SECURITY AND TRUST IN OPEN, DYNAMIC, AUTONOMOUS SYSTEMS

Tim Finin, Anupam Joshi and Yelena Yesha
Computer Science and Electrical Engineering
University of Maryland, Baltimore County
1000 Hilltop Circle, Baltimore MD 21250
{finin|joshi|yeyesha}@cs.umbc.edu
410-455-{3522|2590|3542}

ABSTRACT. Information assurance, security and privacy have moved from narrow topics of interest to information system designers to become critical issues of fundamental importance to society. As part of this shift, the scope of associated problems, applications, and technical issues is broadening, opening up new requirements and approaches. Challenges arise as information systems evolve toward dynamic, open and heterogeneous distributed systems, as seen in peer-to-peer systems, grid computing, ad hoc networking, web services, pervasive computing environments and multi-agent systems. A grand challenge we might set is to create "smart spaces" in which pervasive computing technology allows people, agents, services and devices to seamlessly interact while preserving appropriate security and privacy policies. To realize this grand challenge, we must vigorously explore new ideas, including (1) approaches to security and privacy based on trust and reputation, (2) declarative policies for information assurance and control and (3) new languages for sharing knowledge models and information.

INTRODUCTION. New models of distributed communication and computation are being introduced, leading to distributed systems that are *open* in that they do not pre-identify a set of known participants, and *dynamic* in that the participants change regularly, and not just due to occasional failures. It is interesting to note that this evolution is occurring at several levels -- communication, infrastructure and application. At the communication level, for example, ad hoc networking systems such as Bluetooth and UWB-based 802.15.3, treat nodes as autonomous routers, requiring new techniques to protect against malicious or faulty nodes that subvert or blackhole packets [5]. Similarly, as applications become more sophisticated and intelligent, they require greater degrees of decision making and autonomy. The long range vision is described as societies of intelligent, autonomous agents that are goal-directed and adaptive. But even today, we find the new levels of autonomy emerging in infrastructures like the Grid computing, web services and pervasive computing. These systems must exchange information about services offered and sought and their associated security and privacy policies, negotiate for information sharing, and monitor for and report on suspicious or anomalous behavior.

A GRAND CHALLENGE. A new grand challenge thus emerges -- securing these open dynamic environments. As a concrete instance, consider providing a secure and privacy enhancing pervasive computing environment in spaces such as an office, hospital, school or subway stop. The space will be filled with devices and agents offering and seeking services. As people move, agents on their personal devices detect, and are detected by, the pervasive infrastructure. The new devices must discover the services of interest from the infrastructure and other devices in the vicinity, negotiate for access, control information exchange, and monitor for suspicious events to be reported to the community. Shared knowledge models (ontologies) and norms of behavior (policies) will undergird the society of communication and cooperating applications, agents and devices. Addressing this grand challenge will require contributions not just from diverse areas within computer science, but also from other disciplines such as policy, law, and various social sciences.

Without appropriate security and privacy mechanisms, these exciting new ideas will be hobbled and the applications they enable will not be deployed or be found socially acceptable. For example, the DARPA LifeLog program was recently forced to eliminate many of the more more exciting possibilities from its scope because good privacy mechanisms were not available. Notice also the split in the computing community (USACM vs ACM SIGKDD) on the issue of data mining and the TIA program. We must develop new models for security and privacy that work in such highly distributed, open, and dynamic systems, and will find immediate applications in grid computing, semantic web, and pervasive computing. We identify three topics where new challenges are emerging: trust-based security, computational policies, and knowledge sharing.

TRUST-BASED SECURITY. Security and privacy based on authentication is not enough in open systems where principals may be able to provide authentication, but are otherwise unknown to the system and hence not authorizable for specific actions. Traditional role based approaches also fare poorly. Such environments are common on the web and in envisioned pervasive computing environments. A solution is to make security and privacy decisions based on attributes related to trust for which a principal can provide evidence -- e.g., proof of key attributes, a signed statements from a trusted source delegating a permission, or undertaking an obligation in return for access. Human societies use trust and reputation to make decisions about requests for "service" where a right to that service is not pre-established, and social networks are an important way of transferring trust and reputation [3]. Such societies have overlapping systems of behavioral norms, constraints and rules. We are over constrained, so we can not always satisfy all of them, but deviating too much or too often has its consequences - loss of reputation, penalty clauses, imposition of sanctions, etc. These mechanisms need to be understood and computational analogues developed in order for computational agents to better support information sharing and control in human societies.

Challenges: Can the very human notions of reputation and trust be used by computer applications and agents? Is reputation inherently distributed and emergent, or will a system of well known reputation servers suffice? How can we build scalable systems that combine traditional authentication based security regimes with security and privacy decisions based on trust and reputation ?

COMPUTATIONAL POLICIES. By policy we mean an explicit representation of constraints and rules that govern or inform an agent or system's behavior. Policies can define permissions, obligations, norms and preferences for an agent's actions and interactions with other agents and programs [2,4]. Explicit policies, especially those expressed in high level declarative languages, can be used as the basis for electronic contracts and provide a sublanguage useful for the negotiation for agreements and commitments. We believe that explicit policies for security, trust and privacy are promising areas for research.

Challenges: Can we develop meaningful machine interpretable policies for security, digital rights management, and privacy? Can we design policy languages that are simultaneously expressive enough to serve their many needs, intuitive and understandable by humans, and writable by non programmers? Can we implement policy languages over which we can reason at a high level, answering hypothetical questions about the limitations and vulnerabilities in the security and privacy systems they model (will this policy allow X to happen, and if so under what circumstances)? Can we do all this tractably.

KNOWLEDGE SHARING. As our distributed information systems become more ubiquitous, autonomous and complex there is a stronger need for grounding them on common models of data and knowledge. The agents in such systems need to be able to exchange information, queries, and requests with some assurance that they share a common meaning. The lack of a common understanding of shared information opens up new security and privacy vulnerabilities [1]. Monitoring and enforcing security in a distributed system, e.g. for intrusion detection, requires a common model for sharing information about individuals, events and situations [6,7]. We need better languages in which to define and publish ontologies for security and privacy to support information sharing and cooperation in distributed systems.

Challenges: Will semantic web languages such as RDF and OWL solve the common ontology problem for sharing information relating to security and trust? How can consensus models be developed and selected?

SUMMARY. Information systems are evolving along several dimensions requiring new techniques and technology to ensure security and privacy. Key areas that must be explored in the coming years most of which can be traced to the further development of highly distributed and dynamic computing environments. Such environments are envisioned in advanced versions of web services and grid computing as well as in pervasive computing and multi-agent systems.

[1] G. Denker, L. Kagal, T. Finin, M. Paoucci, K. Sycara, Security for DAML Web Serviced: Annotation and Matchmaking, 2nd Int. Semantic Web Conf., Oct 2003. http://umbc.edu/~finin/papers/iswc03a.pdf

[2] L. Kagal, T. Finin, A. Joshi, A Policy Based Approach to Security for the Semantic Web, 2nd Int. Semantic Web Conf., Oct 2003. http://umbc.edu/~finin/papers/iswc03b.pdf

[3] L. Ding, L. Zhou, T. Finin, Trust Based Knowledge Outsourcing for Semantic Web Agents, 2003 IEEE/WIC Int, Conf. on Web Intelligence, Halifax, Oct 2003. http://umbc.edu/~finin/papers/wi03.pdf

[4] L. Kagal, T. Finin, A. Joshi, A Policy Language for Pervasive Systems, 4th IEEE Int. Workshop on Policies for Distributed Systems and Networks, Lake Como, June 2003. http://umbc.edu/~finin/papers/policy03.pdf

[5] S. Buchegger, J. Le Boudec, Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks, 10th Euromicro Workshop on Parallel, Distributed and Network-based Processing, 2002

[6] J. Undercoffer, J. Pinkston, A. Joshi, T. Finin, A Target-Centric Ontology for Intrusion Detection, Knowledge Engineering Review, to appear, 2004.

[7] J. Undercoffer, A. Joshi, J. Pinkston, Modeling Computer Attacks: An Ontology for Intrusion Detection, 6th Int. Symp. on Recent Advances in Intrusion Detection. Springer-Verlag, LNCS 2516, Sept 2003.

BIOSKETCHES

TIM FININ (http://umbc.edu/~finin/) is a Professor of Computer Science and Electrical Engineering at the University of Maryland Baltimore County (UMBC). He has over 30 years of experience in the applications of Artificial Intelligence to problems in information systems, intelligent interfaces and robotics. He holds degrees from MIT and the University of Illinois. Prior to joining the UMBC, he held positions at Unisys, the University of Pennsylvania, and the MIT AI Laboratory. Finin is the author of over 190 refereed publications and has received research grants and contracts from a variety of sources. He has been the past program chair or general chair of several major conferences, is a former AAAI councilor and is AAAI's representative on the board of directors of the Computing Research Association.

ANUPAM JOSHI (http://www.cs.umbc.edu/~joshi/) is an Associate Professor of Computer Science and Electrical Engineering at UMBC. He obtained a B. Tech degree in Electrical Engineering from IIT Delhi, and a Ph.D. in Computer Science from Purdue University. His research interests are in mobile/pervasive computing, data management/mining, semantic web, and security. He has published over 90 refereed papers, and has obtained research support from NSF, NASA, DARPA, DoD, IBM, Fujitsu, AetherSystens, HP, AT&T and Intel. He has presented tutorials in conferences, served as guest editor for special issues for IEEE Personal Comm., Comm. ACM etc., and served as an Associate Editor of IEEE Transactions of Fuzzy Systems from 99-03. At UMBC, Joshi teaches courses in Operating Systems, Mobile Computing, Networking, and Web Mining.

YELENA YESHA received the Ph.D degree in Computer and Information Science from The Ohio State University in 1989. Since 1989 she has been with the Department of Computer Science and Electrical Engineering at UMBC, where she is presently a Professor. Yesha was the Director of the NIST Center for Applied Information Technology in 1994 and the Director of the NASA Center of Excellence in Space Data and Information Sciences from 1994 to 1999. Yesha's research interests are in the areas of distributed databases, distributed systems, mobile computing, digital libraries, electronic commerce, and trusted information systems. She has published over 100 refereed articles and also 8 books in these areas. Yesha has received a substantial amount of research funding from NASA, NSF, NIST, NSA, DHMH, Aether Systems, Cisco, and IBM. She is a member of the editorial board of VLDB Journal, and the IEEE Trans. Knowledge and Data Engineering, and is editor-in-chief of International Journal of Digital Libraries. She served as general and program chair of several major international conferences, and will serve as the general chair of ACM SIGMOD 2005.

14 January, 2004 14:04