Simon Tsang

Service portability of networked appliances

Networked appliances are popularly viewed as one of the next major Internet growth areas. This document outlines an approach for delivering services to networked appliances using techniques that allow mobility of these services both in a conventional location independent sense and between physical devices. Key requirements to address this market are identified and the document then goes on to present a technical solution to meet these requirements together with worked examples. It concludes with suggestions for further work.

Accessing networked appliances using the session initiation protocol

This document proposes the use of session initiation protocol (SIP) for network-capable appliances. It leverages standard SIP capabilities to directly communicate with appliances even when they are behind firewalls, network address translators (NATs) or other entities that prevent direct end-to-end communication. When combined with the recently proposed instant messaging and presence SIP extensions these techniques become even more powerful to allow the secure and reliable access to appliances in a variety of different networked environments.

Feature interactions in services for Internet personal appliances

This paper investigates the feature interaction problem, known from traditional telephony environments, in the context of Internet personal appliances (IPA). IPAs are dedicated consumer devices which contain at least one network processor. They include the Internet alarm clock, which takes into account road conditions or expected arrival times of air planes when setting the alarm time, or the Internet enabled fridge, which keeps an inventory of groceries and issues orders to suppliers. The results of our investigation are threefold. The first part of this paper introduces a service taxonomy supported by a list of example services. The second part discusses feature interactions between services for appliances. A classification for such interactions and example interactions and possible conflicts are presented. The final part contains an outline for an approach to handle such interactions.

Verified Enforcement of Security Policies for Cross-Domain Information Flows

We describe work in progress that uses program analysis to show that security-critical programs, such as cross-domain guards, correctly enforce cross-domain security policies. We are enhancing existing techniques from the field of Security-oriented Programming Languages to construct a new language for the construction of secure networked applications, SELINKS. In order to specify and enforce expressive and fine-grained policies, we advocate dynamically associating security labels with sensitive entities. Programs written in SELINKS are statically guaranteed to correctly manipulate an entitys security labels and to ensure that the appropriate policy checks mediate all operations that are performed on the entity. We discuss the design of our main case study : a web-based Collaborative Planning Application that will permit a collection of users, with varying security requirements and clearances, to access sensitive data sources and collaboratively create documents based on these sources.

CDL: A language for specifying high-level cross-domain security policies

We describe early research on the cross-domain language (CDL). CDL represents the first comprehensive effort towards an end-user language for specifying cross-domain information release policies. The main features of CDL are (1) separation of ldquosender releaserdquo and ldquoreceiver acceptancerdquo concerns through sender and receiver rules; (2) a variety of structuring mechanisms for the modular development, management and deployment of rule bases; (3) support for a rich set of regrading operators on simple as well as complex data types; (4) support for pre and post release obligation modeling and (5) modeling of advanced active access, usage and redissemination controls for better post-release control of information. We are currently investigating how policy specifications in CDL can be mapped to lower level and more general purpose security policy specification languages such as Ponder, XACML and related enforcement frameworks. This will eventually lead to the development of automated language translation and policy verification tools.

Realizing the CDL Cross-Domain Language in the Ponder2 Policy Framework: Experiences and Research Directions

In this paper, we first present the design of the Cross-Domain Language (CDL), the first attempt to date to design a high-level end-user language for the specification of cross-domain information-release policies. We then discuss our experiences and lessons learned in implementing CDL policies on lower-level general-purpose language frameworks such as Ponder2 and highlight future directions for language design. CDL addresses the need for a high level, understandable and interoperable language targeted at policy management staff such as dissemination and release officers, security officers etc., as opposed to software developers. The ease of policy specification in CDL comes from the fact that policies are centered on the ontologies and metaphors of cross-domain information release. Combining this with the mature and time-tested features offered by general-purpose policy specification and execution environments such as Ponder2 will allow for the rapid prototyping of interoperable and efficient cross-domain solutions.

Home network configuration management and service assurance

With the growth in home networking driven by the growth of broadband delivery to home environments an opportunity exists for a network-based service assurance and configuration platform for multiple PC households. In the future we would expect this to include smart appliances, digital TV, Web tablets, etc. The configuration requirements become increasingly complex as broadband home network users start to appreciate the power of their connectivity and want to configure additional services such as remote corporate network access (VPN), personal Web server hosting, MP3-file sharing, and multi-player (on-line) gaming. In this paper we describe the motivation for this work, the requirements for providing a network-based home network management solution and then outline a potential solution architecture.

The network operator's perspective: detecting and resolving feature interaction problems

Abstract In many countries regulatory pressure is likely to force the incumbent network operators to open up their networks to other service providers. The Intelligent Network is a catalyst to allow this to be technically feasible. Clearly the network operators must address feature interaction detection within the Intelligent Network. As the size and penetration of intelligent networks (IN) increases, and the need to interwork different IN platforms, private business networks, virtual private networks and residential network services becomes greater, these issues will have to be addressed if the process of designing and provisioning new services is not to remain difficult and costly. This paper explores some of these issues from the network operators perspective and considers the impact and restrictions that they impose on feature interaction management techniques. Within these constraints a new practical approach proposed by the authors is outlined, based on the international ITU-T IN recommendations (CS-1). The approach proposes initially capturing “correct” (or signature) feature behaviour in a test environment. The signatures are then used at run-time to monitor feature behaviour and to detect deviations from the correct behaviour. The detection approach includes a predictive element, which allows some types of interaction to be avoided. In cases where this is not possible, a default call recovery approach is applied which restores the call to a known state.

Tactical cross-domain solutions: Current status and the need for change

The rapid migration of system high2 information sharing to the tactical edge has made it imperative that the DoD reexamine tactical Cross Domain Solutions/Enterprise Services (CDS/ES)3. Prior to Operation Iraqi Freedom (OIF), information sharing requirements at the tactical edge were relatively few in number and nominal in terms of data throughput, data types, and users. Cross Domain Solutions (CDS)4 deployed back then were specialized, hardened, and resistant to hacking in the event of enemy overrun. Since OIF, both the volume of battle field system high tactical networks5 as well as the operational requirements to support each of these networks (i.e., increased data throughput, data types and variety of users) have significantly increased [On Point]. When combined with additional constraints inherent to the battle space such as low latency, Size, Weight and Power (SWaP), the current approach to addressing information sharing requirements in a tactical network breaks down. Taking the traditional, point-to-point approach by making a CDS smaller and more robust in the tactical environment may be adequate in the near term. However, this approach will not support the requirements levied upon next generation warfighting systems. In the future, interdependent tactical networks will be required to exhibit a dynamic (self organizing) nature, supporting adaptability and quick response to data ingress and egress. Nodes on these future networks will also need to operate with severely limited bandwidth and other operational and/or environment constraints. Therefore it is necessary to examine current and future information sharing requirements at the tactical edge from both the CDS/ES developer as well as user perspective. This position paper will discuss both perspectives in order to allow a better understanding of the current CD problem space, as well as gain insight into building the next generation CDS/ES.