ROS used in secure gadget network researchBy Chris Williams. Published: 17th Nov 2006, 15:29:07 | Permalink | Printable
Uni boffins' lab includes A9home and Iyonix Academics at a Liverpool university used RISC OS kit while prototyping future technologies for mobile and embedded gadgets. A9home and Iyonix hardware running RISC OS were used alongside PDAs and other devices as part of the government funded project. The group of seven Liverpool John Moores University computer scientists and mathematicians spent three years focusing on encouraging gadgets to work together in a much more secure fashion.
Working within the field of ubiquitous computing, the project studied ways of making networks of devices that can safely transfer data and other information between themselves. People using the 'embedded' gadgets would be unaware they are using a computer or a mesh of linked up devices.
Team member and RISC OS software developer Dr David Llewellyn-Jones said: "The A9home has been a very good device to work on. It has the right sort of characteristics, and it's easy to get consistent and relevant timings - this is one area where co-operative multitasking RISC OS actually helps, and the results in a number of our publications were produced with RISC OS.
"It also has the right physical characteristics to fit in with the idea of ubiquitous computing. I think it has great potential in the networked appliance realm as well. It made sense to test the system running on the A9home, since in essence it can perform much like a PDA-class device, as long as we don't use the hard disc and so on. It's also much easier to develop and test on than would be the case on a PDA."
Generally speaking, when computer networks first appeared, they were geared towards linking together warehouse-sized machines. In modern times, portable music players, personal organisers, mobile phones, watches, games consoles and other devices can be networked together and used alongside computers.
It's envisaged that one day, everything from household appliances to the satnavs in our cars will be brought together in one large network of devices; our applications, documents and other data will be shared out and no longer stored on a central hard disc. As the price of hardware continues to fall and electronics are further miniaturised, computers will be able to easily 'hide' in appliances and other ordinary equipment. If you need to borrow a biro pen and see one lying on a desk at work, you'd not feel guilty for using it to jot down a message on a nearby post-it note - now imagine doing that with an electronic gadget left on a desk, coffee table or the back seat of a car.
David said: "Ubiquitous computing is the vision attributed to Mark Weiser, the chief technology officer at XEROX PARC, who introduced the notion in his seminal paper 'The computer for the 21st century'. In this he posited a future in which computers become smaller, more portable, pervasively networked and ubiquitous.
"It's sometimes claimed that we've already reached this point, in that we have ubiquitous portable devices, mobile phones, wireless networking etc. However, I'm personally of the opinion that we still have a long way to go. The missing parts are the social aspects of what Weiser described: rather than each of us having our own devices, computers would become so ubiquitous that the hardware would no longer be something that we would feel the need to 'own' individually.
"Devices might be scattered around a room and we'd just pick up whatever device was most appropriate for the job. Most of the time we'd not necessarily even realise we were using a computer. This is often referred to as 'disappearing hardware' and Weiser likened it to the 'literacy technology' that we use today. We hardly even notice most of the writing that's around us even though we absorb its meaning, and we'd not feel too bothered about picking up a pen and using it, even if it didn't belong to us."
Trust in us
With this in mind, the LJMU project, which started in 2003 and concluded earlier this year, had security at the top of its agenda - what if a gadget with an untrusted user or malicious software installed on it were to join the network?
Running anti-virus packages, firewalls and similar checks on battery-powered kit is unfeasible, so some other form of security enforcement must be used. Devices could be ring-fenced into trusted groups, although the team considered loosening up these groups by making mesh more sophisticated and dynamic.
|The thin blue line
The project's "secure component composition" technology polices the network by considering the security properties of the connected devices. For example, there is a property called Non-Interference, which looks at the movement of data between machines. This determines whether data sent to one device is then being sent on to something else.
The flow of data around a collection of devices is established, and as long as each of these devices has been given permission to access the particular data, there is no problem. If a device has insufficient permission to access the data, the system is alerted and data flow can be cut off to the offending device.
David has been working on putting this design into practice by writing code that discovers the properties of devices and their relationships and interactions.
They drew up and designed a software 'framework' that allowed a network to track where data was flowing between gadgets, and take action if information was going to land in the hands of inappropriate appliances. It can also detect some common bugs present in software which could lead to a vulnerable yet trusted program being exploited and possibly deliberately crashed or taken over by a malicious third-party.
David explained: "Ubiquitous computing sounds great as a kind of utopian vision of computing, but there are serious technical reasons why it might not be quite so simple to achieve. High on the list of challenges is the issue of security.
"Traditionally network security has been tightly bound up with the process of enforcing boundaries between potential attackers and the computers that need to be protected. Firewalls, intrusion detection systems and security policies all rely on this kind of idea. With ubiquitous computing, the imposition of boundaries no longer makes so much sense.
"For example, data is unlikely to be stored centrally and we may need to access it from any device anywhere in the world. It can be harder to create well-defined boundaries in a wireless network. Moreover, it's even more difficult to define boundaries when the ownership of devices and networks becomes blurred.
"One solution might be to apply strong security on every single device, much as is done with virus checking now. However, when computers are mobile, battery powered and resource constrained, this is not such a great idea either. Too much security might have a serious impact on the effectiveness of such devices. The project I've been working on has been trying to strike some sort of 'middle ground' if you like, by making use of 'secure component composition'."
|Tools of the trade
As well as a Samsung ARM9-powered A9home, David also uses an Intel IOP321-powered Iyonix for development and testing. Software written by him starts off life in source code editor Zap. The project's source code is written in C/C++ using GCC, and the software uses straight forward text input and output. Diagrams for papers and presentations were drawn up in ArtWorks, while ArmTeX was used for typesetting. Occasionally Word and TechWriter were employed, and Photodesk was used to touch up bitmap output from ArtWorks. Ghostscript and RiScript produced the postscript and PDF output. David said his work could be done as easily on RISC OS as on Windows, but preferred the ARM-compatible platforms for testing. Other members of the project team tended to use Windows, hence the need for Word-support.
The prototype framework sets up a network where a number of so-called 'agents' leapfrog from device to device to complete the tasks they are assigned to fulfill. An agent is a piece of software charged with performing a particular task or activity, and the mobile agents move between gadgets using the resources available as they need them.
They can freeze themselves, preserving their state, and transfer themselves as a payload to another device to resume execution. The agents are written in a custom bytecode programming language that closely resembles ARM assembly - allowing them to work across different platforms by running on a special interpreter, known as a 'virtual machine', on the host device. The agents are monitored and analysed as they move around, allowing the flow of data and other properties to be identified.
The team now hope their research work is put to use in product markets where appliances are networked together; for example, your TV could automatically route sound through to the hi-fi's speakers, while your landline telephone or mobile phone work intelligently with the TV and hi-fi to create an intercom. David has also fed some of the work back into the free software on his website, such as Compose.
David said: "I do find [ubiquitous computing] an interesting vision of computing. Whether it'll actually happen is another matter. Even with the ubiquity of mobile phones, they're still not treated quite in this way."
He added: "From a hardware perspective, the A9home would make a great multimedia hub. The difficulty is video playback, but I was rather excited to see Cineroma working on an A9home at the Wakefield show, providing some hope that this might eventually be a possibility.
"The mobile phone demonstrated with the A9Home at Wakefield also caught my attention for the same reason. Java is also a bit of a problem though, since the networked appliance prototype that has been created by the Networked Appliance Lab at the University is based on JXTA. It would be good to get the A9home working as part of the framework if possible."
Part of the secure component composition process requires the properties of the mobile code bytecode to be established. This is done using a code analysis engine, seen working here.
An example illustration produced using ArtWorks
Some experimental results conducted on and displayed on the A9home
The project lab
The A9home and a bevy of PDA gadgets
To test the bytecode interpreter, a maze generation program, written in the special programming language for the agents, is put through its paces
"Secure component composition for personal ubiquitous computing" and the project website
M. Weiser. "The computer for the 21st century." Scientifc American International Edition, 265(3):66--75, 1991
I. Djordjevic, T. Dimitrakos, "Towards dynamic security perimeters for virtual collaborative networks." In Trust Management, Second International Conference, iTrust 2004. Proceedings, Oxford, UK, 29 March-1 April 2004
P. Ryan, C. Mellon, J. McLean, J. Millen, V. Gligor. "Non-interference, who needs it?" In 14th IEEE Computer Security Foundations Workshop (CSFW-14), Proceedings, pages 237--238, Cape Brenton, NS, 2001. Institute of Electrical and Electronics Engineers Computer Society
Q. Shi, N. Zhang. "An effective model for composition of secure systems." Journal of Systems and Software, 43(3):233--44, 1998
B. Askwith, Q. Shi, M. Merabti, "Secure Component Composition for Networked Appliances." Proceedings of the 5th IEEE International Workshop on Networked Appliances, Liverpool, UK, October 2002
D. Llewellyn-Jones, M. Merabti, Q. Shi, B. Askwith, D. Reilly, "Improving Interoperation Security through Instrumentation and Analysis." First International Workshop on Interoperability Solutions to Trust, Security, Policies and QoS for Enhanced Enterprise Systems (IS-TSPQ 06), Bordeaux, France, 21 March 2006
D. Llewellyn-Jones, M. Merabti, Q. Shi, B. Askwith, "Buffer Overrun Prevention Through Component Composition Analysis." COMPSAC 2005, Edinburgh, UK, July 2005
Previous: Firefox 2 will be Iyonix-only
Next: Flash 7 player port started
DiscussionViewing threaded comments | View comments unthreaded, listed by date | Skip to the end
Please login before posting a comment. Use the form on the right to do so or create a free account.
Search the archives
Today's featured article
New RISC OS ownership claim may derail ROOL RiscPC ROM release
RISCOS Ltd, the developers of RISC OS 4 and 6, may attempt to block RISC OS Open Ltd from releasing a RiscPC-compatible ROM built from the RISC OS 5 Shared Source project, drobe.co.uk has learned.
131 comments, latest by Stoppers on 20/5/09 5:58PM. Published: 10 Dec 2008
Improved floating point emulation for RISC OS
Mech's SuperFPEm 2.33 released [Updated]
8 comments, latest by jmcarey on 11/10/02 12:48PM. Published: 1 Oct 2002
News and media:
RISCOS Ltd •
RISC OS Open •
MW Software •
Advantage Six •
CJE Micros •
Liquid Silicon •
Chris Why's Acorn/RISC OS collection •
The Register •
The Inquirer •
Apple Insider •
BBC News •
Sky News •
Google News •