Policy enforcement within emerging distributed, event-based systems

Singh, Jatinder; Bacon, Jean; Eyers, David

doi:10.1145/2611286.2611310

Cited by 19 publications

(11 citation statements)

References 26 publications

(37 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hence, [101] introduces a semantic web framework and a meta-control model The authors of [102] consider that the application logic, embodied in the system components, should be separated from the related policies. Therefore, they study an infrastructure which can enable policy, representing high-level (i.e., user) or systems concerns, to drive system functionality in a distributed environment.…”

mentioning

confidence: 99%

Security, privacy and trust in Internet of Things: The road ahead

2015

View full text Add to dashboard Cite

mentioning

confidence: 99%

Security, privacy and trust in Internet of Things: The road ahead

2015

View full text Add to dashboard Cite

“…Such interactions require the means for flexible management. There is work on infrastructure towards this, such as SBUS [94]: a decentralised, peer-to-peer based communications infrastructure that aims at policy-driven interactions. Such functionality appears useful in managing all combinations of 'things' interacting with other 'things', 'things' with clouds, and clouds with clouds.…”

Section: Consideration 15: Certification Of Cloud Service Providersmentioning

confidence: 99%

Twenty Security Considerations for Cloud-Supported Internet of Things

Singh

Pasquier

Bacon

et al. 2016

IEEE Internet Things J.

Self Cite

275

165

View full text Add to dashboard Cite

To realise the broad vision of pervasive computing, underpinned by the "Internet of Things" (IoT), it is essential to break down application and technology-based silos and support broad connectivity and data sharing; the cloud being a natural enabler. Work in IoT tends towards the subsystem, often focusing on particular technical concerns or application domains, before offloading data to the cloud. As such, there has been little regard given to the security, privacy and personal safety risks that arise beyond these subsystems; that is, from the wide-scale, crossplatform openness that cloud services bring to IoT.In this paper we focus on security considerations for IoT from the perspectives of cloud tenants, end-users and cloud providers, in the context of wide-scale IoT proliferation, working across the range of IoT technologies (be they things or entire IoT subsystems). Our contribution is to analyse the current state of cloud-supported IoT to make explicit the security considerations that require further work.

show abstract

“…Middleware can support secure, managed (i.e. driven by policy), data sharing [82]. There is a clear role for middleware that enables dynamic, external reconfiguration, allowing management policy to be applied within the federated, decentralised and long-lived systems environment of the IoT.…”

Section: Summary and Big Ideamentioning

confidence: 99%

“…However, the vision of enabling a policy-driven, and therefore more legallycompliant IoT must be grounded in practical realities. Towards this, we now describe our related systems experience of dynamically reconfigurable MW, through work on SBUS [82], and on IFC for cloud, though CamFlow [69].…”

Section: Work Towards the Visionmentioning

confidence: 99%

Big ideas paper

Singh

Pasquier

Bacon

et al. 2016

Proceedings of the 17th International Middleware Conference

Self Cite

View full text Add to dashboard Cite

Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT to develop lawfully, there must be technical mechanisms that allow the enforcement of specified policy, such that systems align with legal realities. The audit of policy enforcement must assist the apportionment of liability, demonstrate compliance with regulation, and indicate whether policy correctly captures legal responsibilities. As both systems and obligations evolve dynamically, this cycle must be continuously maintained. This poses a huge challenge given the global scale of the IoT vision. The IoT entails dynamically creating new services through managed and flexible data exchange. Data management is complex in this dynamic environment, given the need to both control and share information, often across federated domains of administration. We see middleware playing a key role in managing the IoT. Our vision is for a middleware-enforced, unified policy model that applies end-to-end, throughout the IoT. This is because policy cannot be bound to things, applications, or administrative domains, since functionality is the result of composition, with dynamically formed chains of data flows. We have investigated the use of Information Flow Control (IFC) to manage and audit data flows in cloud computing; a domain where trust can be well-founded, regulations are more mature and associated responsibilities clearer. We feel that IFC has great potential in the broader IoT context. However, the sheer scale and the dynamic, federated nature of the IoT pose a number of significant research challenges.

show abstract

Policy enforcement within emerging distributed, event-based systems

Cited by 19 publications

References 26 publications

Security, privacy and trust in Internet of Things: The road ahead

Security, privacy and trust in Internet of Things: The road ahead

Twenty Security Considerations for Cloud-Supported Internet of Things

Big ideas paper

Contact Info

Product

Resources

About