Log in / Register
Home arrow Computer Science arrow Social Informatics
< Prev   CONTENTS   Next >

3 Background

3.1 (Hardware) Virtualization

Hardware virtualization is a technology able to execute several virtual machines (VMs) on the same physical hardware, e.g., a server. An individual operating system and any desired set of applications can be installed in a VM. As a result, virtualization is a quite popular technology today and used to cut down hardware costs in companies, or as basis for Cloud computing. [Cit12]

Besides the direct benefits of virtualization, it is often used as a security mechanism when several critical processes on the same machine need to be isolated. Instead of only relying on the operating system's ability of processes isolation, the virtualization system adds another isolation layer. This layer makes it more difficult to take control over one process after compromizing the other. However, isolation by virtualization is not impeccable. [RW10]

3.2 Attribute Based Encryption

Attribute based encryption (ABE) is a crypto system initially proposed by Sahai and Waters [SW04]. It consists of a trusted Key Generator (KG), which initially creates and owns a master key and a public key. The KG's purpose is to create private keys for other users using its master key. These private keys will include attributes of its owner, e.g., her identity, her security clearance, etc.

Besides their private key, users of an ABE crypto system possess the global public key, which allows them to encrypt data. A unique property of a specific ABE type, called cipher text policy ABE (CP-ABE) [BSW07], is that a policy is integrated into the cipher text that expresses who is able to decrypt it. Policies can include required attributes (attribute admin is set), inequalities (clearance

> 3), and even complex boolean expressions. An entity that tries to decrypt data will only succeed if the attributes of her private key conform to the specified policy. Hence, CP-ABE offers powerful, cryptography-based access control to data.

4 Approach

4.1 Abstract EMS Architecture

A high-level architecture showing the most important components of an EMS is depicted in Fig. 2. A data logger equipped with sensors measures electrical consumption. It outputs a stream of data elements, each consisting of the logger's identity, the identity of the sensor, the measurement value and a time stamp.

Next, the data stream is pre-processed and stored. The combiner enriches the data stream with additional knowledge about the monitored system. For instance, the combiner knows that sensor “a” attached to data logger “x” measures the electrical consumption in BU Dave's office. Hence, the combiner assigns the measurement value to Dave. The enriched data stream is finally stored within a data sink from where it can be accessed after authorization by the different user groups defined before.

Fig. 2. Abstract EMS Architecture

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science