FREE ELECTRONIC LIBRARY - Abstracts, online materials

Pages:   || 2 | 3 | 4 | 5 |   ...   | 20 |

«TRUST MANAGEMENT IN DISTRIBUTED RESOURCE CONSTRAINED EMBEDDED SYSTEMS A Dissertation Presented by Peter C. Chapin to The Faculty of the Graduate ...»

-- [ Page 1 ] --



A Dissertation Presented


Peter C. Chapin


The Faculty of the Graduate College


The University of Vermont

In Partial Fullfillment of the Requirements

for the Degree of Doctor of Philosophy

Specializing in Computer Science

January, 2014

Accepted by the Faculty of the Graduate College, The University of Vermont, in partial fulllment of the requirements for the degree of Doctor of Philosophy, specializing in Computer Science.

Thesis Examination Committee:

Advisor Christian Skalka, Ph.D.

Alan Ling, Ph.D.

Margaret Eppstein, Ph.D.

Chairperson Jeffrey Frolik, Ph.D.

Dean, Graduate College Cynthia J. Forehand, Ph.D.

Date: October 25, 2013 Abstract Many embedded systems, such as wireless sensor networks, make use of highly resource constrained devices. Security goals for such systems tend to focus on keeping data confidential from outsiders or ensuring data integrity during communication. However as embedded systems from different administrative domains increasingly come into contact, for example via short hop radio links, a need arises for one system to allow partial access to its resources from adjoining systems. This dissertation explores two approaches for providing distributed trust management facilities to resource constrained embedded systems, in particular wireless sensor networks. The first is a direct approach using a secure remote procedure call mechanism called SpartanRPC. The second is a staged approach using a two stage programming system called Scalaness/nesT. In addition to describing these two approaches this dissertation also presents the results of evaluating them both in test environments and with a realistic application. Both approaches are feasible but the staged approach is far more flexible and, depending on application requirements, more efficient.

Dedication To my wife Sharon for her unwavering support, continuous encouragement, and patient tolerance, and to my parents for showing me the value of education.

ii Acknowledgments This dissertation would not have been possible without the assistance and guidance of many people. I would especially like to thank my adviser Christian Skalka for many years of valuable feedback. I would also like to thank my collaborators Sean Wang, Scott Smith, and especially Simone Willet and Michael Watson for their invaluable assistance in making the work I describe here a reality. Finally I’d like to thank the faculty and staff of the Department of Computer Science at the University of Vermont for creating an environment that allowed me to flourish.

–  –  –

Introduction Embedded systems present difficult programming challenges (Mottola and Picco 2011).

For reasons of size, power consumption, disposability, or some combination of these things, embedded devices are often highly resource constrained. For example, a typical device might have only 48 KiB of program ROM, 10 KiB of RAM, and use a small, 16 bit microcontroller running at 8 MHz (moteiv 2006). Yet embedded applications are increasing in complexity and often provide mission-critical or even safety-critical services. Such systems need to be both efficient and correct.

This dissertation specifically looks at the problem of providing distributed trust management in resource constrained embedded systems. Here trust management refers to a general approach for authorizing access to resources in an environment where the identity of requesting principals is not known to the authorizer. A trust management system provides a way for the authorizer to define an access policy in terms of arbitrary certified attributes that the requester must possess. Many trust management systems have been described in the literature (Chapin, Skalka, and Wang 2008), and they vary in complexity, expressivity, and mathematical foundations. However, they all attempt to provide a well structured approach to the problem of access control in widely distributed and dynamic environments.

Trust management systems are typically designed for use by authorizers with resource rich machines such as commercial web servers. Yet there are embedded applications that could also benefit from trust management. For example, “smart cars” that communicate

–  –  –

2009), or body area networks that provide medical monitoring features (Shnayder, Chen, Lorincz, Jones, and Welsh 2005; Chen, Gonzalez, Vasilakos, Cao, and Leung 2011), may encounter many unknown principals during their operation. The security and safety of these applications, and many others, will depend on their ability to distinguish trustworthy principals from unreliable or malicious ones.

For reasons of space and time efficiency, many embedded systems are programmed in low level languages such as C. Programming at that level is complicated and error prone. It is desirable, therefore, to provide programmers with convenient abstractions to shield them from low level complexities. These abstractions should be in the programming language itself, and this dissertation is about providing enriched languages that can address the needs of modern embedded systems in general and the embedded trust management problem in particular. This language based approach moves some of the work of producing correct programs to the language compiler and runtime system. Language features can be formally analyzed and rigorously tested once and then applied to many applications. This is in contrast to each application being an ad-hoc construction of customized components with limited use beyond the application for which they were created.

The value of formal foundations cannot be overstated. In critical systems where safety or security is at stake, a rigorous understanding of the mechanisms being used is essential.

For example, trust management systems that provide a precisely defined policy language are preferable to systems that use informal methods.

The focus of this dissertation is on a kind of embedded system called a wireless sensor network (WSN). Such systems consist of a network of small sensors or actuators that are connected by way of short hop radio links. Commonly such networks include one or more base stations, or “hubs,” with wider connectivity that serve as an interface between the sensor network and external systems. Wireless sensor networks are an area of intense study with many envisioned applications ranging from environment, asset, and structural monitoring to emergency response (Culler, Estrin, and Srivastava 2004; Lorincz, Malan, Fulford-Jones, Nawoj, Clavel, Shnayder, Mainland, Welsh, and Moulton 2004). Yet despite the use of sensor networks to demonstrate the systems described herein, the techniques can be used with a wide range of embedded applications.

Two approaches to solving the problem of providing trust management-style distributed authorization in resource constrained embedded systems are discussed here. The first approach is based on a new remote procedure call (RPC) discipline named SpartanRPC (Chapin and Skalka 2010; Chapin and Skalka 2013). In this method all trust management computations are done directly on the embedded devices. However, the complexity of the system is hidden from the programmer behind a simple extension to the widely used nesC programming language (Gay, Levis, von Behren, Welsh, Brewer, and Culler 2003).

In order to implement this direct approach, a compiler called Sprocket has been created.

Sprocket takes an extended dialect of the nesC language as input and outputs an equivalent program in ordinary nesC. In addition Sprocket outputs the necessary runtime support to process authorization requests and policy statements in the RT0 trust management language (Li, Mitchell, and Winsborough 2002; Li and Mitchell 2003b).

The second approach presented is based on staged programming (Taha and Sheard 1997; Sheard and Jones 2002; Mainland, Morrisett, and Welsh 2008; Liu, Skalka, and Smith 2012). In a staged environment, a first stage program is used to compose and specialize a lower level, second stage program. Specialized code can often be considerably optimized. However, flexibility is retained because the first stage program can be re-executed at a later time to re-specialize the second stage program as needed.

Unlike with many staging systems, the work described here uses stages with different programming languages and that execute on different machines, i.e., in different address spaces. When applied to embedded systems the second (and final) stage must be in an embedded systems language running on the embedded hardware, whereas the first stage need not be as restricted.

This dissertation also describes Scalaness (Chapin, Skalka, Smith, and Watson 2013), an extension of Scala (Odersky, Spoon, and Venners 2011) with features that allow the programmer to compose and specialize components written in a reduced dialect of nesC called nesT. An important and novel feature of Scalaness is that it extends Scala’s type system, so that a well-typed Scalaness program will always generate a well-typed nesT program. This cross-stage type safety property means the type correctness of the program that ultimately runs on the embedded device is guaranteed by the first stage Scalaness compiler.

Scala was chosen as the basis for the first stage language largely for pragmatic reasons, primarily to build a system that could be used for real applications. Scala is a rich language that runs on the Java Virtual Machine (JVM) and has access to the Java ecosystem. Also the Scala compiler has a plugin architecture, and it was originally intended to implement Scalaness as a compiler plugin. Unfortunately, as described in chapter 5 that proved difficult and Scalaness was instead implemented as a direct modification to the Scala compiler itself.

1.1 Motivation As an example of an application that illustrates the concepts of trust management in embedded systems, consider a first responder situation in which multiple social entities must interact and cooperate. Recent work has shown the effectiveness of wireless sensor networks in such scenarios (Gao, Pesto, Selavo, Chen, Ko, Lim, Terzis, Watt, Jeng, Chen, Lorincz, and Welsh 2008; Lorincz, Malan, Fulford-Jones, Nawoj, Clavel, Shnayder, Mainland, Welsh, and Moulton 2004) in their ability to coordinate multiple data collection and communication devices in an ad-hoc, easily deployable fashion. However, data collection and communication in this scenario (and other similar ones) must be a secured resource, due to, e.g., HIPA requirements in the case of medical response. Furthermore, security must be coordinated on-site in a sensor network comprising subnetworks administered separately (police, medical units from different hospitals, etc.), and no prior coordination between administrations can generally be assumed. Trust management authorization is well suited for this kind of scenario.

For instance, if an EMT team deploys a sensor network to monitor patient locations and vital signs, a security policy can be imposed whereby responding police departments can deploy their own sensor network, and through it access patient identity and location data but not medical data directly from the EMT network. This direct data access will often be necessary due to real-time constraints and lack of Internet connectivity in emergency situations.

SpartanRPC’s ability to do trust management on the network nodes themselves would be invaluable in this scenario. However, Scalaness may also be useful. In the staged case, powerful base stations could communicate perhaps by way of shared files manually carried from one machine to the next. Since the first stage program does not need to execute frequently such sharing could be done while each service provider is setting up at the location of the emergency. Other environmental and security factors could be provided to the first stage program at that time, allowing the node software to be quickly and easily customized for the particular disaster at hand.

More generally Figure 1.1 shows two wireless sensor networks owned by separate adFigure 1.1: Motivational Scenario ministrative domains, A and B. The lower part of the figure shows the networks as consisting of multiple sensor nodes. Each node in the networks is an example of a resource constrained embedded system. The two networks overlap in space so that nodes from the two networks can potentially communicate with each other.

In some applications it may be desirable for the networks to share certain information while keeping other information private. As one example, A and B may agree to use each other’s nodes for accurate time synchronization to their mutual best interest without wanting to share any other functionality. Alternatively, perhaps the networks are willing to carry data from foreign isolated nodes thus increasing each other’s connectivity and enhancing their useful lifetimes, all without being able to access each other’s primary functions.

In other scenarios one of the networks, say B, may be reduced to a single mobile node that wanders into the field of an established network A. In that case B may wish to query A or otherwise interact with it, yet A and B may have no prior association. section 6.1 describes a specific scenario of this type used during the evaluation of the work presented here.

Trust management systems provide exactly the kind of flexible, policy-driven authorization control needed to address these situations. The ability to define access policy for unknown principals, the hallmark of trust management, is particularly important in the case of mobile embedded systems where encountering new principals is routine.

SpartanRPC addresses this problem directly by providing a way for the embedded devices themselves to execute trust management logic. In that case no additional supporting infrastructure is needed but the nodes are required to do extensive computations.

Scalaness, as a staged programming system, requires support beyond the nodes where the first stage program can execute. This additional support is shown on top of Figure 1.1 where Scalaness programs execute on the base stations of A and B to compute node programs for deployment that are specialized with appropriate session keys. The Scalaness programs can communicate over the Internet to share credentials or other security tokens as required.

Pages:   || 2 | 3 | 4 | 5 |   ...   | 20 |

Similar works:

«YORUBA-ONDO PROVERBS: A LITERARY STUDY OF THEMES, FUNCTIONS AND POETIC DEVICES ARINOLA CECILIA AKINMADE N.C.E, B.A. & M. A. PGA/UJ/9746/97 A Thesis in the Department of ENGLISH, Faculty of Arts, Submitted to the School of Post Graduate Studies, University of Jos, in partial fulfilment of the requirements for the award of the degree of DOCTOR OF PHILOSOPHY of the UNIVERSITY OF JOS JANUARY 2005 iii DECLARATION I, Arinola Cecilia Akinmade, do hereby declare candidly and sincerely: a) That this...»

«Self-knowledge (But not: “Know Thyself”) Self-knowledge (But not: “Know Thyself”) Annalisa Coliva April, 7 2004 Introduction The constraints on any feasible account of self-knowledge A naturalist account of self-knowledge I: Armstrong A naturalist account of self-knowledge II: Gopnik’s theory-theory A constitutive account of self-knowledge The constitutive thesis The first half of the constitutive thesis: transparency The second half of the constitutive thesis: authority A mo’ di...»

«General and Specific Avoidance Coping: The Development and Validation of a New Scale. A thesis submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy by Leendert Johannes (Lehan) Stemmet University of Canterbury College of Science “In our privileged lives, we are uniquely smart enough to have invented these stressors and uniquely foolish enough to have let them, too often, dominate our lives. Surely we have the potential to be uniquely wise enough to banish...»

«Q2 2012 RiverPark Large Growth Fund (Tickers: RPXIX/RPXFX) RiverPark Investment Philosophy RiverPark Advisors, LLC (“RiverPark”), the Funds’ SEC registered investment adviser, was founded on the premise that we could bring together a group of bestin-class investment managers, with a client-centric approach to products and fees, and create funds that reflect our research-driven, long-term approach to investing. In particular, the RiverPark Large Growth Fund (the “Fund”) was launched as...»

«Precision VLBI astrometry: Instrumentation, algorithms and pulsar parallax determination Adam Travis Deller Presented in fulfillment of the requirements of the degree of Doctor of Philosophy January 2009 Faculty of Information and Communication Technology Swinburne University Abstract This thesis describes the development of DiFX, the first general–purpose software correlator for radio interferometry, and its use with the Australian Long Baseline Array to complete the largest Very Long...»

«Proceedings of the first International Conference on Systems Thinking in Management, Geelong, Australia, 2000, pp 532-537. Complexity Science: A ‘Grey’ Science for the ‘Stuff in Between’ Kurt A. Richardson1, Paul Cilliers2, and Michael Lissack3 Institute for the Study of Coherence and Emergence, Boston, USA E-mail: kurt@kur trichardson.com Department of Philosophy, University of Stellenbosch, Stellenbosch 7600, South Africa E-mail: fpc@akad.sun.ac.za Institute for the Study of...»

«Parallax Photography: Creating 3D Motions from Stills Ke Colin Zheng A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy University of Washington Program Authorized to Offer Degree: Computer Science & Engineering University of Washington Graduate School This is to certify that I have examined this copy of a doctoral dissertation by Ke Colin Zheng and have found that it is complete and satisfactory in all respects, and that any and all...»

«KNOW THYSELF : THE IMPACT OF PORTFOLIO DEVELOPMENT ON ADULT LEARNING JUDITH O. BROWN Barry University Thousands of years ago the Greeks carved above their temples the phrase know thyself, two simple words that imply a lifetime of investigation. Throughout the ages philosophers and scholars have emphasized the importance of self-knowledge as an outcome of learning. One teaching strategy that facilitates self-knowledge among adult students is the creation of an experiential learning portfolio...»

«How I Managed $20,000,000,000 by Age 32 by Wade Slome Take a Peek Inside. How I Managed $20,000,000,000.00 by Age 32 by Wade Slome, CFA, CFP Page 1 Sidoxia Capital Management www.Sidoxia.com How I Managed $20,000,000,000 by Age 32 by Wade Slome Table of Contents Preface Chapter 1: Influence/The Beginning Chapter 2: No Success Without Failure/Paying My Dues Chapter 3: Chasing Profits – Is the Market Efficient Chapter 4: Investment Philosophy Chapter 5: Hedge Funds Chapter 6: Managing Millions...»

«The Wisdom of Father Brown Author(s): Chesterton, Gilbert K (1874-1936) Publisher: Christian Classics Ethereal Library, Grand Rapids, MI Description: This is the second compilation of Father Brown short stories, the first being The Innocence of Father Brown (a good place to start when diving into his world). Lovers of mystery will become quickly entrenched in the world of G.K. Chesterton's classic detective stories. Often labeled the intuitive cousin of Arthur Conan Doyle's deductive Sherlock...»

«Pablo Valdivia y Alvarado Engineering Product Development, Singapore University of Technology and Design 8 Somapah Road, # 02-101, Building 1, Level 2, Singapore 487372, PH: (65)-6499-8883 Email: pablov@sutd.edu.sg Web: www.dedoux.com RESEARCH INTERESTS: Soft Robots and Sensors, Bio-inspired Design, Modeling and Control of Unsteady Locomotion in Fluids, Environmental Studies.EDUCATION Massachusetts Institute of Technology Cambridge, MA Doctor of Philosophy in Mechanical Engineering, 2007....»

«continent. Objects as Temporary Autonomous Zones Timothy Morton The world is teeming. Anything can happen. John Cage, “Silence” continent.1.3 (2011) 149-155 Autonomy means that although something is part of something else, or related to it in some way, it has its own “law” or “tendency” (Greek, nomos). In their book on life sciences, Medawar and Medawar state, “Organs and tissues.are composed of cells which.have a high measure of autonomy.”1 Autonomy also has ethical and...»

<<  HOME   |    CONTACTS
2017 www.abstract.dislib.info - Abstracts, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.