Andrés Marín

Developing a model for trust management in pervasive devices

Pervasive devices interacting in open and dynamic spaces with each others require a mechanism that allows them acting autonomously in a secure way and protecting their resources. Trust is fundamental to establish communication with other users, because the identity is often uncertain and on ones own does not provide trust information, for instance, could an unknown user be trustworthy? Nowadays, these devices have a so limited security support. So, we propose a simple trust management model to enhance such support, allowing them interact in ad hoc networks and peer-to-peer applications in a secure way. In this paper, our main contribution is a mathematical and a probabilistic model, as well as demonstrating the model feasibility, since it has been assessed through the prototype implementation, which has been tested in a Pocket PC

Media cloud: an open cloud computing middleware for content management

Cloud computing allows accessing resources across Internet transparently: requiring no expertise in, or control over the underlying infrastructure. There is an increasing interest in sharing media files with family and friends. However, UPnP or DLNA were not designed for media distribution beyond the boundaries of a local network and manage media files through web applications can be tedious. To overcome this problem, we propose Media Cloud, a middleware for Set-top boxes for classifying, searching, and delivering media inside home network and across the cloud that interoperates with UPnP and DLNA.

Enhancing privacy and dynamic federation in IdM for consumer cloud computing

Consumer cloud computing paradigm has emerged as the natural evolution and integration of advances in several areas including distributed computing, service oriented architecture and consumer electronics. In this complex ecosystem, security and identity management challenges have cropped up, given their dynamism and heterogeneity. As a direct consequence, dynamic federated identity management with privacy improvements has arisen as an indispensable mechanism to enable the global scalability and usability that are required for the successful implantation of Cloud technologies. With these requirements in mind, we present an IdM architecture based on privacy and reputation extensions compliance with the SAMLv2/ID-FF standards1.

TrustAC: trust-based access control for pervasive devices

Alice first meets Bob in an entertainment shop, then, they wish to share multimedia content, but Do they know what are trustworthy users? How do they share such information in a secure way? How do they establish the permissions? Pervasive computing environments originate this kind of scenario, users with their personal devices interacting without need of wires, by forming ad-hoc networks. Such devices considered pervasive are having increasingly faster processors, larger memories and wider communication capabilities, which allows certain autonomy for collaborating and sharing resources. So, they require a suitable access control in order to avoid unauthorised access, or disclosure/modification of relevant information; in general, to protect the data that are usually confidential and the resources. This paper presents a distributed solution for access control, making use of the autonomy and cooperation capability of the devices, since in open dynamic environments is very difficult to depend on central server. The access control is based on a pervasive trust management model from which trust degrees are dynamically obtained. We present the TrustAC reference and functional model, as well as a prototype implementation using XACML-compliant policies.

Sharing conditional access modules through the home network for pay TV access

In this article we present a system for sharing a Conditional Access Module among different visualization devices. Current pay-TV systems require having conditional access modules and smart cards replicated at every visualization device willing to access Pay-TV contents. In this article, we show how a home gateway, capable of securely distribute decryption keys, home visualization devices, an inexpensive descrambler, and a home network, enable a flexible solution to access Pay-TV.

Media Cloud: Sharing contents in the large

Cloud computing allows accessing resources across Internet transparently: requiring no expertise in, or control over the underlying infrastructure. UPnP or DLNA were not designed for media distribution beyond the boundaries of a local network. To overcome this problem, we propose Media Cloud, a home gateway service for classifying, searching and delivering media across the cloud that interoperates with UPnP and DLNA.

Overhead of using secure wireless communications in mobile computing

Secure wireless communications are fundamental in any interaction in order to avoid security and privacy breaches, especially from mobile devices. The use of this kind of communications is far more frequent and the number of users increases day after day. This paper shows and analyzes the support, performance and consumption of cryptographic algorithms and cipher suites in terms of time and energy when secure communications (i.e., using SSL) are established according to different security levels. This study has been performed in distinct operating systems, and using different browsers and libraries.

Pervasive authentication and authorization infrastructures for mobile users

Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.

A refinement calculus for the synthesis of verified hardware descriptions in VHDL

A formal refinement calculus targeted at system-level descriptions in the IEEE standard hardware description language VHDL is described here. Refinement can be used to develop hardware description code that is “correct by construction”. the calculus is closely related to a Hoare-style programming logic for VHDL and real-time systems in general. That logic and a semantics for a core subset of VHDL are described. The programming logic and the associated refinement calculus are shown to be complete. This means that if there is a code that can be shown to implement a given specification, then it will be derivable from the specification via the calculus.

Transformation of timing diagram specifications into VHDL code

Timing diagrams with data and timing annotations are introduced as a language for specifying interface circuits. In this paper we describe how to generate VHDL from timing diagrams in order to get a hardware implementation or simply to get VHDL code for stimuli to be used in a test bench. By giving timing diagrams a formal semantics in terms of T-LOTOS, we can apply optimizing correctness-preserving transformation steps. In order to produce good VHDL code on the way to a hardware implementation it is of great importance to introduce structures into the final description that are not automatically derivable from a given specification. The designer is rather asked to assist in introducing a structure by applying a bottom-up interactive synthesis procedure.