Abstract
The ubiquitous computing vision brings about a number of information security and privacy challenges, some of which we already face in the mobile computing arena. This work focuses on a context-specific class of information leakage threats not involving a malicious custodian. Information exposure threats arise as a side effect of a particular choice of data management procedures employed during legitimate information use or possession in a specific context. They affect, in different forms, information throughout its lifetime in a ubiquitous computing environment. To maximize information availability, and thus its value to user, under unpredictably varying threat models, we depart form static and inflexible approaches to secure data management to provide for continuous and adaptive information exposure protection. We outline a means of structured reasoning about information exposure and introduce a metric for its quantification. An approach to threat mitigating information management operations discrimination based on information utility change is also presented. To unify the introduced concepts into a coherent big picture we form a Levels of Exposure model. On the implementation side, we overview a type aware, sub-file granularity data repository system that meets the requirements implied in the paper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Weiser, M.: The computer for the 21st century. Scientific American 265(3), 94–104 (1991)
Thomas, R., Sandhu, R.: Models, protocols, and architectures for secure pervasive computing: Challenges and research directions. In: IEEE PerSec 2004 (2004)
Stajano, F., Crowcroft, J.: The Butt of the Iceberg: Hidden Security Problem of Ubiquitous System. Kluwer, Dordrecht (2003)
Stajano, F.: Security for Ubiquitous Computing. Wiley, Chichester (2002)
Nixon, P., Wagealla, W., English, C., Terzis, S.: Security, privacy and trust issues in smart environments. Technical report, SmartLab, Dept of Computer Science, Uni of Strathclyde, UK (2004)
Tan, D.S., Czerwinski, M.: Information voyeurism: Social impact of physically large displays on information privacy. In: Short paper at CHI 2003 Conference on Human Factors in Computing Systems (April 2003)
Kuhn, M.G., Anderson, R.J.: Soft tempest: Hidden data transmission using electromagnetic emanations. In: Information Hiding, Second International Workshop (1998)
Dragovic, B., Crowcroft, J.: Containment: from context awareness to contextual effects awareness. In: 2nd Intl Workshop on Software Aspects of Context, IWSAC 2005 (2005)
Dragovic, B., Baliosian, J., Vidales, P., Crowcroft, J.: Autonomic system for context-adaptive security in ubiquitous computing environments. In: Submitted for publication at ESORICS 2005, notification (2005)
Provos, N.: Encrypting virtual memory. In: USENIX Security Symposium (2000)
Corner, M., Noble, B.D.: Zero-interaction authentication. In: 8th ACM Conf. on Mobile Computing and Networking, MobiCom 2002 (2002)
Corner, M., Noble, B.D.: Protecting applications with transient authentication. In: The 1st Intl. Conf. on Mobile Systems, Applications, and Services, MobiSys 2003 (2003)
Patwardhan, A., Korolev, V., Kagal, L., Joshi, A.: Enforcing policies in pervasive environments. In: International Conference on Mobile and Ubiquitous Systems: Networking and Services (2004)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Workshop on Policies for Distributed Systems and Networks (2001)
Heuer, A., Lubinski, A.: Data reduction - an adaptation technique for mobile environments. In: Interactive Apllications of Mobile Computing, IMC 1998 (1998)
Chalmers, D.: Contextual Mediation to Support Ubiquitous Computing. PhD thesis, Department of Computing. Imperial College, London (2002)
Baliosian, J., Serrat, J.: Finite State Transducers for Policy Evaluation and Conflict Resolution. In: Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004) (June 2004)
van Noord, G., Gerdemann, D.: Finite state transducers with predicates and identities. Grammars 4, 263–286 (2001)
XML: eXtensible Markup Language (2004), http://www.w3.org/XML
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dragovic, B., Policroniades, C. (2005). Information SeeSaw: Availability vs. Security Management in the UbiComp World. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2005. Lecture Notes in Computer Science, vol 3674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552338_14
Download citation
DOI: https://doi.org/10.1007/11552338_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28798-8
Online ISBN: 978-3-540-31974-0
eBook Packages: Computer ScienceComputer Science (R0)