Trusted or Untrusted—
Defining the Permissions of Guests.
Matthew Johnson
University of Cambridge Computer Laboratory
Smart Environments
Embed computing in the environment.
Recognize and obey us.
Ignore everyone else.
People need to be able to use it.
People will buy what works, not what is secure.
Guests
In real life there are people the system doesn't recognise who we want it to obey.
People we invite in we want to have limited control over the environment.
How do you express 'invite' in code?
How do you define scope and duration?
How Smart Environments Work
Object/Subject tagging.
Position-based.
Active Bat
Track everything
Centralised decision management
Proximity-based.
Limited centralisation
Short range wireless comms
Decisions and functionality mainly localised
Identifying Guests
How do you know who is a guest and who is a stranger?
Guests have been invited into the house.
Guests have the permission of a user.
Defining Access Permissions
Once we have identified a guest we need to be able to specify what they can and can't do.
Appliances already have a security policy/use model—can we use that?
Must not be complex to use
As a guest
As the owner when admitting a guest
As the owner during normal use
Demo
Demo Concepts—Security Policies
Existing security policy for appliances—if you can touch it you can use it.
Harness this policy for the digital world as well, and rely on the current social restrictions to still apply.
Guest can therefore ‘self authorize’ by performing an action which places them inside the house.
Demo Concepts—Types of Function
Some appliance functions we are happy to have any guest use, and rely on social norms to police them.
Some functions we may want to be more picky about, or possibly disallow altogether
Four types of function:
Guests can use without authorisation
Guests need authorisation once
Guests need authorisation every time
No guests
Demo Concepts—Implementation
Anything for which being a guest is sufficient can be self-authorised.
Callback mechanism required for authorisation with an admin.
With the aid of these four function types we can make configuration simpler for the user.
Other Appliances and Delegation
Guests may stay for an extended period of time in which they are staying in a bedroom.
Light, heating and so on controls in their room.
Access control to the house and/or bedroom.
May wish to delegate control of their room to them.
May wish to make some privacy guarantees within their room.
Conclusion
Smart homes will become a reality.
Initial systems will provide functionality and not security to be acceptible.
People will want to be able to have guests.
Can we provide security which allows guests and yet is still acceptible and does not restrict functionality?