Adaptive security in smart spaces: Dissertation

Smart spaces - like smart homes, smart offices and smart cities - exploit various resources in order to offer enriched services and information for the end users. Achieving security in such a dynamic and heterogeneous environment with pre-defined and static security mechanisms is a challenging task. Hence, solutions for self-adaptive security are needed. Self-adaptive security is able to automatically select security mechanisms and their parameters at runtime in order to preserve the required security level in a changing environment. The research problem of the dissertation is how to achieve security adaptation in a smart-space application. For this dissertation, architecture and knowledge base objectives were set. The objectives were satisfied with security-adaptation architecture that contains an adaptation loop and an ontology-based knowledge base for security. The adaptation loop conforms to the Monitor, Analyse, Plan, Execute and Knowledge (MAPE-K) model, which is a widely applied reference model in autonomic computing. The ontology-based knowledge base offers input knowledge for security adaptation. The research was carried using five cases, which iteratively developed the architecture and the knowledge base for security adaptation. The contributions of the dissertation are: Firstly, reusable adaptation architecture for security is presented. The architecture strictly conforms to the MAPE-K reference model and defines all phases in it. Moreover, the architecture is the first that specifically separates security knowledge from the adaptation loop. Secondly, the architecture supports the utilisation of security measures to recognise an adaptation need. Security measures are presented by means of a three-level structure in order to achieve systematic monitoring. Due to the suggested architecture, it is possible to reuse and extend the defined security measures. Thirdly, this is the first time that an ontology has been applied for security adaptation. Hence, the Information Security Measuring Ontology (ISMO) acts as the knowledge base for the security adaptation. The ISMO is applicable at design-time and runtime alike. At design-time, the ISMO offers knowledge for the software architect, in order to design an application with security-adaptation features. In contrast, the application searches knowledge from the ISMO at runtime, in order to automatically perform the security adaptation. Utilising the ontology as a knowledge base ensures that the knowledge is presented in a reusable and extensible form. Moreover, the application does not need hard-coded adaptation knowledge.