What are the contributions of the paper? - This paper presents a ubiquitous security mechanism called Cerberus that integrates context-awareness with automated reasoning to perform authentication and access control in ubiquitous computing environment. - Security requirements for Smart Spaces are identified as: (1) ubiquitous, (2) multilevel, (3) security policy language must be descriptive, flexible. - Four main components of Ceberus are well built to support the security requirements.Those components are: (1) Security Service, (2) Context Infrastructure (3) Security Policies, (4) Inference Engine. -------------------------------------------------------------------------------------------------------------------------- What is the quality of the presentation? - The presentation is well done with smooth transition from one section to another. - This is a significant contribution to GAIA community. -------------------------------------------------------------------------------------------------------------------------- What are the strengths of the paper? - Figures and explanatory examples help the audience to understand the fundamental concepts of Ceberus. - Using First Order Logic gives Ceberus the descriptive power and flexibility to express security rules. - Components of Ceberus work tightly together to provide "ubiquitous" experience to the users. Also, intrusiveness and authentication levels could be adjusted without difficulty by changing the confidence value. ---------------------------------------------------------------------------------------------------------------------------- What are its weaknesses? - This work did not say anything about crash recovery. As the number of components and devices in a ubiquitous environment is plenty, what things could happen when one or two components crash. Would the whole system crash? - What type of security measure does Ceberus have to protect the communication channel between Security System and Inference Engine, and the Security Policies. It seems that one could change the confidence value if he gained access to that channel or Security Policies. - Ceberus is tied with GAIA applications. Extendability, scalability are not mentioned in this paper. ------------------------------------------------------------------------------------------------------------------------------- What is some possible future work? - Security Policies could be dynamically changed over time.Elaborating more on how to the policies were updated, or discarded can be future work. - Extendability, scalability, interoperability with other infrastructure can be future work as well. ============================================================================= What are the contributions of the paper? The paper introduces Cerberus -- an expressive, federated, context-aware, security scheme -- to provide currently vulnarability-abound "smart space" with a solution that is non-intrusive, intelligent and able to adapt to rapidly changing contexts. What is the quality of the presentation? The paper exhibits good quality for three reasons. First, a closer look at the outline of the paper reveals that it is well-organized in a very coherent way. Second, the sentences in this paper are expressed in such a way that they are really easy to read and follow. Finally, examples given in this paper effectively help readers to understand the paper. For instance, the examples in section 4.2 really help readers to correctly understand the semantic meanings of those context expressions. What are the strengths of the paper? The Cerberus intruduced in this paper is nearly practical and it addresses many the common problems haunting ubiquitous computing systems. The design is very modular, flexible and thus could be easily adopted in real ubiquitous computing environment. What are its weaknesses? This paper doesn't include the performance analysis of the proposed system such as how fast the system can response to the constantly changing context, and how much computing power will be required to support such a system to run smoothly. What is some possible future work? Inference Engine works on a basis of an assumption that quantification is done over finite sets. However, this may no always be true in reality. So, more efforts can be put to improve the Inference Engine to make it work even in real world. ============================================================================= 1.What are the contributions of the paper? This paper provides some practical module and scheme of “smart space” security. Also, there are some discussions of its implementation which makes the concept more convinced. Moreover, the authentication modules are impressive since it is both flexible and secure. When it comes to the context- aware, the paper provides some operations in order to achieve the security request, such as predicating, classifying the confidence level and so forth. 2.What is the quality of the presentation? It is good organized. The structure is clear and helpful for understanding. And I think the authors were successfully illustrated their concept and works. 3.What are the strengths of the paper? It’s pretty strong in my view. It provides the whole procedure of achieving the Cerberus. And the implementation makes the concept reliable. However, whether it can achieve the security level of the “smart space” is need further discussion. 4.What are its weaknesses? The context-aware scheme has some limit when we try to use it. If the paper could provide how it can adapt diversity devices and condition, then its advantage will be more significant. Also, there are some weaknesses about the security policy. As the topic of the last class, several low confidence level things when get together maybe become a high level thing, the author should take consider of this part. Then when there is one thing unavailable at one time, we can use some combination to achieve its confidence level. 5.What is some possible future work? The security protection of “Smart Space” are not been achieved now. Since the paper makes a good organization of the model and make some implementation, they should keep on considering how can we make use of the concept in our global ubiquitous computing. ============================================================================= Ubiquitous computing imposes additional requirements on security and privacy and this paper issues four new requirements: ubiquitous security service, multilevel security, support a proper security policy language and allow authentication for all kinds of entities. The paper focuses on the second and the third requirements. An ubiquitous security scheme Cerberus, is presented in this paper, which integrates context-awareness with automated reasoning to perform authentication and access control in ubiquitous computing environments. The system supports multilevel authentication, where principals are associated with confidence values. The context infrastructure captures rapidly changing context information and incorporates it into the knowledge base. Context-aware security policies are described in an expressive language that support binary operators, quantification, and complex inferring. The language proposed can be evaluated efficiently using an inference engine. The paper also presents a simple and efficient method for revoking access if context related information changes. The presentation of the paper is good. The figures help readers learn about the structures easily and the inside logic of the paper is very clear. This paper not only discuss concepts, principles and difficulties in the research area security for ubiquitous computing , tackled some of the problems with Cerberus theoretically, but also implemented something in practice: the "Powerpoint Viewer". Although this implementation is quite simple, it indeed helps a lot in persuading readers that the security scheme introduced in this paper does make some sense and is useful. To show the scheme is really efficient, the paper should have presented some experimental results, such as reaction time in practice for given finite sets. It is reasonable for the paper to assume that the inference Engine maintains only a finite set of sentences and quantification is done over finite sets, but finite sets can be large and thus efficiency can not be guaranteed. Rapidly changing context information can be captured with the suggested method in this paper theoretically, but there's no evidence that this can be done efficiently in practice. In fact, ubiquitous computing devices should try to spend most of the time in a sleep mode in which they only listen for radio signals once in a while(the period can be set from a few seconds to several minutes). Thus, in the example mentioned in the paper, if the UbiComp Seminar went away, this change of context may not be found out immediately. This paper doesn't mention future work explicitly but it is intuitive to think that they will do more work in implementation and try to tackle more problems they have raised in this paper in practice. ============================================================================= The paper entitled "Cerberus: A Context-Aware Security Scheme for Smart Spaces" is an interesting and well developed report. The authors introduce Cerberus, a core service in the Gaia project that integrates identification, authentication, context awareness, reasoning, and security. The Gaia project is described as a computational environment where physical spaces and ubiquitous computing devices are integrated together - a "Smart" space. This paper discusses the importance of security services and its ability to adapt in a changing ubiquitous environment. This is an important topic since ubiquitous computing raises security and privacy issues. I feel that the presentation of this paper is somewhat scattered. Although the content of the report is rich in information, it seems that many ideas are just placed into sentences, one after the other. The paper did not "flow". Nevertheless, I am impressed with the depth of information that is provided. The authors demonstrate that a great deal of research has been done in this area. They cite many papers in reference to other components of Gaia. Many of the other modules from Gaia are not described in great detail but their brief overviews are enough for a basic understanding of the environment as a whole. The figures presented in this paper are clear and easy to understand. This paper also provides many examples that makes it easy to understand the whole picture and its various components. The Gaia context infrastructure is a simple yet seemingly powerful model. It uses nouns and verbs from the English language as predicates which make it very easy to read and understand. Yet, I question whether this method is easily scalable since there are many nouns and verbs in the English language. The authors then describe that the set of values are finite, which lead to expressions that will always terminate. Would these sets be hard to maintain? The security policies discussed only involve certain confidence levels for various devices. Finger print scans would have a higher confidence value than, say, a smart badge. Is this sort of model good enough for security? Who sets these levels? The calculation for the net confidence makes sense, yet, again, is this good enough? How is the privacy of context information secure? Some future work might include some investigation into strengthening the security model, addressing vulnerabilities that have been discussed in the papers cited, and addressing the privacy of context information. ============================================================================= * What are the contributions of the paper? The paper deals with the * context sensitive security introduced in Cerberus, which is a core * service in Gaia (a generic ubiquitous computing environment) for * authentication, context awareness and reasoning. Concepts of the * context awareness and automated reasoning are used for the purpose * of achieving context sensitive security. * What is the quality of the presentation? This is a system paper. It * describes a system in informative way. Language of the paper is easy * to comprehend, but there is lots of repetition of the material. * What are the strengths of the paper? This paper provides an systems * which theoretically takes care of the all the major security issues * involved in ubiquitous computing environment like Gaia. A practical * implementation which accompany it, adds the value to it. * What are its weaknesses? Authors though mention to include more * facts about their implementation, as required, in the final version * of the paper are missing in this proceeding version. Also, other * raising security issues like server compromise, forward security * also needs to be considered in such a system. * What is some possible future work? As mentioned in weakness, more * implementation fact should be put forth, which might require more * experiments, also other raising security concern like existence of * eavesdropper, compromised devices also needs to be taken care of. ============================================================================= What are the contributions of the paper? This paper introduced Cerberus, a federated, context-aware, security scheme. It supports multilevel authentication, where access control is associated with confidence level. Context-aware security policies are described in first-order language which can be evaluated using an inference engine. It also presented a simple and efficient method for revoking access if context related information changes. What is the quality of the presentation? It gives a novel way of expressing access policies. And implementation of this context-aware system is also given. What are the strengths of the paper? It uses first order predicate logic to present system policies, which provides greater flexibility and dynamism while allowing rules to be evaluated efficiently. What are its weaknesses? The adapability and feasibility of the system should be tested further. The concept of confidence level is not very clear. And how do we use confidence level to realize security? Will be there some misuse or misunderstanding of access rights? What is some possible future work? It needs to provide more details about the implementation and performance of the Cerberus system. ============================================================================= One of the most innovative development in the computer systems has been the notion of ubiquitous computing. As novel and appealing the idea seems, it also comes bundled with a multitude of computing issues that have evaded computer scientists ever since it was first envisioned by Mark Weiss in 1991. One of the issues that is the topic of various on-going research projects in this area is providing adequate security measures for smart spaces which are above all non-intrusive, intelligent and are able to adapt to rapidly changing contexts. The topic of this paper is Cereberus, a context-aware security scheme for smart spaces, which tends to provide such security. The authors start by providing an introduction to ubiquitous computing in general and smart spaces in particular, the security issues involved, security requirements for such spaces and describe a generic computation enviroment the Gaia project. They proceed by giving an overview of the proposed system and then incrementally reveal each component and its functionality at a more detailed level. The work presented here is of unique significance to the field of ubiquitous computing and security in general. Authors did a great job in presenting the core architecture of the system in a comprehensive way without sacrificing the readability. The major strengths of Cerebrus are its dynamic nature of implementing security, support for multi-level authentication, adaptability to rapidly changing contexts and a simple method for revoking access rights. The authors have used predicate logic to define and perform operation on contexts using a Prolog type sytax which allows to express/evaluate various complex rules involving contexts very easy and also allows to infer more complex contex rules from simple ones. The only thing missing here is the lack of implementation details and performance evaluation measures of Cerebrus, leaving an impression of a rather abrupt end. Authors should be looking forward to address these issues in future work. ============================================================================= > CONTRIBUTIONS The authors introduce Cerberus, a context-aware security scheme for active spaces based on the Gaia ubiquitous computing platform. To achieve this, the authors have developed a security service which uses pluggable modules (GAMM: Gaia Authentication Mechanisms, GADM: Gaia Authentication Device Modules), a context infrastructure based on first-order predicate logic to model Gaia's environment, a security policies knowledge base that stores rules (also in first order logic) and lastly, an inference engine which enforces these security policies through automated reasoning. > QUALITY The paper is clear and well-written. The authors make good use of diagrams to explain how Cerberus interfaces with Gaia and how various components of Cerberus (such as the context infrastructure and authentication service) work, allowing people such as myself who have no prior knowledge of Gaia to understand how Cerberus operates. > STRENGTHS Cerberus security policies adapt to changes in context and are represented in a descriptive and flexible language. For example, Cerberus facilitates the use of call-backs whereby applications can be notified when a change in context results in a user's access to resources being revoked. The use of CORBA for communication between various components of Cerberus allows for the discovery and remote invocation of Cerberus authentication services by applications and devices operating in a Gaia smart space served by Cerberus. The use of pluggable authentication modules (GAMM and GADM) allows Cerberus to utilize new authentication mechanisms and devices on the fly, as they become available. > WEAKNESSES I'm not sure how transparent this security system really is if users still need to carry ID badges, enter passwords and use retina scanners. There is little discussion of how Cerberus could be used to authenticate mobile devices, applications and mobile code. The authors state that their system is efficient without providing any performance figures for their implementation. No implementation details are provided, although these would probably be more interesting if we were given performance figures. > FUTURE WORK A study that produces detailed performance figures that demonstrate Cerberus's efficiency. Extensions to the existing implementation that show how Cerberus could be used to authenticate mobile devices, applications and mobile code. ============================================================================= Contribution: The paper advanced research in the field of security in the ubiquitous systems by presenting Cerberus. Cerberus is a ubiquitous security system for Gaia, an infrastructure that focuses on supporting the development of applications for Smart Spaces. It focuses on context-awareness and automated reasoning to provide both the identification and authentication for users and access control to resources and services. The Cerberus’s context infrastructure uses first-order predicate calculus and Boolean algebra, which is a very flexible and powerful way of writing and evaluating various context-dependent rules. Centralized inference engine that takes context into account is used to enforce security policies. The paper focuses attention to the dynamic nature of security requirements in the ubiquitous systems. Quality: Overall, paper was well written. The sections were presented in a logical order and the system was described in a concise and consistent manner. However, I was bothered by the figures offered. They appeared overly cluttered, and I found it hard to distinguish one depicted object from another. Although authors did attempt to address the issue by using different colors, the figures still appeared overly crowded. Additionally, the entire paragraph providing an overview of the paper should have been omitted. It was poorly written, and at times pointless (i.e. Section 9 concludes). Strengths: Security requirements for Smart Spaces are well defined and the proper awareness was brought to the problem. Description of the system and its implementation are outlined in great detail. Main features of the Cerberus system (multi-level authentication, context-aware, federated, flexible, automated-reasoning) were clearly stated. The topic was well researched and a novel solution was presented. There was no ambiguity as to what the goal and the contribution of the paper were. Weaknesses: The authentication modules used were simply mentioned and the acronyms for them used without prior introduction. Authentication models such as CORBA, SESAME and Kerberos were mentioned, but the background information wasn’t provided. Additionally, the author doesn’t provide any future work directives and doesn’t identify any weaknesses of this centralized approach (i.e. is Cerberus applicable to platforms supporting multiple Smart Spaces?). Future Work: A definite future work directive would be examining the possibility of extending Cerberus to platforms spanning multiple Smart Space environments. Examining the overall security of the system and identifying possible attacks could also be used to verify the strength of the proposed mechanism. ============================================================================= Summary: The paper tries to introduce a security system for UbiComp in a way that it can be considered as a security scheme. To achieve this goal the first introduce requirements that they believe should be present in a UbiComp security scheme: 1. Non-intrusive and transparen 2. Multilevel security 3. Support for context aware security policy 4. Adequate support for mobile devices and (software) agents The rest of the paper deals with a system designed and developed by the authors, for Ubiquitous Computing, named Gaia. The paper describes the architecture and also different component of the "security service core" of Gaia. The components which have been introduced are: 1. The security service component 2. The context infrastructure 3. The knowledge base 4. The inference engine At the end the paper provides an example of the implementation of the proposed system and some possible future work. Contributions: The paper uses a precise terminology ('indentification', 'entity', 'identity', 'authentication', 'principal', 'security policy', etc.) and defines them properly. It also keeps in mind the "balance between authentication strength and no-intrusiveness." To devise suitable mechanisms to implement different policies with regard to the above-mentioned "balance" the authors introduce the concept of "confidence value" in their system which also helps them deal with different authentication mechanisms. Their systme uses a federated authentication service that uses distributed portable modules named GPAM. They also envision two categories of authentication modules: GAMM for specific protoclos and GADM for specific devices (independent of any protocol) The propose to use first-order predicate calculus and boolean algebra to represent and process context information. This decision along with the architecture of the context infrastructure allows them good context awareness in the system. The security polices are also represented as rules in first order logic. They include "authentication policies" and "access control polices." These design decisions about context and policy representation enables the authors to actually design and implement an "inference engine" which evaluates the level of confidence of identities and replies to access control queries from applications. There are also minor and detailed innovations in the designed system such as different methods for events to be transfered from sensors and the notion of "session", etc. Quality of the presentation: The exact definition of the terminology used along with many examples in the paper, contribute a lot to the presentation aspect of the paper. The authors provides diagrams whenever necessary and give sufficient examples to clarify all the aspects of the work. Overall the presentation of this paper is "good" Strengths: The primary strength of the paper comes the fact that all the ideas of the paper have actually been implemented in a real and working system. In other words the mere fact that this paper is part of a large research adds a lot to its value. For example, the authors have very in-depth knowledge about UbiComp and all the issues in it. Also they have a working testbed to implement and test the proposed design. Another important strength of the paper as mentioned before is its good choice of terminology and good definition of all the important aspects of the proposed system. Weaknesses: In many cases the authors do not give enough (or any) reasons for some of the statements for example, they mention that "the dynamism and mibility that smart space advocate can give additional leverage for cyber-criminal, techno villains, and hackers by increasing opportunities to exploit ..." without any reason and they don't state that this is an assumption. The authors could have done more work on modeling the system in an abstract manner and evaluate it, mathematically. Before really implementing it. They also don't give any results about the level of the success (or failure) of their system and don't mention its weaknesses. Possible future work: Although the system has been really implemented, it seems to be far away from real life deployment. I think further testing of the system and evaluating the results is also necessary. ============================================================================= What are the contributions of the paper? This paper introduces a new security scheme called Cerberus for so called "smart spaces", or environments with sensors and embedded devices to allow easy interaction between people and computers. These smart spaces are assumed to be built using the Gaia model, a model previously introduced by the authors for integrating physical spaces with computing and communication systems. Gaia manages context using predicates, such as Location(person, entering, roomX). Cerberus adds another layer to these contexts by combining them with queries as to whether or not a person has access to a service based on confidence levels. Confidence levels depend on the type of authentication used. An (easily misplaced) ID card may only offer a low level of confidence, while a biometric reading may represent a high level of confidence. By checking the confidence of a user’s authentication, the system can allow or deny access to specific services, only requiring active authentication by the user when necessary. What is the quality of the presentation? The related work section is the second last section of the paper, when it should be in the introduction or right after. Summarizing related work early in the paper allows the reader to learn what existing solutions exist, why they are insufficient, and how the results that will be presented improve upon them. In addition, the current existing work states that an existing paper raised some security issues, and that the authors solution "address some of these" without being any more specific. Does this mean that there are known security issues in Cerberus that have been identified and not addressed? The rest of the paper is well organized. What are the strengths of the paper? The main strength of the paper is the flexible predicate language defined for use in Cerebus and Gaia. They provide a simple method of tracking context and responding to context changes based on a security privileges. The predicates are both easy to create and interpret from both a human and computational stand-point. What are its weaknesses? Some implementation details of Gaia/Cerberus are unclear. As is, an administrator manually states that personX has access to resourceY subject to some constraint, such as time. For example, use of a projector may be granted to the presenter during his time slot at a conference. If the user's rights are to be revoked when the time slot ends, the administrator must explicitly add an entry stating this. Real world situation do not always follow strict time guidelines, and so a presenter running late may have his access rights revoked before his presentation is finished, or a presenter wishing to start early to keep things on schedule may be locked out of the projector despite the fact that no one is using it. Every small schedule change requires the administrator to modify the context information. What is some possible future work? The authors did not provide any future research considerations in the paper. Future research using the Cerebus system should focus on the privacy of the end user. It is clear that Cerebus provides a framework for secure access to resources, but no consideration is given to how this information may be used to track the location of an individual. The predicate language used by Gaia/Cerebus allows for events to be triggered whenever a person enters a room, raising concerns of location privacy.