Zhaoyu Liu :: Selected Research Projects

Click here for selected publications
Return to the research page.
Return to the home page.

Agent-based trust management for pervasive environments

For pervasive computing systems, how to trust mobile clients such as devices, users and applications is a great challenge. This project is trying to provide an answer to this question by introducing an agent-based automated trust negotiation framework. In this framework, a client downloads the trust negotiation strategies from the system for the specific resources and uses the downloaded strategies to negotiate the trust of the system to access the resources. By using the mobile agents, Security Capsules, to encode the definition and interpretation of the trust negotiation strategies, the negotiation strategies can be distributed and loaded dynamically and transparently. The configurability and transparency of the Security Capsules make this framework more flexible, adaptive and dynamic for trust negotiation between various clients and systems of pervasive environments.

Security for pervasive computing

Pervasive applications should be able to select the proper security services based on the hardware and environments, without concerns about the implementation and configuration details. However, most existing security systems, which are not built for the light, thin devices of pervasive computing environments, cannot provide quality of protection to applications. The proposed research will explore a capsule-based security system to support flexible quality of protection in pervasive environments. We will develop a model of security as services that centers on people, instead on devices, for improving the usability of security. A testbed will be designed and implemented to evaluate and demonstrate the proposed security system.

Dynamic trust model for mobile ad hoc networks

This project plans to build a trust model for mobile ad hoc networks. In our model, each node is initially assigned a trust level. Then we use several approaches to dynamically update trust levels by using reports from threat detection tools, such as Intrusion Detection Systems (IDSs), located on all nodes in the network. The nodes neighboring to a node exhibiting suspicious behavior initiate trust reports. These trust reports are propagated through the network using one of our proposed methods. A source node can use the trust levels it establishes for other nodes to evaluate the security of routes to destination nodes. Using these trust levels as a guide, the source node can then select a route that meets the security requirements of the message to be transmitted. This project demonstrates important concepts for establishing a collaborative, dynamic trust model and for using this model as an example to enhance the security of message routing in mobile ad hoc networks.

Security and survivability for mobile ad hoc networks

The nature of mobile ad hoc networks creates an environment susceptible to various forms of attack and unreliability, in particular, scenarios which disrupt network communication. Traditional security measures place emphasis on the reliability of routing information, trust models and malicious node identification to ensure robust communication. Historically, the effectiveness of many of these measures has been limited to the integrity of the information shared between nodes. In this project, we propose a robust routing methodology using Smart Agents generated by nodes in mobile ad hoc networks. Our approach provides nodes with the ability to independently identify non-collaborating regions within their local network. This information is factored into calculations performed by agents for identifying robust and direct routes to nodes of interest. The routing path is created without requiring any prior knowledge of the network's topology and eliminates the need for nodes to maintain a routing cache or incorporate trust management for routing purposes. By utilizing the self-routing, recovery and management capabilities of smart agents, and our proposed agent-based routing algorithm, we are capable of attaining robust communication in highly unreliable, non-collaborating environments while minimizing broadband communication overhead.

Dynamic and flexible security for wireless devices

Existing security systems tend to be static and it is very difficult to change the security policies and mechanisms once the systems are installed. With systems that support wireless computing devices, the fundamental problem is to provide security that is expressive and flexible enough to satisfy the specific needs of diverse applications.

During the prior research on dynamic and flexible security for emerging applications, we developed an agent-based security architecture that is based on and built into the underlying dynamic digital infrastructure. The agents, which are innovative Active Capabilities (ACs), are signed mobile code fragments that are used to specify security policies and mechanisms. The security architecture is able to 1) support various policies and mechanisms, 2) add, replace or revoke policies and mechanisms, 3) allow applications to specify the kind of security guarantees they want from the system, on the fly, 4) dynamically enforce these customized policies and mechanisms, and 5) restrict the use of policy to applications and systems that need to know the policy.

In this project we will identify the security issues in wireless computing environment, develop an initial conceptual security framework based on our prior agent-based security architecture, and present the preliminary experimental results.

Click here for selected publications
Return to the research page.
Return to the home page.