Security and Dependability for Ambient Intelligence Advances in Information Security Sushil Jajodia Consulting Editor Center for Secure Information Systems George Mason University Fairfax, VA 22030-4444 email: [email protected] The goals of the Springer International Series on ADVANCES IN INFORMATION SECURITY are, one, to establish the state of the art of, and set the course for future research in information security and, two, to serve as a central reference source for advanced and timely topics in information security research and development. The scope of this series includes all aspects of computer and network security and related areas such as fault tolerance and software assurance. ADVANCES IN INFORMATION SECURITY aims to publish thorough and cohesive overviews of specific topics in information security, as well as works that are larger in scope or that contain more detailed background information than can be accommodated in shorter survey articles. The series also serves as a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook treatment. Researchers, as well as developers, are encouraged to contact Professor Sushil Jajodia with ideas for books under this series. For other titles published in this series, go to www.springer.com/series/5576 Security and Dependability for Ambient Intelligence Edited by George Spanoudakis City University London London, UK Antonio Maña Gomez University of Malaga Malaga, Spain Spyros Kokolakis University of the Aegean Karlovassi, Greece Editors: George Spanoudakis Antonio Maña Gomez City University London University of Malaga School of Informatics E.T.S.I. Informática Northampton Square Campus de Teatinos London EC1V 0HB 29071 Malaga UK Spain [email protected] [email protected] Spyros Kokolakis University of the Aegean GR-83200 Karlovassi Greece [email protected] ISBN 978-0-387-88774-6 e-ISBN 978-0-387-88775-3 DOI 10.1007/978-0-387-88775-3 Library of Congress Control Number: 2009926319 © Springer Science+Business Media, LLC 2009 All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. Printed on acid-free paper springer.com Preface This book presents the results of research related to the development and dynamic deployment and adjustment of solutions that enhance the security and dependabil- ity of Ambient Intelligence (AmI) ecosystems, i.e. dynamic, open environments characterised by the coexistence of distributed and highly heterogeneous applica- tions, devices, and users that interact and collaborate in order to achieve their goals. The book is based on research that has been undertaken as part of the SERENITY project, an integrated project funded by the European Framework 6 Programme, which started in January 2006 and ended in December 2008. The general aim of SERENITY has been to enhance security and dependability of AmI ecosystems by providing a framework supporting the development, inte- gration, configuration, monitoring and adaptation of security and dependability mechanisms for such systems. The key approach in the development of this framework is the use of security and dependability (S&D) patterns. The purpose of these patterns is to encode the knowledge and experience of experts in security and dependability mechanisms into models that describe the mechanisms and their deployment, and make them available to application developers for use. The approach undertaken in SERENITY builds upon earlier experience in the use of patterns for modeling security and dependability solutions. However, it models and uses patterns in novel ways, most notably to support the automatic se- lection, deployment, integration, monitoring and adaptation of S&D solutions at runtime. The S&D patterns of SERENITY advance previous work by modeling explicitly the security and dependability properties which are achieved by differ- ent solutions and contextual conditions for the successful deployment of these so- lutions that should be monitored at runtime. SERENITY S&D patterns provide also direct links to implementations that can be used to achieve dynamic invoca- tion, integration and adaptation of solutions during the operation of AmI ecosys- tems. To realize its approach, SERENITY has developed advanced methods, tools, and techniques for the specification and formal verification of patterns, and run- time frameworks for (a) selecting, configuring linking and adapting S&D solu- tions for applications at runtime, and (b) detecting, diagnosing and reacting to vio- lations or potential violations (threats) of conditions that underpin the deployment of these solutions at runtime. The operations of both these frameworks are driven by S&D patterns. Research results of SERENITY have been published in various scientific fora during the course of the project. This book complements earlier publications by providing the first advanced and integrated account of the tools, methods and techniques that have been developed in the project and discussing them in the con- text of the broader related literature. To provide a succinct and non SERENITY−biased view over this literature, we have also included two chapters that cover the broader themes of security and dependability engineering and the use of security and dependability patterns in system engineering. These chapters vi Preface have been written by internationally renowned researchers outside the SERENITY consortium. Following an introductory chapter providing an overview of the problem of se- curity and dependability in AmI ecosystems and the SERENITY approach to this problem, this book is organized in six parts. Part A covers the foundations of secu- rity and dependability engineering. Part B gives an account of the representation of security and dependability solutions in SERENITY based on the notion of S&D Patterns and provides examples of such patterns for different types of systems and technologies. Part C discusses the processes for developing security and depend- ability solutions in SERENITY and applications that can make use of these solu- tions through the support of the SERENITY framework. Part D discusses the run- time framework of SERENITY and the support that it offers for the dynamic selection, configuration, monitoring and adaptation of S&D solutions as part of different applications. Part E includes chapters which consider the problem of se- curity and dependability from organizational and legal perspectives and cover work that has been undertaken in SERENITY in these areas. Finally, Part F pro- vides a number of case studies demonstrating the use of the SERENITY approach and supporting technologies in different domains, and reporting relevant experi- ences. The final part of the book includes an overview of directions for further re- search for the enhancement of SERENITY. Our hope is that this book will be useful to professionals and researchers with an interest in security and dependability engineering for highly distributed and dy- namically adjustable AmI ecosystems. Our coverage of the subject has inevitably been biased by the “SERENITY approach” and, to this end, it might not cover re- lated work to the extent that different individual readers would expect. We apolo- gise for this hoping that readers will appreciate that a detailed coverage of all re- lated approaches had not been our main objective during the preparation of the book. We also hope that, despite its partiality in this respect, the book will still be useful to researchers and practitioners and enjoyed. Finally, we would like to warmly thank all the authors who have contributed to this book and the reviewers who provided indispensable and constructive advice for the selection and improvement of the chapters in it. Last but not least, we thank the European Commission for supporting financially the research of SERENITY (FP6-IST-2006-27587) and Springer for trusting us and supporting this publication. December 2008 George Spanoudakis Antonio Maña Spyros Kokolakis Contents Preface v-vi 1 Introduction: The SERENITY vision Antonio Maña, George Spanoudakis and Spyros Kokolakis …….....……..1 Part A: Foundations of Security and Dependability Engineering 2 Security and Dependability Engineering Jan Jürjens……………………………………………………....……...21 3 Security Patterns and A Methodology to Apply them Eduardo B. Fernandez………………………………………....….. …….37 Part B: The SERENITY Security and Dependability Artefacts 4 Specification of Security and Dependability Properties Sigrid Gürgens and Gimena Pujol………………………………………49 5 Representation of Security and Dependability Solutions Francisco Sánchez-Cid, Antonio Maña, George Spanoudakis, Christos Kloukinas, Daniel Serrano and Antonio Muñoz………………69 6 Security and Dependability Solutions for Web Services and Workflows Spyros Kokolakis, Panagiotis Rizomiliotis, Azzedine Benameur and Smriti Kumar Sinha…………………………….97 7 Security and Dependability Solutions for Networks and Devices Sigrid Gürgens and Andreas Fuchs………………………………....….107 Part C: Developing SERENITY Aware Applications and S&D solutions 8 SERENITY Aware Development of Security and De- pendability Solutions Daniel Serrano, Antonio Maña, Rafael Llarena, Beatriz Gallego-Nicasio Crespo and Keqin Li………………….…….127 viii Contents 9 Verification of S&D Solutions for Network Communica- tions and Devices Carsten Rudolph, Luca Compagna, Roberto Carbone, Antonio Muñoz and Jürgen Repp……………………………….…….143 10 SERENITY Aware System Development Process Daniel Serrano, Antonio Maña, Rafael Llarena, Beatriz Gallego-Nicasio Crespo and Keqin Li………………….…….165 Part D: Runtime Support for Security and Dependability 11 The SERENITY Runtime Framework Beatriz Gallego-Nicasio Crespo, Ana Piñuela, Pedro Soria-Rodriguez, Daniel Serrano and Antonio Maña …..…….183 12 Pattern Driven Selection and Configuration of S&D Mechanisms at Runtime Beatriz Gallego-Nicasio Crespo, Ana Piñuela, Pedro Soria-Rodriguez, Daniel Serrano and Antonio Maña …..…….199 13 The SERENITY Runtime Monitoring Framework George Spanoudakis, Christos Kloukinas and Khaled Mahbub ……………………………………………………….213 14 Diagnosis and Threat Detection Capabilities of the SERENITY Monitoring Framework Theocharis Tsigkritis, George Spanoudakis, Christos Kloukinas and Davide Lorenzoli ……………………..…….239 Part E: Dealing with Security and Dependability at Organisational and Legal Levels 15 Organisational Pattern Driven Recovery Mechanisms Valentina Di Giacomo, Domenico Presenza and Carlo Riccucci ………………………………………………….…….275 16 Legal Issues of Ambient Intelligence in the SERENITY Project Alžběta Krausová and Jos Dumortier …………………………1…….291 Part F: Experiences and Future Directions 17 SERENITY in e-Business and Smart Item Scenarios Azzedine Benameur, Paul El Khoury, Magali Seguran and Smriti Kumar Sinha …………………………………………….…….305 Contents ix 18 Realising the Potential of Serenity in Emerging AmI Eco- systems: Implications and Challenges Álvaro Armenteros, Laura García, Antonio Muñoz and Antonio Maña ………………………………………………………….323 19 Applying the SERENITY Methodology to the Domain of Trusted Electronic Archiving Jan Porekar, Tomaž Klobučar, Svetlana Šaljič and Dušan Gabrijelčič …………………………………………………….343 20 SERENITY in Air Traffic Management Massimo Felici, Valentino Meduri, Alessandra Tedeschi and Carlo Riccucci ………………………………………………….…….359 21 Future Directions Antonio Maña, George Spanoudakis and Spyros Kokolakis ………….379 Index ………………………………………………………………………….385 Part A: Foundations of Security and Dependability Engineering