Pervasive computing envisions a world in which we are surrounded by embedded, networked devices, which gather and share information about people, such as their location, activity, or even their feelings. Some of this information is confidential and should be released only to authorized entities. In this thesis, I show how existing solutions for controlling access to information are not suf- ficient for pervasive computing. In particular, there are four challenges: First, there will be many information services, run by different organizations, even in a single social environment, which makes centralized access control infeasible and authorization management difficult. Second, there will be complex types of information, such as a person s calendar entry, which could leak other kinds of information, such as the person s current location. Third, there will be services that derive specific information, such as a person s activity, from raw information, such as a videostream, and that become attractive targets for intruders. Fourth, access decisions could be constrained based on confidential information about an individual s context and could leak this confidential information.

This thesis presents a distributed access-control architecture for pervasive computing that supports complex and derived information and confidential context-sensitive constraints. Namely, the thesis makes the following contributions: First, I introduce a distributed access-control architecture, in which a client proves to a service that the client is authorized to access the requested information. Second, I incorporate the semantics of complex information as a first-class citizen into this architecture, based on information relationships. Third, I propose derivation-constrained access control, which reduces the in- fluence of intruders into a service by making the service prove that it is accessing information on behalf of an authorized client. Fourth, I study the kinds of information leaks that confidential context-sensitive constraints can cause, and I introduce access-rights graphs and hidden constraints to address these leaks. Fifth, I present obscured proof-of-access descriptions, which allow a service to inform a client of the required proof of access without leaking confidential information being part of this description. Sixth, as an alternative approach, I introduce an encryption-based access-control architecture for pervasive computing, in which a service gives information to any client, but only in an encrypted form.

217 pages

Return to: SCS Technical Report Collection
School of Computer Science

This page maintained by reports@cs.cmu.edu