Chapter 1 Introduction : The SERENITY vision

In this chapter we present an overview of the SERENITY approach. We describe the SERENITY model of secure and dependable applications and show how it addresses the challenge of developing, integrating and dynamically maintaining security and dependability mechanisms in open, dynamic, distributed and heterogeneous computing systems and in particular Ambient Intelligence scenarios. We describe the basic concepts used in the approach and introduce the different processes supported by SERENITY, along with the tools provided. 1.1 A new model of secure and dependable computational ecosystems Traditionally, Security and Dependability (S&D) Engineers have been faced with complex but static and predictable systems. Existing tools for creation and analysis of S&D solutions are designed for predictable systems, but the emergence of computing paradigms that exhibit high degrees of distribution, heterogeneity and dynamism means that systems are not predictable anymore. In fact, because of the high degree of heterogeneity and the coexistence of many different devices, appliAntonio Maña University of Malaga, Campus de Teatinos. 29071 Málaga, Spain, e-mail: [email protected] George Spanoudakis City University, Northampton Square, London, EC1V 0HB, UK, e-mail: [email protected] Spyros Kokolakis University of the Aegean, Karlovassi GR-83200, Greece, email: [email protected] 2 Antonio Maña, George Spanoudakis and Spyros Kokolakis cations and users that interact and collaborate in order to achieve their goals, the term computing ecosystem is starting to be common when referring to the systems in these new paradigms. One especially relevant example of these new paradigms is Ambient Intelligence. Defined by the EC Information Society Technologies Advisory Group (ISTAG), in the vision of Ambient Intelligence people will be surrounded by ubiquitous computers with intelligent and intuitive interfaces embedded in everyday objects around them, making the physical environments adapt and respond to users’ needs in an invisible way in order to provide anytime/anywhere access to information and services. The most relevant features inherent to the realization of this vision are the increasing decentralization, high heterogeneity (of devices, applications, user needs, capabilities, etc.), dynamism, unpredictability, lack of predefined trust relations and context awareness. In fact, because of the high degree of heterogeneity and the coexistence of many different devices, applications and users that interact and collaborate in order to achieve their goals these systems have been defined as AmI ecosystems. Due to the high heterogeneity, dynamism and lack of a central control of these ecosystems, it is not possible, even for the most experienced and skilled security engineers, to foresee all possible situations that may arise during the life of the applications in order to create solutions that can be used in these circumstances. Moreover, due to the highly distributed nature of these ecosystems, applications will no longer belong to or be under the control of a single entity, which would force the software engineers to deal with incomplete system descriptions. Therefore, not only devices but also applications must be ready to participate in dynamic collaborations with heterogeneous (in terms of capabilities, functional goals, security and dependability needs, etc.) and non-trusted external elements. The main consequence of these characteristics is that the provision of S&D in the new computing ecosystems introduces the need for the dynamic application of the expertise of S&D engineers in order to automatically react to unpredictable and ever-changing contexts. This approach takes advantage of recent developments in technologies regarding security engineering, run-time monitoring, semantic description and self-configuration. In the research towards materialising this approach done in the SERENITY project, the concepts of S&D Patterns and Integration Schemes have proven to be very effective as tools to capture this expertise. While S&D Patterns represent independent security mechanisms, Integration Schemes represent solutions for complex S&D requirements achieved by the combination of various S&D mechanisms. One additional aspect is that the overall security of a system not only depends on the security mechanisms used within the boundaries of a system but also on a variety of external factors including social context and human behaviour, IT environments, and even protection of the physical environment of systems (e.g. buildings). The actual source of security and dependability requirements lies in the real world. Consequently, SERENITY aims at providing solutions to capture these re-