Big ideas paper: Policy-driven middleware for a legally-compliant Internet of Things
View / Open Files
Publication Date
2016-11-28Journal Title
Middleware '16 Proceedings of the 17th International Middleware Conference
Publisher
Association for Computing Machinery
Number
13
Language
English
Type
Article
This Version
AM
Metadata
Show full item recordCitation
Singh, J., Pasquier, T., Bacon, J., Powles, J., Diaconu, R., & Eyers, D. (2016). Big ideas paper: Policy-driven middleware for a legally-compliant Internet of Things. Middleware '16 Proceedings of the 17th International Middleware Conference, (13)https://doi.org/10.1145/2988336.2988349
Abstract
Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT to develop lawfully, there must be technical mechanisms that allow the enforcement of specified policy, such that systems align with legal realities. The audit of policy enforcement must assist the apportionment of liability, demonstrate compliance with regulation, and indicate whether policy correctly captures legal responsibilities. As both systems and obligations evolve dynamically, this cycle must be continuously maintained.
This poses a huge challenge given the global scale of the IoT vision. The IoT entails dynamically creating new services through managed and flexible data exchange. Data management is complex in this dynamic environment, given the need to both control and share information, often across federated domains of administration.
We see middleware playing a key role in managing the IoT. Our vision is for a middleware-enforced, unified policy model that applies end-to-end, throughout the IoT. This is because policy cannot be bound to things, applications, or administrative domains, since functionality is the result of composition, with dynamically formed chains of data flows.
We have investigated the use of Information Flow Control (IFC) to manage and audit data flows in cloud computing; a domain where trust can be well-founded, regulations are more mature and associated responsibilities clearer. We feel that IFC has great potential in the broader IoT context. However, the sheer scale and the dynamic, federated nature of the IoT pose a number of significant research challenges.
Keywords
law, regulation, policy specification and enforcement, audit
Sponsorship
Engineering and Physical Sciences Research Council (Grant ID: EP/K011510 CloudSafetyNet: End-to-End Application Security in the Cloud), Microsoft (through the Microsoft Cloud Computing Research Centre)
Funder references
EPSRC (EP/K011510/1)
Identifiers
External DOI: https://doi.org/10.1145/2988336.2988349
This record's URL: https://www.repository.cam.ac.uk/handle/1810/260681
Rights
Licence:
http://www.rioxx.net/licenses/all-rights-reserved