Secure data flow in networks and in the Internet of things

网络和物联网中的安全数据流

• 批准号: RGPIN-2019-06394
• 负责人: Logrippo, Luigi
• 金额: $ 1.68万
• 依托单位: Québec en Outaouais
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2020
• 资助国家: 加拿大
• 起止时间: 2020-01-01 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=716055
• 关键词: Secure; data; flow; networks; Internet

Organizations and data networks, such as those found in the Cloud and the Internet of Things, often have complex and evolving data flow paths, which may be important to control, for secrecy (also called confidentiality) and privacy. Supposing that certain entities contain some data, and are connected in certain ways to other entities by communication channels, where can the data end up? Given certain restricted data, what are the entities to which they are privy? How can we configure communication channels so that only desired data flows are possible? How can data flows be controlled, by the owners of the data or by security administrators in the organizations, according to requirements, such as network or organizational policies? How can we deal with the continuous updates and transformations of the data flow structure, as well as changing requirements? The applicant has recently identified new principles for data flow security. These principles make it possible to answer, theoretically and practically, and by using efficient algorithms, important questions such as: a) given an existing data communication channel structure in a network, what are the most appropriate areas in the network where secret data should be placed; b) given certain secrecy requirements, how to configure channel structures capable of enforcing the requirements. This configuration leads to Multilevel models which are generalizations of the traditional ones, but which are more flexible and can be proved to be necessary and sufficient to guarantee data secrecy. What has been done is only a beginning, because very flexible and dynamic solutions are needed, namely for the Internet of Things or the Cloud. Many types of environments exist, and each environment has its particular secrecy needs: hospital networks, home networks, e-commerce networks, industrial networks, intelligent environments etc. Beyond this, today's data networks are worldwide, and characterized by rapid mutability. Some mutations can be inconsequential, others will need various degrees of security assurance. Developing these ideas is a main goals of this research project. As an application of these results we are planning to show how to use the principles that we are developing in the field of data secrecy for legal applications, namely smart contracts in the IoT. Blockchain implements data authentication, but not data flow constraints. We plan to show how to assure desired data flow properties in smart contracts. This research will be important for developers of IoT systems, as well as for developers of software tools to help them. The research outcomes will be principles and prototype tools to help such specialists in their work. This research is important to Canada, since our country is positioning itself as a provider of Internet services, in areas such as e-commerce, medical systems, transportation systems, etc.

组织和数据网络，例如在云和物联网中发现的那些，通常具有复杂且不断发展的数据流路径，这对于控制保密性（也称为机密性）和隐私可能是重要的。 假设某些实体包含一些数据，并且通过通信信道以某些方式连接到其他实体，数据最终会在哪里？鉴于某些受限制的数据，他们所知道的实体是什么？我们如何配置通信通道，以便只允许所需的数据流？数据所有者或组织中的安全管理员如何根据要求（如网络或组织策略）控制数据流？我们如何处理数据流结构的不断更新和转换以及不断变化的需求？申请人最近确定了数据流安全的新原则。这些原理使得有可能在理论上和实践中通过使用有效的算法来回答重要的问题，例如：a）给定网络中现有的数据通信信道结构，网络中应该放置秘密数据的最合适的区域是什么; B）给定某些保密要求，如何配置能够实施这些要求的信道结构。这种配置导致了多级模型，这些模型是传统模型的推广，但更灵活，并且可以证明是必要的和足够的，以保证数据的保密性。 所做的只是一个开始，因为需要非常灵活和动态的解决方案，即物联网或云。存在许多类型的环境，每个环境都有其特定的保密需求：医院网络，家庭网络，电子商务网络，工业网络，智能环境等。有些变化可能是无关紧要的，其他的则需要不同程度的安全保证。发展这些想法是本研究项目的主要目标。 作为这些结果的应用，我们计划展示如何将我们在数据保密领域开发的原则用于法律的应用，即物联网中的智能合约。区块链实现了数据认证，但没有数据流约束。我们计划展示如何确保智能合约中所需的数据流属性。 这项研究对于物联网系统的开发人员以及软件工具的开发人员来说都很重要。研究成果将成为帮助这些专家开展工作的原则和原型工具。这项研究对加拿大很重要，因为我国将自己定位为电子商务、医疗系统、运输系统等领域的互联网服务提供者。