Towards a Platform for Widespread Embedded Intelligence - ERCIM
Towards a Platform for Widespread Embedded Intelligence - ERCIM
Towards a Platform for Widespread Embedded Intelligence - ERCIM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
embedded devices, but threaten the<br />
devices' dependability and security properties.<br />
In the context of an open component-based<br />
system that supports unmanaged<br />
upgrading and extension (changing<br />
the software configuration), it is possible<br />
that component-based devices may host<br />
unstable components that could negatively<br />
affect the devices' dependability.<br />
Here, the most risky scenario is the download<br />
of new components to extend the<br />
system's capabilities; this exposes the system's<br />
internals to potentially malicious<br />
components that may compromise the<br />
system's overall security.<br />
Recent research indicates that the use of<br />
Trust Management can be a useful tool<br />
when addressing the dependability and<br />
security concerns encountered in distributed<br />
and embedded systems.<br />
The Trust4All project has embraced this<br />
emerging topic and investigated its application<br />
in the context of component-based<br />
embedded systems. Our approach has<br />
been to extend the component-based<br />
middleware, first developed within the<br />
EU-ITEA Robocop and Space4U projects,<br />
to include a Trustworthiness<br />
Management Framework (TMF), as<br />
shown in the figure. This framework provides<br />
low-level mechanisms that can be<br />
used to control and en<strong>for</strong>ce components'<br />
behaviour, based upon established<br />
Trustor-Trustee relationship. The goal of<br />
TMF is to support easy and late (possibly<br />
runtime) integration of components and<br />
still have dependability and security<br />
properties that are satisfactory to the user.<br />
The TMF design addresses the following<br />
challenges:<br />
• The TMF acts on behalf of Trustors<br />
and explicitly takes their trust requirements<br />
into account.<br />
• The TMF makes use of 'metric<br />
sources' to monitor and report on the<br />
system's overall behaviour.<br />
• The TMF makes use of 'actuators' to<br />
control a Trustee's mode of operation,<br />
thereby influencing the system's<br />
behavioural characteristics.<br />
• The TMF makes use of the Space4U<br />
Resource Management Framework to<br />
decide whether a component's<br />
requested mode of operation should be<br />
allowed from a resource consumption<br />
point of view.<br />
A core part of the TMF is the<br />
Trustworthiness Evaluation Function<br />
(TEF), which is responsible <strong>for</strong> calculating<br />
the trustworthiness of a component/Trustee.<br />
It can be parameterised<br />
with Trustor-specific dependability and<br />
security requirements. By analysing a<br />
Trustee's 'estimated quality attributes'<br />
and recommendations, the TEF can evaluate<br />
a component's 'present trustworthiness'<br />
(or compliance) in terms of the<br />
degree to which it satisfies the Trustor's<br />
stated dependability and security<br />
requirements. Through analysis of component's<br />
behaviour, the TEF calculates<br />
(utilising Subjective Logic) the 'believed<br />
trustworthiness' of a component in terms<br />
of the following aspects:<br />
• Benignity: the belief that the component<br />
will continue to satisfy the<br />
Trustor's requirements,<br />
• Stability: the belief that the Trustee's<br />
behavioural qualities of will remain<br />
within a given neighbourhood.<br />
The triple of compliance, benignity, and<br />
stability is used to make control decisions<br />
that regulate the system's overall<br />
dependability and security characteristics.<br />
For example, when a component<br />
with positive compliance begins to show<br />
a reducing benignity, the TMF may<br />
decide to 'wrap' the component in an<br />
attempt to minimise its potential impact<br />
on the system, since it is displaying<br />
increasingly less-compliant behaviour.<br />
Similarly, when there is a strong disbelief<br />
in stability, this may indicate a need<br />
SPECIAL THEME: <strong>Embedded</strong> <strong>Intelligence</strong><br />
The Trust Management Framework, as part of the middleware of the embedded<br />
component-based devices, ensures the dependability of the system, when a new<br />
component is added.<br />
to re-evaluate the component's estimated<br />
quality attributes and, as a consequence,<br />
re-evaluate its compliance.<br />
The project began in July 2005 and will<br />
run <strong>for</strong> two years. Its ef<strong>for</strong>ts are now<br />
moving from research and design<br />
towards implementation and construction<br />
of demonstrators in the domains of<br />
consumer electronics, mobile devices,<br />
and domotics.<br />
Many companies and researchers collaborate<br />
in Trust4All: CWI, Océ<br />
–Technologies, Philips Research (project<br />
coordinator), Telematica Instituut,<br />
Eindhoven University of Technology<br />
(TU/e), Univ. Leiden (the Netherlands).<br />
Nokia, Solid In<strong>for</strong>mation Technologies,<br />
VTT (Finland), ESI, FAGOR,<br />
IKERLAN-Electrónica, Robotiker, and<br />
Visual Tools (Spain).<br />
Links:<br />
http://www.research.philips.com<br />
http://www.telin.nl<br />
http://www.win.tue.nl/trust4all<br />
Please contact:<br />
Gabriele Lenzini, Telematica Instituut,<br />
The Netherlands<br />
Tel: + 31 53 4850463<br />
E-mail: Gabriele.Lenzini@telin.nl<br />
Johan Muskens, Philips Research Europe,<br />
The Netherlands<br />
Tel: + 31 40 2742491<br />
E-mail: Johan.Muskens@philips.com<br />
Picture: Telematica Instituut and Philips.<br />
<strong>ERCIM</strong> News No. 67, October 2006 49