[ieee 2013 international conference on cloud & ubiquitous computing & emerging technologies...

Context-Aware Middleware in Cyber Physical Cloud (CAMCPC)

Swapnaja Hiray Rajesh Ingle Department of Computer engg. Department of Computer engg.

Sinhgad College of engineering, Pune Institute of Computer Technology, Pune,India Pune,India

[email protected] [email protected]

Abstract- Cyber Physical Cloud (CPC) is a ubiquitous environment with tight integration of physical & environmental parameters in computation. It is real time heterogeneous computation. In addition to cloud hypervisor and other cloud enabled technologies there is need of middleware which will easily integrate this computational algorithms in cloud environment. Mobile sensor virtualization, ‘Bigdata’ analysis and QoS are important concerns for CPC. Security is most important QoS which can be achieved with proven Role based access control. Context-aware algorithms help to achieve QoS due to pervasive nature of CPC. Role Based access control is simple security mechanism used at application level. This paper describes first concept of cyber physical cloud and context- aware middleware and then discuss Context aware Role based access Control. The novel framework with CRBAC (Context- aware Role Based Access Control) model can be used for controllability, traceability and authorized access to system resources. Our Experimentation is to give support to our thought process and can be extended for future research.

Keywords— Cyber Physical Cloud, Middleware, Security, Access Control, Sensors, Context-aware, Role based Access Control.

I. INTRODUCTION Cyber-Physical Systems (CPS) are distributed and hybrid

real-time dynamic systems with complex communication, providing real-time monitoring and actuation services. That is a paradigm of enabling ubiquitous computing to everything including physical processes and objects at large-scale. Physical information is detected by sensors in sensing layer, and then the information is sent to processing layer through transport layer. At last, processing layer processes the information and then sends appropriate decisions to physical actuators. From this perspective, many existing networks such as satellite network, mobile network, wireless sensor network, embedded systems, even the internet all fall into the concept of CPS[3]. It is different than MANET and WSN in following aspect: Network formation , Communication pattern, Power Management , Network coverage , Node mobility, Knowledge mining and QoS [6, 11].

Cyber Physical Cloud (CPC) is cloud environment in which resources are sensors and actuators, geographically, widely spread. These ubiquitous systems pose all characteristics of cloud environment, mainly scalability and elasticity. Sensor virtualization allows availability of sensor instance to various

applications from various tenants. Tight integration of cyber and physical world poses critically secure environment on CPC. Environment context in computation is main characteristics of these systems. Building up cyber physical cloud itself faces following challenges:

1. Virtualization layer for mobile sensors. 2. Handling large amount of real time geographically

distributed data (Bigdata). 3. Providing intelligence in computation for

controlling and maintaining tight integration between physical world and computation world.

II. RELATED WORK Many papers are there to explain open source VM

managers and cloud architectures. There are few sensor virtualization frameworks like IoT open source cloud. In cyber physical systems we require tight integration with the physical world hence, what we require is sensor infrastructure collecting real time data, i.e. sensor cloud. According to IntelliSys, Sensor-Cloud can be defined as follows: An infrastructure that allows truly pervasive computation using sensors as an interface between physical and cyber worlds, the data-compute clusters as the cyber backbone and the internet as the communication medium [8] .

Sensor cloud has following advantages: data analysis, scalability, collaboration, visualization, free provisioning of increased data, and dynamic provisioning of the services, multitenancy, automation, flexibility and resource optimization. Here are some applications where these sensor clouds are used, environment monitoring for emergency/disaster detection, telematics, google health, Microsoft health vault, aggregation and irrigation control, earth observation, transportation and vehicular traffic management.

The key innovations in Cyber Physical Cloud Computing (CPCC) are to have servers move in space and carry sensors and/or actuators. This means virtual vehicles have two kinds of mobility: a small-time-scale hop, we call cyber-mobility, and a larger-time-scale motion with the real vehicle called physical mobility. In the paper [12] binding and migration problem along with solution is discussed and also suggested the cyber physical cloud architecture. Again at physical layer we have sensors as well as actuators. Mainly these are embedded control system hence virtualization has two factors: programs coded in mission languages as well as time of execution on particular node. Also programs are with the

2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies

978-0-4799-2235-2/13 $26.00 © 2013 IEEE

DOI 10.1109/CUBE.2013.18

42


978-0-4799-2235-2/13 $26.00 © 2013 IEEE

DOI 10.1109/CUBE.2013.18

42


978-0-4799-2235-2/13 $31.00 © 2013 IEEE

DOI 10.1109/CUBE.2013.18

42


978-0-4799-2235-2/13 $31.00 © 2013 IEEE

DOI 10.1109/CUBE.2013.18

42

control states as per geographical locations as well as temporal parameters.

In paper [7] scheduling algorithm for assigning VV on actuators is discussed .In the same paper a very interesting concept of virtual vehicle network is introduced to handle the data in the cloud. This concept is leading to formation of event trigger overlaying networks. The main concern in the cyber physical cloud is the data. We have ‘Big data’ handling which is real time data with large amount of volume, velocity and variety. Data comes in stream. Data acquisition or information acquisition as a service is explained good in paper [7]which may be useful for CPS research and design.

As foundation of CPS, WSN observe physical systems by acquiring data and processing queries. Thus, real time preemptive query and reply processing and communication as well as energy conservation are fundamental issues in the paper. In paper [9] work is done on the real time preemptive scheduling with a focus on QoD to analyze useful energy consumption and interference energy consumption. They proposed the novel method, called energy efficiency aware quality of data (EAQD) scheme to determine the expected QoD for each query so that minimize the energy consumption in real time preemptive query scheduling. With regard to CPS how to support many applications with different quality requirements and different resources in timeliness as well as how to minimize the energy consumption are challenges today and even in the future.

From above survey we can come to conclusion that there should be one middleware which will act as the cloud manager in cooperation with Virtual manager or cloud controller for handling all these data related and infrastructure related issues [2]. Service level agreements and quality of services acquisition are main objectives of the middleware.

When we are talking about QoS context-awareness is key factor. Also the closed feedback loop in the CPC forces us to have Context- awareness or intelligence in the CPS. A survey of context aware middleware [5] mainly describes types of the contexts and main modules present in the middleware like composition, migration and adoption.

Looking at different application scenarios and the middleware used we can consider middleware architecture discussed in following papers [13], Emergency medical services access, reconfigurable conveyor belt system [11], which extended RTCORBA for CPS. We have real time cloud middleware which are using publisher /subscriber model for the implementation of the middleware. Service oriented architecture for middleware is discussed in [11].

III. ARCCHITECTURE FOR CAMCPC This section describes CPC architecture Fig 1. and role of context-aware middleware.

A. Sensor Clusters(SC1..SCn):

We have wide-spread WSN present at the physical layer (PL). These clusters of WSN are heterogeneous in nature. They differ with respect to type of sensors, technologies, communication stack and protocol suits. Virtualization of these

sensor carrying computers, devices and storage along with communication devices, is there in CPC. The main purpose of this sensor/actuator network is to have close interaction with physical world/environment. These sensors are 24×7 sending data for computation to cloud.

Fig1. Conceptual CPC

B. Cloud controller/virtual machine manager(CC): Usually in any wireless sensor network, deployment of sensors is main concern. In CPC instead of sensors deployment, sensors as service and it's provisioning is main concern. Applications running on the CPC will get server instances like normal cloud client, but these servers are carrying sensors and actuators and moving in space. These server images are mobile. This mobility adds complexity in server consolidation and resource provisioning. Middleware is working with any normal hypervisor like, XEN. It is supportive to VM for functionalities like domain handling, I/O handling and resource isolation. In resource isolation, along with spatial isolation, temporal isolation is also important. Binding and migration of these smart devices /sensors and actuators is challenging in CPC .Construction of ad-hoc or overlaying network will depend upon context parameters related to application, as well QoS like security and latency will be common for all domain[10]. C. Context- aware middleware(CAM):

In CPC, context aware computation allows dynamic adaption of services depending upon the environmental parameters and user profiles. Generally these services are some control signals triggering actuators. This context-aware computation allows integration of external events into computation.

Consider hospital information system. We have Electronic health records stored in information system. We have remotely deployed body sensors at patient’s site and receiving real time body parameters such as temperature, heart beats, blood pressure etc. Depending upon theses readings and health record particular doctor can give instructions to nurse or patient himself to handle emergency conditions. Complete patient history or record cannot be available to all stakeholders. Availability of records or sensor readings will depend on category of stakeholder, environmental parameters and role of doctors and services demanded by application.

RR ………………… PL

Application Layer

CC

CAM

SC1 SCn

43434343

Aggregation of different events recognized by sensors will give rise to complex event (situation) and on this control action will be dependent. To get this context from sensor and glue it with user requirement and QoS, context-aware middleware is necessary.

The main characteristics of CPC middleware will be decided on following: Environment, Data storage, Reflections and adaption. Context often implies a situation which affects a system which is external to the system (external context) or internal to system (internal context) .CPC is metamorphic form of sensor cloud. Sensor cloud uses MOM. It uses publish/subscribe design pattern, which forms the distributed system. Publish/Subscribe systems allow many to many communication services hence it will give us high scalability. Communication taking place is through 'events'. The middleware in CPC is event based middleware. Tight integration of physical parameters in computation suggests context-awareness for applications in CPC. It can be characterized as pervasive systems. Context awareness is main concern for pervasive systems. Changes in the user's location and activity should be noted and tailored in application for service provisioning.

Modeling any context aware system [7] includes following activities: 1) Context creation and composition 2) context aware adaption 3) Environment modelling 4) Context representation.

Fig 2 shows interaction of context-aware middleware with cloud based application.

Fig2. CAM interaction with application

Cloud portal enables user to invoke the cloud service. Cloud computing service interface(CCSI) is entrance for the service. This layer also allows access to back-end mobile WSN. The service may require any no. of resources and can change during life time of service. Context broker and context manager are main middleware components which are aware of situation in physical and virtual and user environment, and do the service adoptions and generation of control messages accordingly. This context is collected from actual physical sensor clusters from environment and user (application) profiles and network condition [10].

Context broker will get complex inferred, sensed context and with the help of rules, present at context repository, mapping of service ID takes place. New learned rules and ontology will be updated with the help of context manager to context repository. Context-aware layer in the middleware have following components: 1. Pre-processing 2.Context analyzer 3.Context provider 4.Repository 5.Machine learning algorithms[13]. Fig 3 Explains context-aware layer in CPC. Context pre-processing is conversion of stream data in to the standard format. Context analyzer will classify the data and assign to corresponding module. Context analyser will also get rules and models to analyze/correlate real time data. It will have inference engine to understand situation. Context provider will get correct ID and mapping to particular service and directing that to broker. Context repository has following modules: 1) Rules 2) Ontology 3) Metadata 4) Resource context and 5) Service context.

Fig3. Context-aware layer

With above architecture CAM has following functionalities

1) Intelligent data analysis: Here we will have two modules Data conditioning and filtering. Data coming from the sensor is Bigdata with terabyte volume, velocity and variety. It will be pre-processed through data conditioning models for quality such as reliability, noise free. Basically measured data from various sensors is transferred from context convertor to context analyser. Context repository stores context rules, information and resources. As context analyzer has complex event processing with inference engine, depending upon rules present in the repository context ID will be created and analysis is done on the sensor data. 2) Virtual network formation and resource allocation: The virtualization layer performs three layer scheduling and allocation. Real world access layer, virtualized overlay network, and service virtualization layer. Semantic overlay will provide semantic network formation by maintaining ontology and will be dependent on the environment context

Context Pre-

processing

Context Analyzer

Context Provider Broker

Learning Model

Repository WSN Virtual

Sensors CCSI Cloud

Portal

Context Broker

Context manager

44444444

and rules present in the context repository. We are targeting mainly security at various layers. The main innovation here is role based access control. Sensor network security is very important parameter and concern in the cyber physical cloud. Depending upon user profile and environment parameters sensors are forming overlay network. Now again depending upon user profile access to data will be given from virtual sensor network. 3) QoS maintenance (Role based security): This is most important function of context aware middleware. Latency, SLA maintenance, Load balancing, response time these are various QoS parameters we are working with, in cloud based applications. Cloud security is handled on two levels at data base level as well at resource levels. Identity management and access control is important solution towards this. In sensor cloud, access to sensors is generally main cause for fraud data. Hence Identity based access to virtual sensors is one of the important advantage in context aware CPC. D. Application layer (AL): Mainly Cyber physical systems are real time, embedded, control systems. Data as a service or information as a service are the main cloud delivery model for these type of systems. Many controlling applications can be there at application layer. Disaster management, intelligent traffic control, Emergency health services, Robotic control networks are few examples. Mainly all these applications relay for information collection from remote sites on cloud. Web services running at application layer will be collecting data from various geographically separated sites and performing operations on this data to do control actions.

IV. CONTEXT- AWARE ACCESS CONTROL IN CYBER PHYSICAL CLOUD

‘Bigdata’ security and access control is main concern in the cloud environment. Context-aware role based access control is novel approach which will take end to end security. Security is handled in two levels, at virtualization and at data base level. Generalized role based access control define environmental role to access private data and resource or sensor in CPC. Environmental parameters such as location, time influence to role activation..

A. Context -aware access control schema: In dental healthcare, application must support hundreds of user roles and access controls and permissions. Following section will define our implementation and context-aware access control schema[1][8]. Data Object: Smallest unit accessed in application& can be tables, images, records, videos, access list etc.[11]. Data Type: Prescriptions, X rays, Pathology reports, History, roles. It is group of objects with same attribute. Data Set: Set of all objects in an application, here we have dental patient records, X rays, Location, roles etc.

User Set :Admin, Dental Hospital Doctor, Dental Hospital Staff, Patient, Managing Body, General Hospital Doctor, X-ray Technician, Pathology Technician. Definition 1(Context Type (CT)): The defined properties such as time, location, temperature, O2 level, liquid level etc.,. Every application will have their own context set such as:

CS={CT1,CT2,CT3,……..CTn},1≤ i≤n Depending upon application’s security requirement different context types are defined for access control. Now there will be complex scenario which will be aggregation of this different context and trigger the ‘roles ‘in role based access control. Context Implementation (CI). This is a function which will take N inputs; these are context types and return an object of type CT.

CI: CT1×CT2×……..×CTn→CT, n≥0.

Defination2 (Context constraint): It is a regular expression based on which security requirement will be satisfied. Context constraint:= clause1˅clause2˅……clause(n) Clause:= condition1∩condition2∩……condition(n) Condition: = <CT>, <OP>, <Value>, where CT=Context Type, OP=logical operator, Value = specific context value. Take a scenario where we want to have a particular sensor reading, for example sugar level from particular ward’s patient. According to sensor reading insulin dose will get adjusted. Access to insulin pump will be restricted by particular physician only, hence authentication is done for physician, as dosage adjustment decision she will take. I will be dependent on particular time slot and on the location of physician. Physician should be in the hospital campus and timing for injection is mentioned in prescription. Context Set CS={Time, Location, Glaycometer reading, Authentication level,Role} Context Constraint := (Time≥08.00∩Time≤9.00∩Location in Orthoward ∩ Glycometer reading ≥ 120∩Authentication Level≥T(PSW))˅(Role==(Physician)). Definition3 (Authorization Policy): We define authorization policy as triplet (S,P,C) where: S=Subject.P=Access permission set <M,O>, M is operation mode like append ,delete ,read or any control access like ON ,OFF etc., O is Data Object.(It can be a actuator, in implementation scenario it is patient dental record ) and C is context constraint (Refer above example). Defination4 (Sensor/Data) access(DA) : We define data access as a Triple DA=(U,P,RC) where: U:User who will get this access right. P: Permission user wants. RC: Set of run time values of every context type will have in context set. A data access is granted if there exist an authorization policy

45454545

AP(S,P ,́C) Where for user P=P´, and C evaluates to Run time Context RC.

B. Access Control Algorithm From above Mathematical model /Schema we can design an algorithm to access permission[16] Request permission Algorithm Initialize candidate policy set SP For every authorization policy AP(S,P,C) in app If ( User U ∈ Subject S in ‘AP’) && ( Permission for record access P is permission in policy) Put policy in candidate set ‘SP’ End For every AP in PS If ( function evaluate context ( C in AP)== True) Accept permission. End Else reject.

V. EXPERIMENTATION DETAILS We have tried to implement this concept on EC2 cloud with

.NET and C#. We have dental patient records and depending upon user profile we are getting access to part of record. Audit logs are maintained. Secondly we put the hard coded context file and then retrieve records. Though the number of users, records, lab results, X-rays increased, the response time of the system is good. Following flowchart is implemented in C# for role based access. It is mandatory access control. But work can be extended for sensor data and calculation of complex context.

Fig 4. Role based policy

X-Ray Technician

Login

Valid?

Select the X -ray to be taken from queue

Take and store X -ray

Queue updated

Report to Admin

More requests?

Stop

Y

N

N

Y

Fig 5. Role based record selection

Fig4 and Fig5 give idea how access control is carried out with role based permissions. We have implemented one web service which will take user profile and according to that as per above flowchart, will give access to various records.

VII. RESULTS AND DISCUSSIONS

We have put up two important concepts with this paper, hence conclusion can be twofold: i) Cyber physical cloud systems are feasible and total Quality of services for this type of systems can be improved by adding environmental context- awareness at the distributed middleware. ii) We have demonstrated use of context- aware computation by conceptually modifying traditional RBAC. With this, Cyber physical cloud will get following benefits: A. Fine control of data and resource access: By integrating role based algorithms in the context-aware middleware we can achieve two level securities at the Data level as well at the resource level, as formation of the overlaying network depend on the context, which is part of middleware. Hence filter design or classification schemes; it may depend upon this RBAC algorithm. And as data coming is Big data part of the data can be accessed via this algorithm. B. Active auditing scheme: This is most advantageous part of the total architecture. Here middleware can act as proxy with two interfaces. These interfaces will act between access layer and resource management layer. One of the interfaces will be receiving response context, SQL request and middleware function to trigger report generation for illegal operations. Logs will be created and stored .This will be used for future analysis and again and can be used in learn model.

Role base policy

Create Users

Create Permissions

Create roles & Operations

Role Mapping to users

Stop

46464646

C. Prevention of security: Some important attacks like Denial of service ,Man in the middle attack, Intrusions can be avoided with the help of this context- aware role based and Active auditing scheme .Also prediction algorithms can be build up and Intelligent intrusion detection system can be build up with this CAM. D. Data confidentiality and integrity: With certain cryptographic algorithms and techniques like threshold cryptography can be used to get one step ahead security for sensitive resources and data. E. Performance analysis of proposed scheme and algorithm: From prototype implemented we have calculated the time complexity Algorithm required following steps: Access request generation, policy matching, verification subject to policy, calculating verification token and access generation response. Policy matching algorithms has complexity O (N). Verification Complexity will depend upon no. of context variables. Other operations complexity is O (1). Auditing scheme is also very negligible overhead.

VIII. CONCLUSION AND FUTURE RESEARCH

Cyber physical Cloud, IoT these architectures are directly interacting with physical world. Decision making system is important part in this ubiquitous system. Heterogeneity, scalability, auto provisioning these important characteristics of cloud environment is accompanied with security, energy consumptions and memory usage in CPC. Sensor network at backend and interaction with physical world put some extra concerns in CPC. Environmental context- awareness in computation will help us to improve total QoS in the system. In this paper first we discussed Context-aware middleware architecture in Cyber physical cloud .Secondly we have introduced Novel access control scheme (Context-aware Role based Access) which will enhance total security of the CPC application with minimum algorithmic complexity . We proposed the basic architecture. Enhancement on various parameters like Load balancing ,Migration and cloning decisions, Cryptographic algorithms like threshold cryptography for enhanced security can be used and possible. Use of social network and relationship based access control can give better results. Our next research will be in Big data analysis for CPC. Context- aware ‘Big data’ analysis can improve reliability and fault tolerance of Cyber Physical Cloud.

ACKNOWLEDGMENT I gratefully acknowledge to my research student Mrs. Gauri Bhange for helping me in carrying the experimentation. I also like to thanks Prof.P.R.Futane, HOD, Department of Computer Engg. SCOE for allowing to carry this work in department.

REFERENCES [1] Chris Wullems, Mark Looi and Andrew Clark, Information

Security Research Centre,Queensland University of Technology, Brisbane, QLD 4000, Australia,” Towards Context-aware Security: An Authorization Architecture for Intranet Environments”, Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications

Workshops (PERCOMW’04)0-7695-2106-1/04 $ 20.00 © 2004 IEEE

[2] Rajesh Ingle, G. Sivakumar ,Department of Computer Science and Engineering Indian Institute of Technology Bombay, Mumbai, India, “TGKAM: Adaptive Middleware Architecture for Secure Group Communication”, 2009 Sixth International Conference on Information Technology: New Generations.

[3] Qaisar Shafi School of Electrical Engineering & Computer Science,National University of Sciences and Technology (NU ST), Islamabad, Pakistan,” Cyber Physical Systems Security: A Brief Survey”,2012 12th International Conference on Computational Science and Its Applications.

[4] Junzhe Hu and Alfred C. Weaver Department of Computer Science University of Virginia Charlottesville, VA 22904,”A Dynamic, Context-Aware Security Infrastructure for Distributed Healthcare Applications”

[5] Hung Quoc Ngo, Anjum Shehzad, Kim Anh Pham Ngoc, S. Y. Lee, Manwoo Jeon Real Time & Multimedia Lab, Kyung Hee University, Korea.” Research Issues in the Development of Context-aware Middleware Architectures”

[6] Wm. Arthur ConklinCenter for Information Security Research and EducationUniversity of Houston,” Security in Cyber-Physical Systems”

[7] Silviu S. Craciunas, Andreas Haas Christoph, M. Kirsch, Hannes Payer, Harald R¨ock, Andreas Rottmann, Ana Sokolova, Rainer Trummer, Department of Computer SciencesbUniversity of Salzburg,Austria Joshua Love, Raja Sengupta Center for Collaborative Control of Unmanned Vehicles University of California, Berkeley,” Information-Acquisition-as-a-Service for Cyber-Physical Cloud Computing”

[8] Atif Alamri, Wasai Shadab Ansari, Mohammad Mehedi Hassan,M. Shamim Hossain, Abdulhameed Alelaiwi, and M. Anwar Hossain College of Computer and Information Sciences, King Saud University, P.O. Box 51178, Riyadh 11543, Saudi Arabia “A Survey on Sensor-Cloud: Architecture,Applications, and Approaches” Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume2013,ArticleID917923,pageshttp://dx.doi.org/10.1155/2013/917923

[9] Luong Thi Thu Phuong, Nguyen Trung Hieu, Jin Wang, Sungyoung Lee, and Young-Koo Lee Department of Computer Engineering, Kyung Hee University Suwon, Korea” Energy Efficiency based on Quality of Data for Cyber Physical Systems” 2011 IEEE International Conferences on Internet of Things, and Cyber, Physical and Social Computing.

[10] Ramadan Abdunabi and Indrajit Ray Colorado State University Computer Science Department” Extensions to the Role Based Access Control Model for Newer Computing Paradigms”

[11] Jianhua Shi Jiafu Wan* Hehua Yan, Hui Suo School of Physics and Electronics Science School of Computer Science and Engineering College of Electrical Engineering Shanxi Datong University South China University of Technology Guangdong Jidian Polytechnic Datong, China Guangzhou, China Guangzhou, China “A Survey of Cyber-Physical Systems” In Proc. of the Int. Conf. on Wireless Communications and Signal Processing, Nanjing, China, November 9-11, 2011

[12] Kirsch, C._, Pereira, E.y, Sengupta, R.y, Chen, H.z, Hansen, R.y, Huan, J.y, Landolt, F._,Lippautz, M._, Rottmann, A._, Swick, R.y, Trummer, R._ and Vizzini, D.y_Department of Computer Sciences, University of Salzburg” Cyber-Physical Cloud Computing:The Binding and Migration Problem”

[13] Doan B. Hoang Advance Research in Networking LaboratoryiNEXT-Centre for Innovation in IT Services and Applications University of Technology, Sydney Broadway NSW 2007 Australia Lingfeng Chen Advance Research in Networking LaboratoryiNEXT-Centre for Innovation in IT Services and Applications University of Technology, Sydney Broadway NSW 2007 Australia” Mobile Cloud for Assistive Healthcare (MoCAsH)” 2010 IEEE Asia-Pacific Services Computing Conference.

47474747

[ieee 2013 international conference on cloud & ubiquitous computing & emerging technologies...

Documents