A framework for measuring security of services in ubiquitous computing environments

Abstract

In a ubiquitous environment it is imagined that services can be combined together to create software systems composed of services. This will offer goal orientated solutions that present functionality greater than their component parts. The idea that a system can be created out of existing services will provide many benefits and allow multiple complex systems to be created, deployed and operated with a reduction in the investment of both time and money for the creation of new systems. This idea can offer further benefits when utilising mature commercial off the shelf components that are proven to be fit for purpose and will reduce the workload in creating a new system. However this approach poses many questions and challenges for the provision of secure systems users can have faith in. These challenges include ensuring secure operation in a multi system environment where the management of some services is outside of the system operator's control, and ensuring one poorly secured service cannot harm the composite system and cause damage or loss to the users of that system. Our current work is focused on methods to provide the means of identifying a secure composition and methods for analysing a composition and providing information about the status of security available within the composition. We propose a framework that will allow service users and system composers the means to identify poorly secured systems or those exhibiting security issues. This will assist them in making a decision about whether to utilise the service or select another more secure service.