With the prevalence of mobile computing devices such as smart phones, and the increasing availability of pervasive services through infrastructures such as Clouds, ubiquitous computing (Ubicomp) is now a reality for many people. This reality is generating opportunities for people to interact socially in new and richer ways, and to work more effectively in a variety of new environments. More generally, Ubicomp infrastructures – controlled by software – are set to determine users’ access to critical services, such as water and power.
With these opportunities come higher risks of misuse of technology by legitimate users or malicious agents. Therefore, the role and design of software for managing use and protecting against misuse are increasingly critical, and the engineering of software that is both functionally effective while safe guarding user assets from harm is a key challenge.
The research supported by this RS-Merit Award aims to radically change how we approach software engineering for Ubicomp, in ways that are cognisant of the constantly changing needs of users, of the changing threats to user assets, and of the changing relationships between them. Three years into the award's 5 years, we have developed ways to adapt security and privacy of systems, in response to a range of changing factors in the environment in which these systems operate.
In our privacy work, we have developed an approach called "adaptive sharing" that advises users of online social networks on the "best" group of recipients of their online postings, adding or removing potential recipients depending on the result of a trade off between privacy risk and social benefit gained from sharing.
In our security work, we have been developing an "adaptive security" approach that changes the security controls that a system provides (e.g. locking or opening doors), depending on where the assets are located, who is trying to access them, who is nearby, and similar kinds of "topological" factors.