliefs storage

SmartResource AgentSmartResource Agent ..classclass

.cla

ss

Repository of Repository of the Rolesthe Roles

Advantages include:Advantages include: Flexibility for control and coordinationFlexibility for control and coordination

Remote controlRemote control Up-to-date role scriptsUp-to-date role scripts An agent may ‘learn’ how to play a new role in An agent may ‘learn’ how to play a new role in

run-timerun-time Inter-agent behavior awarenessInter-agent behavior awareness

To ‘understand’ how to interact with another To ‘understand’ how to interact with another agentagent

To coordinate behavior of several agents To coordinate behavior of several agents

Externalization of behaviour models

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 14

Liv

eL

ive

acti

vit

acti

vit yy

Agent’s Roles

Act

ivit

yA

ctiv

ity

Act

ivit

yA

ctiv

ity

Act

ivit

yA

ctiv

ity

Act

ivit

yA

ctiv

ity

Ass

ign

Ro

le

Ass

ign

Ro

le

acti

vit

acti

vit yy Beliefs storage

SmartResource AgentSmartResource Agent ..classclass

.cla

ss

Pool of Atomic Pool of Atomic BehavioursBehaviours

Repository of Repository of the Rolesthe Roles

Added advantages:Added advantages: Ability to ‘learn’ new behavioursAbility to ‘learn’ new behaviours ““Light start” with on-demand Light start” with on-demand

extension of functionalityextension of functionality

On-demand access of RABs

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 15

Reusable

atomic behaviours

Agent’s Roles

Act

ivit

yA

ctiv

ity

Act

ivit

yA

ctiv

ity

Act

ivit

yA

ctiv

ity

Act

ivit

yA

ctiv

ity

Ass

ign

a r

ole

act

ivit

yA

ssig

n a

ro

le a

ctiv

ity

Beliefs storage

Repository of Repository of RolesRoles

Pool of Atomic Pool of Atomic BehavioursBehaviours

SURPAS Policy

Pool of Security Pool of Security MechanismsMechanisms

MechanismMechanismMechanismMechanism

Repository of Repository of PoliciesPolicies

SmartResource Secure AgentSmartResource Secure Agent

Liv

e ac

tivi

ty

Liv

e ac

tivi

ty

wit

hw

ith

SURPAS Policy Enforcement MechanismSURPAS Policy Enforcement Mechanism

The SURPAS Agent’s architecture

23/03/2007

A Security Framework for Smart Ubiquitous Industrial Resources 16

Conclusions• UBIWARE targets physical world objects and thus put security as the

core need-to-be-addressed issue.

• We presented – The SURPAS long-term vision of policy-based optimal management of

security in multi-agent systems like UBIWARE. – The security implications of UBIWARE. – The motivating industrial case.– The SURPAS research framework. – The SURPAS abstract architecture.

• SURPAS as an ambitious target further demands – prototyping of ideas,– reference implementations,– industrial deployments and evaluations,– rigorous and convincing specification of advantages.