Smart Devices and Software Agents: The Basics of Good Behaviour

  • Howard Chivers
  • John A. Clark
  • Susan Stepney
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2802)


In this paper, security requirements for software agents and smart devices are derived by working from typical requirements for existing systems, exploring the changes that are envisaged as systems become more highly distributed, then identifying what these imply for a device or service in a pervasive environment. A similar treatment is given to threats, which give rise to both security requirements and design issues. This approach provides insights into security requirements that will be significantly different from today’s distributed system policies: they demonstrate that pervasive computing requires a qualitative change in security policy and practice. The paper also explores trade-offs between security complexity and device functionality, and argues that the degree of policy management required in a device will be an important factor in this balance.


Smart Card Intrusion Detection Security Policy Security Requirement Software Agent 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Weiser, M.: The Computer for the 21st Century. Scientific American 265(3) (1991)Google Scholar
  2. 2.
    Foster, I., et al.: The Physiology of the Grid: An Open Grid Services Architecture for Distributed Systems Implementation. Global Grid Forum (2002),
  3. 3.
    Kreger, H.: Web Services Conceptual Architecture. IBM (2001),
  4. 4.
    US Department of Defence. Trusted Computer System Evaluation Criteria (Orange Book). DoD 5200.28-STD (1985)Google Scholar
  5. 5.
    Network Related Security Features. 3rd Generation Partnership Project, GSM 03:20 (2001)Google Scholar
  6. 6.
    Liberty Alliance. Liberty Architecture Overview (2002),
  7. 7.
    Foster, I., et al.: A Security Architecture for Computational Grids. In: Proc 5th ACMConference on Computer and Communications Security, pp. 83–92 (1998)Google Scholar
  8. 8.
    Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. In The European Union (1995)Google Scholar
  9. 9.
    Erdos, M., Cantor, S.: Shibboleth Architecture. Internet2 (2001),
  10. 10.
    Thompson, M., et al.: Certificate-Based Access Control for Widely Distributed Resources. In: Proc 8th Usenix Security Symposium, Washington, D.C (1999)Google Scholar
  11. 11.
    Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a Role-Based Trust-Management Framework. In: 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  12. 12.
    Fischer-Hübner, S., Ott, A.: From a Formal Privacy Model to its Implementation. In: Proceedings of the 21st National Information Systems Security Conference (NISSC 1998), Arlington, VA (1998)Google Scholar
  13. 13.
    Jiang, X., Landay, J.A.: Modeling Privacy Control in Context-Aware Systems. IEEE Pervasive Computing 1(3), 59–63 (2002)CrossRefGoogle Scholar
  14. 14.
    H.-W. Gellersen, A. Schmidt, M. Beigl. Multi-Sensor Context-Awareness inMobile Devices and Smart Artifacts. Journal of Mobile Networks and Applications (Special Issue on Mobility of Systems, Users, Data and Computing in Mobile Networks and Applications, MONET) (2002)Google Scholar
  15. 15.
    Pearlman, L., et al.: A Community Authorisation Service for Group Collaboration. In: Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (2002)Google Scholar
  16. 16.
    Stajano, F., Anderson, R.: The Resurrecting Duckling: Security Issues in Ad-Hoc Wireless Networks. AT&T Laborotories (1999)Google Scholar
  17. 17.
    Nwana, H.S.: Software Agents: An Overview. Knowledge Engineering Review 11(3), 205–244 (1996)CrossRefGoogle Scholar
  18. 18.
    Gunter, D., et al.: Dynamic Monitoring of High-Performance Distributed Applications. In: Proceedings of The 11th IEEE International Symposium on High Performance Distributed Computing (2002)Google Scholar
  19. 19.
    Farmer, W.M., Guttman, J.D., Swarup, V.: Security for Mobile Agents: Issues and Requirements. In: Proc. 19th NIST/NCSC National Information Systems Security Conference. pp. 591–597 (1996)Google Scholar
  20. 20.
    Karjoth, G., Posegga, J.: Mobile Agents and Telcos’ Nightmares. Annales des Telecommunications 55(7/8), 29–41 (2000)Google Scholar
  21. 21.
    Stepney, S.: Critical Critical Systems. In: Abdallah, A.E., Ryan, P.Y.A., Schneider, S. (eds.) FASec 2002. LNCS, vol. 2629, pp. 62–70. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Cybenko, G., Giani, A., Thompson, P.: Cognitive Hacking: A Battle for the Mind. IEEE Computer 35(8), 50–56 (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Howard Chivers
    • 1
  • John A. Clark
    • 1
  • Susan Stepney
    • 1
  1. 1.Department of Computer ScienceUniversity of YorkHeslingtonUK

Personalised recommendations