SlideShare una empresa de Scribd logo

Smart-m3 Security Model

OSLL
OSLL
Dispositivos y hardware
1 de 17
Descargar para leer sin conexión
Distributed service environment (smart spaces) security model development Kirill Yudenok, Kirill Krinkin FRUCT LETI Lab, Open Source & Linux Lab FRUCT 12th, Oulu, November, 2012
Agenda Motivation; Goal and tasks; Current Smart-M3 security; Security model development; Smart-M3 security realization: HIP-agent; smart space RDF-graph mapping to the virtual file system (VFS); What was done? Future research and development; FRUCT 12th 8 Nov 2012 2
Motivation access control mechanism for the smart space platform, for example Smart-M3; protection information mechanism of the space; research information security within the smart space area. FRUCT 12th 8 Nov 2012 3
Goal and Tasks The project goal Development a security model for distributed service environment (smart spaces, SS), access control algorithms and test developed components as a part of the SS Smart-M3 platform; The main tasks of the project investigation of the basic security models and creation own security solutions; development a security model for Smart Spaces; modeling and development security model components for the Smart-M3 platform; testing developed components and algorithms within the Smart-M3 platform; FRUCT 12th 8 Nov 2012 4
Smart-M3 security What do we have? access control at triple level [1]; context-based and access control policies; security objects as triple patterns; What do we want? identification and authentication mechanism of the SS subjects; authorization and access control mechanism of SS subjects; data privacy; [1] A.D’Elia, J.Honkola, D.Manzaroli, T.S.Cinotii – Access Control at Triple Level: Specification and Enforcement of a Simple RDF Model to Support Concurrent Applications in Smart Environments, 2011. FRUCT 12th 8 Nov 2012 5
Security model development Identification and authentication of space subjects: HIP, PAM; Authorization and access control of space subjects: discretionary security model; smart space RDF-graph mapping to the virtual file system (VFS); named graphs; access control ontology; security extensions for smart space database. FRUCT 12th 8 Nov 2012 6
Smart-M3 security realization Identification and authentication mechanisms prospective architecture of HIP-agent; interaction of HIP-agent components. Authorization and access control mechanisms smart space RDF-graph mapping to the VFS; intermediate solution of the graph mapping; implementation mechanism to the Smart-M3 platform. FRUCT 12th 8 Nov 2012 7
Prospective architecture of HIP-agent Identification and authentication of the client: 1. Client connection request to the SS; 2. Request intercepting by the HIP-agent; 3. Protocol-based HIP identification and authentication of the client. FRUCT 12th 8 Nov 2012 8
Interaction of HIP-agent components The process of SIB HIP-agent Client connecting the client to hash, SS, request the space: 1. Transmission the client hash key to HIP-agent; hash valid? 2. Checking validity of the hash key; hash valid 3. Identification and hash, SS, response authentication of the client; 4. Connection to the SS. FRUCT 12th 8 Nov 2012 9
Smart Space RDF-graph mapping information of SS is stored in a relational database, smart space database (SQLite); information of SS is presented in triple form (S, P, O); set of triples stored in specific database tables; Solution: The virtual FS, that mapping information of SS in a certain directory structure. FRUCT 12th 8 Nov 2012 10
The updated directory structure of VFS provide more accuracy right to triplets (information) of the space; FRUCT 12th 8 Nov 2012 11
The intermediate solution of the graph mapping Working with SS database: get all triples and save them in memory of data structure (SQLite): receiving all objects, subjects, predicates and their values; Creating a VFS directory structure based on the data: creating of virtual FS using FUSE technology (fusekit), setting permissions; FRUCT 12th 8 Nov 2012 12
Implementation mechanism to the Smart-M3 platform modification of Smart-M3 platform piglet module: piglet proxy creation for new extensions; replacement of all smart space database operations to mapping FS operations; determine and verify client access permissions; testing operations on the client side. FRUCT 12th 8 Nov 2012 13
FRUCT 12th 8 Nov 2012 14
What was done? analyzed and designed the HIP protocol-based mechanism of identification and authentication; the mechanism of authorization and SS subjects access control by mapping RDF-graph to the virtual file system is developed; mechanism tested in the Smart-M3 platform; the implementation process of HIP-agent and mapping mechanism to the Smart-M3 platform is started; FRUCT 12th 8 Nov 2012 15
Future research and development Main HIP-agent development; implementation of mapping model to Smart-M3 platform; set permissions tool development for mapping FS; Additional named graph authorization system development; adding developed mechanisms to new version of Smart- M3 platform (Redland); FRUCT 12th 8 Nov 2012 16
Questions & Answers Kirill Yudenok, Kirill Krinkin {kirill.yudenok, kirill.krinkin}@gmail.com Open Source & Linux Lab, http://osll.fruct.org, osll@fruct.org FRUCT 12th, Oulu, November, 2012

Recomendados

PhD Projects in MQTT Protocol Research Guidance
PhD Projects in MQTT Protocol Research GuidancePhD Projects in MQTT Protocol Research Guidance
PhD Projects in MQTT Protocol Research GuidancePhD Services
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 
Identity based proxy-oriented data uploading and
Identity based proxy-oriented data uploading andIdentity based proxy-oriented data uploading and
Identity based proxy-oriented data uploading andKamal Spring
 
BLOCKCHAIN-BASED SMART CONTRACTS : A SYSTEMATIC MAPPING STUDY
BLOCKCHAIN-BASED SMART CONTRACTS : A SYSTEMATIC MAPPING STUDY BLOCKCHAIN-BASED SMART CONTRACTS : A SYSTEMATIC MAPPING STUDY
BLOCKCHAIN-BASED SMART CONTRACTS : A SYSTEMATIC MAPPING STUDY csandit
 
A SYSTEMATIC MAPPING STUDY ON CURRENT RESEARCH TOPICS IN SMART CONTRACTS
A SYSTEMATIC MAPPING STUDY ON CURRENT RESEARCH TOPICS IN SMART CONTRACTSA SYSTEMATIC MAPPING STUDY ON CURRENT RESEARCH TOPICS IN SMART CONTRACTS
A SYSTEMATIC MAPPING STUDY ON CURRENT RESEARCH TOPICS IN SMART CONTRACTSijcsit
 
Using Blockchain for Digital Identifiers. The case of LEI.
Using Blockchain for Digital Identifiers. The case of LEI.Using Blockchain for Digital Identifiers. The case of LEI.
Using Blockchain for Digital Identifiers. The case of LEI.sopekmir
 
Blockchain Essentials for Business Leaders - Value Propositions and Advantage...
Blockchain Essentials for Business Leaders - Value Propositions and Advantage...Blockchain Essentials for Business Leaders - Value Propositions and Advantage...
Blockchain Essentials for Business Leaders - Value Propositions and Advantage...Gokul Alex
 
Blockchain
BlockchainBlockchain
Blockchainpushparj
 

Recomendados

PhD Projects in MQTT Protocol Research Guidance
PhD Projects in MQTT Protocol Research GuidancePhD Projects in MQTT Protocol Research Guidance
PhD Projects in MQTT Protocol Research GuidancePhD Services
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 
Identity based proxy-oriented data uploading and
Identity based proxy-oriented data uploading andIdentity based proxy-oriented data uploading and
Identity based proxy-oriented data uploading andKamal Spring
 
BLOCKCHAIN-BASED SMART CONTRACTS : A SYSTEMATIC MAPPING STUDY
BLOCKCHAIN-BASED SMART CONTRACTS : A SYSTEMATIC MAPPING STUDY BLOCKCHAIN-BASED SMART CONTRACTS : A SYSTEMATIC MAPPING STUDY
BLOCKCHAIN-BASED SMART CONTRACTS : A SYSTEMATIC MAPPING STUDY csandit
 
A SYSTEMATIC MAPPING STUDY ON CURRENT RESEARCH TOPICS IN SMART CONTRACTS
A SYSTEMATIC MAPPING STUDY ON CURRENT RESEARCH TOPICS IN SMART CONTRACTSA SYSTEMATIC MAPPING STUDY ON CURRENT RESEARCH TOPICS IN SMART CONTRACTS
A SYSTEMATIC MAPPING STUDY ON CURRENT RESEARCH TOPICS IN SMART CONTRACTSijcsit
 
Using Blockchain for Digital Identifiers. The case of LEI.
Using Blockchain for Digital Identifiers. The case of LEI.Using Blockchain for Digital Identifiers. The case of LEI.
Using Blockchain for Digital Identifiers. The case of LEI.sopekmir
 
Blockchain Essentials for Business Leaders - Value Propositions and Advantage...
Blockchain Essentials for Business Leaders - Value Propositions and Advantage...Blockchain Essentials for Business Leaders - Value Propositions and Advantage...
Blockchain Essentials for Business Leaders - Value Propositions and Advantage...Gokul Alex
 
Blockchain
BlockchainBlockchain
Blockchainpushparj
 
Fruct14 sholokhova
Fruct14 sholokhovaFruct14 sholokhova
Fruct14 sholokhovaOSLL
 
Json protocol, Geo2tag REST API fundamentals
Json protocol, Geo2tag REST API fundamentalsJson protocol, Geo2tag REST API fundamentals
Json protocol, Geo2tag REST API fundamentalsOSLL
 
NA_EXER_LAYER_MASK_COMP
NA_EXER_LAYER_MASK_COMPNA_EXER_LAYER_MASK_COMP
NA_EXER_LAYER_MASK_COMPNova Armstrong@Wallace State Community College
 
Doctor search service with Geo2tag, Bezyazychnyy, Krinkin
Doctor search service with Geo2tag, Bezyazychnyy, Krinkin Doctor search service with Geo2tag, Bezyazychnyy, Krinkin
Doctor search service with Geo2tag, Bezyazychnyy, Krinkin OSLL
 
Na bridge pdf
Na bridge pdfNa bridge pdf
Na bridge pdfNova Armstrong@Wallace State Community College
 
Governo rodrigues alves
Governo rodrigues alvesGoverno rodrigues alves
Governo rodrigues alvesNelia Salles Nantes
 
Na word
Na wordNa word
Na wordNova Armstrong@Wallace State Community College
 
Reinos africanos
Reinos africanosReinos africanos
Reinos africanosNelia Salles Nantes
 
Detection pulse by video
Detection pulse by video Detection pulse by video
Detection pulse by video OSLL
 
A 1ª guerra mundial
A 1ª guerra mundialA 1ª guerra mundial
A 1ª guerra mundialNelia Salles Nantes
 
Na pp
Na ppNa pp
Na ppNova Armstrong@Wallace State Community College
 
Geo2tag performance evaluation, Zaslavsky, Krinkin
Geo2tag performance evaluation, Zaslavsky, Krinkin Geo2tag performance evaluation, Zaslavsky, Krinkin
Geo2tag performance evaluation, Zaslavsky, Krinkin OSLL
 
Catalogo de conceptos clinica.xlsx
Catalogo de conceptos clinica.xlsxCatalogo de conceptos clinica.xlsx
Catalogo de conceptos clinica.xlsxJesus Rodrigo Guzman
 
O imperialismo definições
O imperialismo definiçõesO imperialismo definições
O imperialismo definiçõesNelia Salles Nantes
 
Exer mask 2_filter_variation
Exer mask 2_filter_variationExer mask 2_filter_variation
Exer mask 2_filter_variationNova Armstrong@Wallace State Community College
 
Na acrobat pdf
Na acrobat pdfNa acrobat pdf
Na acrobat pdfNova Armstrong@Wallace State Community College
 
Slidesharepresentation introphoto
Slidesharepresentation introphotoSlidesharepresentation introphoto
Slidesharepresentation introphotoNova Armstrong@Wallace State Community College
 
A crise de 1929 prof nélia-2016
A crise de 1929 prof nélia-2016A crise de 1929 prof nélia-2016
A crise de 1929 prof nélia-2016Nelia Salles Nantes
 
Middle Ages primary level presentation
Middle Ages primary level presentationMiddle Ages primary level presentation
Middle Ages primary level presentationlexie2012
 
Lbs for transport monitoring based on geo2tag
Lbs for transport monitoring based on geo2tagLbs for transport monitoring based on geo2tag
Lbs for transport monitoring based on geo2tagOSLL
 
Smart-m3 Security Demo (k. yudenok)
Smart-m3 Security Demo (k. yudenok)Smart-m3 Security Demo (k. yudenok)
Smart-m3 Security Demo (k. yudenok)OSLL
 
Grid.pdf
Grid.pdfGrid.pdf
Grid.pdfANIKETKUMARSHARMA3
 

Más contenido relacionado

Destacado

Fruct14 sholokhova
Fruct14 sholokhovaFruct14 sholokhova
Fruct14 sholokhovaOSLL
 
Json protocol, Geo2tag REST API fundamentals
Json protocol, Geo2tag REST API fundamentalsJson protocol, Geo2tag REST API fundamentals
Json protocol, Geo2tag REST API fundamentalsOSLL
 
Doctor search service with Geo2tag, Bezyazychnyy, Krinkin
Doctor search service with Geo2tag, Bezyazychnyy, Krinkin Doctor search service with Geo2tag, Bezyazychnyy, Krinkin
Doctor search service with Geo2tag, Bezyazychnyy, Krinkin OSLL
 
Detection pulse by video
Detection pulse by video Detection pulse by video
Detection pulse by video OSLL
 
Geo2tag performance evaluation, Zaslavsky, Krinkin
Geo2tag performance evaluation, Zaslavsky, Krinkin Geo2tag performance evaluation, Zaslavsky, Krinkin
Geo2tag performance evaluation, Zaslavsky, Krinkin OSLL
 
Catalogo de conceptos clinica.xlsx
Catalogo de conceptos clinica.xlsxCatalogo de conceptos clinica.xlsx
Catalogo de conceptos clinica.xlsxJesus Rodrigo Guzman
 
A crise de 1929 prof nélia-2016
A crise de 1929 prof nélia-2016A crise de 1929 prof nélia-2016
A crise de 1929 prof nélia-2016Nelia Salles Nantes
 
Middle Ages primary level presentation
Middle Ages primary level presentationMiddle Ages primary level presentation
Middle Ages primary level presentationlexie2012
 
Lbs for transport monitoring based on geo2tag
Lbs for transport monitoring based on geo2tagLbs for transport monitoring based on geo2tag
Lbs for transport monitoring based on geo2tagOSLL
 

Destacado (20)

Fruct14 sholokhova
Fruct14 sholokhovaFruct14 sholokhova
Fruct14 sholokhova
 
Json protocol, Geo2tag REST API fundamentals
Json protocol, Geo2tag REST API fundamentalsJson protocol, Geo2tag REST API fundamentals
Json protocol, Geo2tag REST API fundamentals
 
NA_EXER_LAYER_MASK_COMP
NA_EXER_LAYER_MASK_COMPNA_EXER_LAYER_MASK_COMP
NA_EXER_LAYER_MASK_COMP
 
Doctor search service with Geo2tag, Bezyazychnyy, Krinkin
Doctor search service with Geo2tag, Bezyazychnyy, Krinkin Doctor search service with Geo2tag, Bezyazychnyy, Krinkin
Doctor search service with Geo2tag, Bezyazychnyy, Krinkin
 
Na bridge pdf
Na bridge pdfNa bridge pdf
Na bridge pdf
 
Governo rodrigues alves
Governo rodrigues alvesGoverno rodrigues alves
Governo rodrigues alves
 
Na word
Na wordNa word
Na word
 
Reinos africanos
Reinos africanosReinos africanos
Reinos africanos
 
Detection pulse by video
Detection pulse by video Detection pulse by video
Detection pulse by video
 
A 1ª guerra mundial
A 1ª guerra mundialA 1ª guerra mundial
A 1ª guerra mundial
 
Na pp
Na ppNa pp
Na pp
 
Geo2tag performance evaluation, Zaslavsky, Krinkin
Geo2tag performance evaluation, Zaslavsky, Krinkin Geo2tag performance evaluation, Zaslavsky, Krinkin
Geo2tag performance evaluation, Zaslavsky, Krinkin
 
Catalogo de conceptos clinica.xlsx
Catalogo de conceptos clinica.xlsxCatalogo de conceptos clinica.xlsx
Catalogo de conceptos clinica.xlsx
 
O imperialismo definições
O imperialismo definiçõesO imperialismo definições
O imperialismo definições
 
Exer mask 2_filter_variation
Exer mask 2_filter_variationExer mask 2_filter_variation
Exer mask 2_filter_variation
 
Na acrobat pdf
Na acrobat pdfNa acrobat pdf
Na acrobat pdf
 
Slidesharepresentation introphoto
Slidesharepresentation introphotoSlidesharepresentation introphoto
Slidesharepresentation introphoto
 
A crise de 1929 prof nélia-2016
A crise de 1929 prof nélia-2016A crise de 1929 prof nélia-2016
A crise de 1929 prof nélia-2016
 
Middle Ages primary level presentation
Middle Ages primary level presentationMiddle Ages primary level presentation
Middle Ages primary level presentation
 
Lbs for transport monitoring based on geo2tag
Lbs for transport monitoring based on geo2tagLbs for transport monitoring based on geo2tag
Lbs for transport monitoring based on geo2tag
 

Similar a Smart-m3 Security Model

Smart-m3 Security Demo (k. yudenok)
Smart-m3 Security Demo (k. yudenok)Smart-m3 Security Demo (k. yudenok)
Smart-m3 Security Demo (k. yudenok)OSLL
 
IRJET - Privacy Preserving Keyword Search over Encrypted Data in the Cloud
IRJET - Privacy Preserving Keyword Search over Encrypted Data in the CloudIRJET - Privacy Preserving Keyword Search over Encrypted Data in the Cloud
IRJET - Privacy Preserving Keyword Search over Encrypted Data in the CloudIRJET Journal
 
Semantic Sensor Service Networks
Semantic Sensor Service NetworksSemantic Sensor Service Networks
Semantic Sensor Service NetworksPayamBarnaghi
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Pushpa
 
a novel approach for data uploading
a novel approach for data uploadinga novel approach for data uploading
a novel approach for data uploadingIJAEMSJORNAL
 
Improving Efficiency of Security in Multi-Cloud
Improving Efficiency of Security in Multi-CloudImproving Efficiency of Security in Multi-Cloud
Improving Efficiency of Security in Multi-CloudIJTET Journal
 
Attribute-Based Data Sharing
Attribute-Based Data SharingAttribute-Based Data Sharing
Attribute-Based Data SharingIJERA Editor
 
Efficient Similarity Search over Encrypted Data
Efficient Similarity Search over Encrypted DataEfficient Similarity Search over Encrypted Data
Efficient Similarity Search over Encrypted DataIRJET Journal
 
Net-Centric Data Strategy
Net-Centric Data StrategyNet-Centric Data Strategy
Net-Centric Data StrategyDaniel Risacher
 
Data Sharing with Sensitive Information Hiding in Data Storage using Cloud Co...
Data Sharing with Sensitive Information Hiding in Data Storage using Cloud Co...Data Sharing with Sensitive Information Hiding in Data Storage using Cloud Co...
Data Sharing with Sensitive Information Hiding in Data Storage using Cloud Co...ijtsrd
 
An Efficient User Privacy and Protecting Location Content in Location Based S...
An Efficient User Privacy and Protecting Location Content in Location Based S...An Efficient User Privacy and Protecting Location Content in Location Based S...
An Efficient User Privacy and Protecting Location Content in Location Based S...IJRST Journal
 
Two Level Auditing Architecture to Maintain Consistent In Cloud
Two Level Auditing Architecture to Maintain Consistent In CloudTwo Level Auditing Architecture to Maintain Consistent In Cloud
Two Level Auditing Architecture to Maintain Consistent In Cloudtheijes
 
A Robust finger Print Authentication Scheme viaBlockchain to retrieve Citizen...
A Robust finger Print Authentication Scheme viaBlockchain to retrieve Citizen...A Robust finger Print Authentication Scheme viaBlockchain to retrieve Citizen...
A Robust finger Print Authentication Scheme viaBlockchain to retrieve Citizen...IRJET Journal
 
IRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage
IRJET- Efficient Traceable Authorization Search System for Secure Cloud StorageIRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage
IRJET- Efficient Traceable Authorization Search System for Secure Cloud StorageIRJET Journal
 
Session-2_ETSI-ISG-CIM_EG4U_NGSI-LD_Overview_and_Status_final_Mike-Fischer.pdf
Session-2_ETSI-ISG-CIM_EG4U_NGSI-LD_Overview_and_Status_final_Mike-Fischer.pdfSession-2_ETSI-ISG-CIM_EG4U_NGSI-LD_Overview_and_Status_final_Mike-Fischer.pdf
Session-2_ETSI-ISG-CIM_EG4U_NGSI-LD_Overview_and_Status_final_Mike-Fischer.pdfalamak88w
 

Similar a Smart-m3 Security Model (20)

Smart-m3 Security Demo (k. yudenok)
Smart-m3 Security Demo (k. yudenok)Smart-m3 Security Demo (k. yudenok)
Smart-m3 Security Demo (k. yudenok)
 
Grid.pdf
Grid.pdfGrid.pdf
Grid.pdf
 
IRJET - Privacy Preserving Keyword Search over Encrypted Data in the Cloud
IRJET - Privacy Preserving Keyword Search over Encrypted Data in the CloudIRJET - Privacy Preserving Keyword Search over Encrypted Data in the Cloud
IRJET - Privacy Preserving Keyword Search over Encrypted Data in the Cloud
 
Semantic Sensor Service Networks
Semantic Sensor Service NetworksSemantic Sensor Service Networks
Semantic Sensor Service Networks
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
 
a novel approach for data uploading
a novel approach for data uploadinga novel approach for data uploading
a novel approach for data uploading
 
Improving Efficiency of Security in Multi-Cloud
Improving Efficiency of Security in Multi-CloudImproving Efficiency of Security in Multi-Cloud
Improving Efficiency of Security in Multi-Cloud
 
Attribute-Based Data Sharing
Attribute-Based Data SharingAttribute-Based Data Sharing
Attribute-Based Data Sharing
 
Globus and Gridbus
Globus and GridbusGlobus and Gridbus
Globus and Gridbus
 
Globus ppt
Globus pptGlobus ppt
Globus ppt
 
Cloud computing projects
Cloud computing projects Cloud computing projects
Cloud computing projects
 
Efficient Similarity Search over Encrypted Data
Efficient Similarity Search over Encrypted DataEfficient Similarity Search over Encrypted Data
Efficient Similarity Search over Encrypted Data
 
Net-Centric Data Strategy
Net-Centric Data StrategyNet-Centric Data Strategy
Net-Centric Data Strategy
 
Data Sharing with Sensitive Information Hiding in Data Storage using Cloud Co...
Data Sharing with Sensitive Information Hiding in Data Storage using Cloud Co...Data Sharing with Sensitive Information Hiding in Data Storage using Cloud Co...
Data Sharing with Sensitive Information Hiding in Data Storage using Cloud Co...
 
An Efficient User Privacy and Protecting Location Content in Location Based S...
An Efficient User Privacy and Protecting Location Content in Location Based S...An Efficient User Privacy and Protecting Location Content in Location Based S...
An Efficient User Privacy and Protecting Location Content in Location Based S...
 
Two Level Auditing Architecture to Maintain Consistent In Cloud
Two Level Auditing Architecture to Maintain Consistent In CloudTwo Level Auditing Architecture to Maintain Consistent In Cloud
Two Level Auditing Architecture to Maintain Consistent In Cloud
 
A Robust finger Print Authentication Scheme viaBlockchain to retrieve Citizen...
A Robust finger Print Authentication Scheme viaBlockchain to retrieve Citizen...A Robust finger Print Authentication Scheme viaBlockchain to retrieve Citizen...
A Robust finger Print Authentication Scheme viaBlockchain to retrieve Citizen...
 
Secure Data Transmission using IBOOS in VANET
Secure Data Transmission using IBOOS in VANET Secure Data Transmission using IBOOS in VANET
Secure Data Transmission using IBOOS in VANET
 
IRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage
IRJET- Efficient Traceable Authorization Search System for Secure Cloud StorageIRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage
IRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage
 
Session-2_ETSI-ISG-CIM_EG4U_NGSI-LD_Overview_and_Status_final_Mike-Fischer.pdf
Session-2_ETSI-ISG-CIM_EG4U_NGSI-LD_Overview_and_Status_final_Mike-Fischer.pdfSession-2_ETSI-ISG-CIM_EG4U_NGSI-LD_Overview_and_Status_final_Mike-Fischer.pdf
Session-2_ETSI-ISG-CIM_EG4U_NGSI-LD_Overview_and_Status_final_Mike-Fischer.pdf
 

Más de OSLL

SLAM Constructor Framework for ROS
SLAM Constructor Framework for ROSSLAM Constructor Framework for ROS
SLAM Constructor Framework for ROSOSLL
 
Студентам и не только. Как выступить с докладом по своей научной работе
Студентам и не только. Как выступить с докладом по своей научной работеСтудентам и не только. Как выступить с докладом по своей научной работе
Студентам и не только. Как выступить с докладом по своей научной работеOSLL
 
Full Automated Continuous Integration and Testing Infrastructure for Maxscale...
Full Automated Continuous Integration and Testing Infrastructure for Maxscale...Full Automated Continuous Integration and Testing Infrastructure for Maxscale...
Full Automated Continuous Integration and Testing Infrastructure for Maxscale...OSLL
 
MOOCs Virtual Lab in Modern Education
MOOCs Virtual Lab in Modern EducationMOOCs Virtual Lab in Modern Education
MOOCs Virtual Lab in Modern EducationOSLL
 
Работа с геоданными в MongoDb
Работа с геоданными в MongoDbРабота с геоданными в MongoDb
Работа с геоданными в MongoDbOSLL
 
Testing with Selenium
Testing with SeleniumTesting with Selenium
Testing with SeleniumOSLL
 
Implementation of the new REST API for Open Source LBS-platform Geo2Tag
Implementation of the new REST API for Open Source LBS-platform Geo2TagImplementation of the new REST API for Open Source LBS-platform Geo2Tag
Implementation of the new REST API for Open Source LBS-platform Geo2TagOSLL
 
Microservice architecture for Geo2Tag
Microservice architecture for Geo2TagMicroservice architecture for Geo2Tag
Microservice architecture for Geo2TagOSLL
 
[MDBCI] Mariadb continuous integration tool
[MDBCI] Mariadb continuous integration tool[MDBCI] Mariadb continuous integration tool
[MDBCI] Mariadb continuous integration toolOSLL
 
Block-level compression in Linux. Pro et contra
Block-level compression in Linux. Pro et contraBlock-level compression in Linux. Pro et contra
Block-level compression in Linux. Pro et contraOSLL
 
Fast Artificial Landmark Detection for indoor mobile robots AIMAVIG'2015
Fast Artificial Landmark Detection for indoor mobile robots AIMAVIG'2015Fast Artificial Landmark Detection for indoor mobile robots AIMAVIG'2015
Fast Artificial Landmark Detection for indoor mobile robots AIMAVIG'2015OSLL
 
Обзор файловой системы GlusterFS
Обзор файловой системы GlusterFSОбзор файловой системы GlusterFS
Обзор файловой системы GlusterFSOSLL
 
Обзор Btrfs
Обзор BtrfsОбзор Btrfs
Обзор BtrfsOSLL
 
Обзор архитектуры [файловой] системы Ceph
Обзор архитектуры [файловой] системы CephОбзор архитектуры [файловой] системы Ceph
Обзор архитектуры [файловой] системы CephOSLL
 
Linuxvirt seminar-csc-2015
Linuxvirt seminar-csc-2015Linuxvirt seminar-csc-2015
Linuxvirt seminar-csc-2015OSLL
 
Обзор Linux Control Groups
Обзор Linux Control GroupsОбзор Linux Control Groups
Обзор Linux Control GroupsOSLL
 
Raspberry Pi robot with ROS
Raspberry Pi robot with ROSRaspberry Pi robot with ROS
Raspberry Pi robot with ROSOSLL
 
Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)OSLL
 
Кратчайшее введение в docker по-русски
Кратчайшее введение в docker по-русскиКратчайшее введение в docker по-русски
Кратчайшее введение в docker по-русскиOSLL
 
Virtual-HSM: Virtualization of Hardware Security Modules in Linux Containers
Virtual-HSM: Virtualization of Hardware Security Modules in Linux ContainersVirtual-HSM: Virtualization of Hardware Security Modules in Linux Containers
Virtual-HSM: Virtualization of Hardware Security Modules in Linux ContainersOSLL
 

Más de OSLL (20)

SLAM Constructor Framework for ROS
SLAM Constructor Framework for ROSSLAM Constructor Framework for ROS
SLAM Constructor Framework for ROS
 
Студентам и не только. Как выступить с докладом по своей научной работе
Студентам и не только. Как выступить с докладом по своей научной работеСтудентам и не только. Как выступить с докладом по своей научной работе
Студентам и не только. Как выступить с докладом по своей научной работе
 
Full Automated Continuous Integration and Testing Infrastructure for Maxscale...
Full Automated Continuous Integration and Testing Infrastructure for Maxscale...Full Automated Continuous Integration and Testing Infrastructure for Maxscale...
Full Automated Continuous Integration and Testing Infrastructure for Maxscale...
 
MOOCs Virtual Lab in Modern Education
MOOCs Virtual Lab in Modern EducationMOOCs Virtual Lab in Modern Education
MOOCs Virtual Lab in Modern Education
 
Работа с геоданными в MongoDb
Работа с геоданными в MongoDbРабота с геоданными в MongoDb
Работа с геоданными в MongoDb
 
Testing with Selenium
Testing with SeleniumTesting with Selenium
Testing with Selenium
 
Implementation of the new REST API for Open Source LBS-platform Geo2Tag
Implementation of the new REST API for Open Source LBS-platform Geo2TagImplementation of the new REST API for Open Source LBS-platform Geo2Tag
Implementation of the new REST API for Open Source LBS-platform Geo2Tag
 
Microservice architecture for Geo2Tag
Microservice architecture for Geo2TagMicroservice architecture for Geo2Tag
Microservice architecture for Geo2Tag
 
[MDBCI] Mariadb continuous integration tool
[MDBCI] Mariadb continuous integration tool[MDBCI] Mariadb continuous integration tool
[MDBCI] Mariadb continuous integration tool
 
Block-level compression in Linux. Pro et contra
Block-level compression in Linux. Pro et contraBlock-level compression in Linux. Pro et contra
Block-level compression in Linux. Pro et contra
 
Fast Artificial Landmark Detection for indoor mobile robots AIMAVIG'2015
Fast Artificial Landmark Detection for indoor mobile robots AIMAVIG'2015Fast Artificial Landmark Detection for indoor mobile robots AIMAVIG'2015
Fast Artificial Landmark Detection for indoor mobile robots AIMAVIG'2015
 
Обзор файловой системы GlusterFS
Обзор файловой системы GlusterFSОбзор файловой системы GlusterFS
Обзор файловой системы GlusterFS
 
Обзор Btrfs
Обзор BtrfsОбзор Btrfs
Обзор Btrfs
 
Обзор архитектуры [файловой] системы Ceph
Обзор архитектуры [файловой] системы CephОбзор архитектуры [файловой] системы Ceph
Обзор архитектуры [файловой] системы Ceph
 
Linuxvirt seminar-csc-2015
Linuxvirt seminar-csc-2015Linuxvirt seminar-csc-2015
Linuxvirt seminar-csc-2015
 
Обзор Linux Control Groups
Обзор Linux Control GroupsОбзор Linux Control Groups
Обзор Linux Control Groups
 
Raspberry Pi robot with ROS
Raspberry Pi robot with ROSRaspberry Pi robot with ROS
Raspberry Pi robot with ROS
 
Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)
 
Кратчайшее введение в docker по-русски
Кратчайшее введение в docker по-русскиКратчайшее введение в docker по-русски
Кратчайшее введение в docker по-русски
 
Virtual-HSM: Virtualization of Hardware Security Modules in Linux Containers
Virtual-HSM: Virtualization of Hardware Security Modules in Linux ContainersVirtual-HSM: Virtualization of Hardware Security Modules in Linux Containers
Virtual-HSM: Virtualization of Hardware Security Modules in Linux Containers
 

Smart-m3 Security Model

  • 1. Distributed service environment (smart spaces) security model development Kirill Yudenok, Kirill Krinkin FRUCT LETI Lab, Open Source & Linux Lab FRUCT 12th, Oulu, November, 2012
  • 2. Agenda Motivation; Goal and tasks; Current Smart-M3 security; Security model development; Smart-M3 security realization: HIP-agent; smart space RDF-graph mapping to the virtual file system (VFS); What was done? Future research and development; FRUCT 12th 8 Nov 2012 2
  • 3. Motivation access control mechanism for the smart space platform, for example Smart-M3; protection information mechanism of the space; research information security within the smart space area. FRUCT 12th 8 Nov 2012 3
  • 4. Goal and Tasks The project goal Development a security model for distributed service environment (smart spaces, SS), access control algorithms and test developed components as a part of the SS Smart-M3 platform; The main tasks of the project investigation of the basic security models and creation own security solutions; development a security model for Smart Spaces; modeling and development security model components for the Smart-M3 platform; testing developed components and algorithms within the Smart-M3 platform; FRUCT 12th 8 Nov 2012 4
  • 5. Smart-M3 security What do we have? access control at triple level [1]; context-based and access control policies; security objects as triple patterns; What do we want? identification and authentication mechanism of the SS subjects; authorization and access control mechanism of SS subjects; data privacy; [1] A.D’Elia, J.Honkola, D.Manzaroli, T.S.Cinotii – Access Control at Triple Level: Specification and Enforcement of a Simple RDF Model to Support Concurrent Applications in Smart Environments, 2011. FRUCT 12th 8 Nov 2012 5
  • 6. Security model development Identification and authentication of space subjects: HIP, PAM; Authorization and access control of space subjects: discretionary security model; smart space RDF-graph mapping to the virtual file system (VFS); named graphs; access control ontology; security extensions for smart space database. FRUCT 12th 8 Nov 2012 6
  • 7. Smart-M3 security realization Identification and authentication mechanisms prospective architecture of HIP-agent; interaction of HIP-agent components. Authorization and access control mechanisms smart space RDF-graph mapping to the VFS; intermediate solution of the graph mapping; implementation mechanism to the Smart-M3 platform. FRUCT 12th 8 Nov 2012 7
  • 8. Prospective architecture of HIP-agent Identification and authentication of the client: 1. Client connection request to the SS; 2. Request intercepting by the HIP-agent; 3. Protocol-based HIP identification and authentication of the client. FRUCT 12th 8 Nov 2012 8
  • 9. Interaction of HIP-agent components The process of SIB HIP-agent Client connecting the client to hash, SS, request the space: 1. Transmission the client hash key to HIP-agent; hash valid? 2. Checking validity of the hash key; hash valid 3. Identification and hash, SS, response authentication of the client; 4. Connection to the SS. FRUCT 12th 8 Nov 2012 9
  • 10. Smart Space RDF-graph mapping information of SS is stored in a relational database, smart space database (SQLite); information of SS is presented in triple form (S, P, O); set of triples stored in specific database tables; Solution: The virtual FS, that mapping information of SS in a certain directory structure. FRUCT 12th 8 Nov 2012 10
  • 11. The updated directory structure of VFS provide more accuracy right to triplets (information) of the space; FRUCT 12th 8 Nov 2012 11
  • 12. The intermediate solution of the graph mapping Working with SS database: get all triples and save them in memory of data structure (SQLite): receiving all objects, subjects, predicates and their values; Creating a VFS directory structure based on the data: creating of virtual FS using FUSE technology (fusekit), setting permissions; FRUCT 12th 8 Nov 2012 12
  • 13. Implementation mechanism to the Smart-M3 platform modification of Smart-M3 platform piglet module: piglet proxy creation for new extensions; replacement of all smart space database operations to mapping FS operations; determine and verify client access permissions; testing operations on the client side. FRUCT 12th 8 Nov 2012 13
  • 14. FRUCT 12th 8 Nov 2012 14
  • 15. What was done? analyzed and designed the HIP protocol-based mechanism of identification and authentication; the mechanism of authorization and SS subjects access control by mapping RDF-graph to the virtual file system is developed; mechanism tested in the Smart-M3 platform; the implementation process of HIP-agent and mapping mechanism to the Smart-M3 platform is started; FRUCT 12th 8 Nov 2012 15
  • 16. Future research and development Main HIP-agent development; implementation of mapping model to Smart-M3 platform; set permissions tool development for mapping FS; Additional named graph authorization system development; adding developed mechanisms to new version of Smart- M3 platform (Redland); FRUCT 12th 8 Nov 2012 16
  • 17. Questions & Answers Kirill Yudenok, Kirill Krinkin {kirill.yudenok, kirill.krinkin}@gmail.com Open Source & Linux Lab, http://osll.fruct.org, osll@fruct.org FRUCT 12th, Oulu, November, 2012