Enforcing Policies in Pervasive Environments

Thumbnail Image

Files

108.pdf (182.85 KB)

Links to Files

https://ieeexplore.ieee.org/document/1331736

Permanent Link

10.1109/MOBIQ.2004.1331736
 http://hdl.handle.net/11603/12246

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2004-08-22

Type of Work

conference papers and proceedings preprints
Text

Department

Program

Citation of Original Publication

Anand Patwardhan, Vladimir Korolev, Lalana Kagal, and Anupam Joshi, Enforcing Policies in Pervasive Environments, The First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004., DOI: 10.1109/MOBIQ.2004.1331736

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2004 IEEE

Subjects

policy
environment
ubiquitous computing
mobile computing
message authentication
public key infrastructure
rei policy engine
security infrastructure
UMBC Ebiquity Research Group

Abstract

This paper presents a proof of concept implementation of a security infrastructure for mobile devices in a pervasive environment. The security infrastructure primarly consists of two parts, the policy engine and the policy enforcement mechanism. Each mobile device within a pervasive environment is equipped with its own policy enforcement mechanism and is responsible for protecting its resources. A mobile device consults the nearest policy server, notifies its current state including its present user, network presence, other accessible devices and location information if available. Using this information the policy server queries the Rei engine to dynamically create a policy certificate and issues it to the requesting device. The system wide policy is described in a semantic language Rei, a lightweight and extensible language that is able to express comprehensive policies using domain specific information. The Rei policy engine is able to dynamically decide what rights, prohibitions, obligations, dispensations an actor has on the domain actions. A policy certificate, which contains the set of granted permissions and the scope within which the permissions are valid, is created and issued to the device. The policy certificate can be revoked by the policy enforcer based on expiration of the validity period or a combination of timeout, loss of contact with an assigned network. X.509 based Public Key Infrastructure is used to provide identification and authentication.