 |
The Second International Multi-Conference on Computing in the Global Information Technology ICCGI 2007 March 4-9, 2007 - Guadeloupe, French Caribbean |
| Tutorials |
Note: Tutorials are free of charge
T1. Mobile P2P
by Ouri Wolfson
T2. Security patterns and secure systems design
by Maria M. Larrondo-Petrie
Content:
In this tutorial I will discuss the research issues and approaches to mobile P2P databases.
A mobile peer-to-peer (P2P) database is a database that is stored in the peers of a mobile P2P network. The network is composed by a finite set of mobile peers that communicate with each other via short range wireless protocols, such as IEEE 802.11, Bluetooth, Zigbee, or Ultra Wide Band (UWB). These protocols provide broadband (typically tens of Mbps) but short-range (typically 10-100 meters) wireless communication. On each mobile peer there is a local database that stores and manages a collection of data items, or reports. A report is a set of values sensed or entered by the user at a particular time, or otherwise obtained by a mobile peer. Often a report describes a physical resource such as an available parking slot. All the local databases maintained by the mobile peers form the mobile P2P database. The peers communicate reports and queries to neighbors directly, and the reports and queries propagate by transitive multi-hop transmissions.
In contrast to the assumptions made in the literature on Mobile Ad Hoc Networks (MANET's) and Mesh Networks, a peer may not know the identities of other peers in the network and the data they store. Thus, routing in the traditional MANET sense is not a common operation in mobile P2P databases.
Mobile P2P databases enable matchmaking or resource discovery services in many application domains, including social networks, transportation, mobile electronic commerce, emergency response, and homeland security.
Communication is often restricted by bandwidth and power constraints on the mobile peers. Furthermore, often reports need to be stored and later forwarded, thus memory constraints on the mobile devices constitute a problem as well. Thus, careful and efficient utilization of scarce peer resources (specifically bandwidth, power, and memory) are an important challenge for mobile P2P databases.
Analysis and design patterns are well established to build high-quality object-oriented software. Patterns combine experience and good practices to develop basic models that can be used for new designs. Security patterns join the extensive knowledge accumulated about security with the structure provided by patterns to provide guidelines for secure system design and evaluation. We show a variety of security patterns and their use in the construction of secure systems. These patterns include Authentication, Authorization, Role-based Access Control, Firewalls, Web Services Security, and others. We apply these patterns through a secure system development method based on a hierarchical architecture whose layers define the scope of each security mechanism. First, the possible attacks and the rights of the users are defined from the use cases using a Role-Based Access Control (RBAC) model. The attacks are used to find the necessary policies, while the rights are reflected in the conceptual class model. We then define additional security constraints that apply to distribution, interfaces, and components. The patterns are shown using UML models and some examples are taken from our book “Security Patterns: Integrating security and systems engineering” (Wiley 2006).
Keywords: object-oriented design, patterns, secure systems design, security, software architecture,
Tutorial objectives: Attendees will be able to understand security patterns and how can they be used to build secure systems. General knowledge of UML and object-oriented design is assumed. Understanding of basic security concepts is helpful but not necessary
