International Conference on Mobile and Ubiquitous Systems: Networking and Services
Enforcing Policies in Pervasive Environments
August 22, 2004
This paper presents a proof of concept implementation of a security infrastructure for mobile devices in a pervasive environment. The security infrastructure primarly consists of two parts, the policy engine and the policy enforcement mechanism. Each mobile device within a pervasive environment is equipped with its own policy enforcement mechanism and is responsible for protecting its resources. A mobile device consults the nearest policy server, notifies its current state including its present user, network presence, other accessible devices and location information if available. Using this information the policy server queries the Rei engine to dynamically create a policy certificate and issues it to the requesting device. The system wide policy is described in a semantic language Rei, a lightweight and extensible language that is able to express comprehensive policies using domain specific information. The Rei policy engine is able to dynamically decide what rights, prohibitions, obligations, dispensations an actor has on the domain actions. A policy certificate, which contains the set of granted permissions and the scope within which the permissions are valid, is created and issued to the device. The policy certificate can be revoked by the policy enforcer based on expiration of the validity period or a combination of timeout, loss of contact with an assigned network. X.509 based Public Key Infrastructure is used to provide identification and authentication.
Downloads: 5474 downloads
Google Scholar Citations: 30 citations