Access Manager
Smart products are a new class of devices that bridge the gap between the real and the virtual world. They provide a natural and purposeful product-to-human interaction and context-aware adaptivity. Smart products need to have knowledge about the application and environment that they are immersed to fulfil their tasks. Thus, they also need access to private/confidential information, such as users' preferences. Moreover, smart products can exchange private/confidential information among each other to complete collaborative tasks that require information from multiple sources, such as the booking of flight tickets and hotels. Smart products can be part of highly dynamic environments, where devices can appear and disappear in non-predictable ways.
However, the amount of possible security breaches is increasing with the sheer number and variety of smart products. Equally, the variety of devices with different user interfaces also increase the complexity of administrative tasks for the end-users. Therefore, one of the main challenges of IT-security regarding smart products is the design of mechanisms that combine a customizable level of security and usability.
Current IT-security solutions tend to overstrain non-expert users. In home and enterprise environments, users are frequently forced to choose passwords for local and remote authentication and also define rules for access control, e.g., file sharing access rights. However, the imposition of such security features often lead to insecure or unpractical measures, such as written passwords and access control rules that are often too general. In addition, users tend to deactivate security mechanisms or render them useless by: not changing default passwords or leaving them blank; granting access to everyone; or turning off basic security mechanisms. This behaviour is very common nowadays, especially regarding login passwords, browser cookies, virus scanners, and file access controls.
The administration of secure features in computational systems by non-expert end-users is already a challenge. Such a fact can be easily shown by the massive number of computers that are part of bot nets, which is, in most of cases, caused by inability of such users to keep their systems up-to-date or to change default settings. Smart products add more complexity to such scenarios by increasing the administrative burden to the end-users.
The Access Manager controls the access to the knowledge stored on the product, e.g., to avoid leaking of private information about users. The initial implementation of the Access Manager module has two functionalities, access control and authentication. The main functionality is to provide security services like filtering the provided data, identify, and authenticate entities in the smart products environment. The security constraints for building up access control rule sets are regarding specific or permissive rules and also the meaning of such rules. The usability constraints for building up AC rule sets are regarding the existence of redundant rules, their consistency and understandability, and also related to the total number of rules. In the final version the users will be supported generating proper and usable access rule sets for their smart products.
Developer: Matthias Beckerle
License
|
Access Manager components
|
BSD
|
Additional Material
- D6.2.2: Final Architecture and Specification of Platform Core Services
- D4.2.2: Final Concept for Security and Privacy of Proactive Knowledge
Secure Distributed Storage