Policy-Driven Middleware for a Legally-Compliant Internet of Things

Jatinder Singh, Thomas Pasquier, Jean Bacon, Julia Powles, Raluca Diaconu, David Eyers

Research output: Chapter in Book/Conference paperConference paper

12 Citations (Scopus)

Abstract

Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT to develop lawfully, there must be technical mechanisms that allow the enforcement of specified policy, such that systems align with legal realities. The audit of policy enforcement must assist the apportionment of liability, demonstrate compliance with regulation, and indicate whether policy correctly captures legal responsibilities. As both systems and obligations evolve dynamically, this cycle must be continuously maintained.

This poses a huge challenge given the global scale of the IoT vision. The IoT entails dynamically creating new services through managed and flexible data exchange. Data management is complex in this dynamic environment, given the need to both control and share information, often across federated domains of administration.
We see middleware playing a key role in managing the IoT. Our vision is for a middleware-enforced, unified policy model that applies end-to-end, throughout the IoT. This is because policy cannot be bound to things, applications, or administrative domains, since functionality is the result of composition, with dynamically formed chains of data flows.

We have investigated the use of Information Flow Control (IFC) to manage and audit data flows in cloud computing; a domain where trust can be well-founded, regulations are more mature and associated responsibilities clearer. We feel that IFC has great potential in the broader IoT context. However, the sheer scale and the dynamic, federated nature of the IoT pose a number of significant research challenges.
Original languageEnglish
Title of host publicationMiddleware '16
Subtitle of host publicationProceedings of the 17th International Middleware Conference
Place of PublicationTrento, Italy
PublisherAssociation for Computing Machinery (ACM)
ISBN (Print)9781450343008
DOIs
Publication statusPublished - 28 Nov 2016
Externally publishedYes
EventACM/IFIP/USENIX Middleware 2016 - Universita di Trento, Trento, Italy
Duration: 12 Dec 201616 Dec 2016
Conference number: 17
http://2016.middleware-conference.org/

Conference

ConferenceACM/IFIP/USENIX Middleware 2016
CountryItaly
CityTrento
Period12/12/1616/12/16
Internet address

Fingerprint

Middleware
Flow control
Internet of things
Electronic data interchange
Cloud computing
Information management
Chemical analysis

Cite this

Singh, J., Pasquier, T., Bacon, J., Powles, J., Diaconu, R., & Eyers, D. (2016). Policy-Driven Middleware for a Legally-Compliant Internet of Things. In Middleware '16 : Proceedings of the 17th International Middleware Conference [13] Trento, Italy: Association for Computing Machinery (ACM). https://doi.org/10.1145/2988336.2988349
Singh, Jatinder ; Pasquier, Thomas ; Bacon, Jean ; Powles, Julia ; Diaconu, Raluca ; Eyers, David. / Policy-Driven Middleware for a Legally-Compliant Internet of Things. Middleware '16 : Proceedings of the 17th International Middleware Conference. Trento, Italy : Association for Computing Machinery (ACM), 2016.
@inproceedings{c34a7ea938044c20ab3b0a5850acbb72,
title = "Policy-Driven Middleware for a Legally-Compliant Internet of Things",
abstract = "Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT to develop lawfully, there must be technical mechanisms that allow the enforcement of specified policy, such that systems align with legal realities. The audit of policy enforcement must assist the apportionment of liability, demonstrate compliance with regulation, and indicate whether policy correctly captures legal responsibilities. As both systems and obligations evolve dynamically, this cycle must be continuously maintained.This poses a huge challenge given the global scale of the IoT vision. The IoT entails dynamically creating new services through managed and flexible data exchange. Data management is complex in this dynamic environment, given the need to both control and share information, often across federated domains of administration.We see middleware playing a key role in managing the IoT. Our vision is for a middleware-enforced, unified policy model that applies end-to-end, throughout the IoT. This is because policy cannot be bound to things, applications, or administrative domains, since functionality is the result of composition, with dynamically formed chains of data flows.We have investigated the use of Information Flow Control (IFC) to manage and audit data flows in cloud computing; a domain where trust can be well-founded, regulations are more mature and associated responsibilities clearer. We feel that IFC has great potential in the broader IoT context. However, the sheer scale and the dynamic, federated nature of the IoT pose a number of significant research challenges.",
keywords = "law, regulation, policy specification and enforcement, audit",
author = "Jatinder Singh and Thomas Pasquier and Jean Bacon and Julia Powles and Raluca Diaconu and David Eyers",
year = "2016",
month = "11",
day = "28",
doi = "10.1145/2988336.2988349",
language = "English",
isbn = "9781450343008",
booktitle = "Middleware '16",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

Singh, J, Pasquier, T, Bacon, J, Powles, J, Diaconu, R & Eyers, D 2016, Policy-Driven Middleware for a Legally-Compliant Internet of Things. in Middleware '16 : Proceedings of the 17th International Middleware Conference., 13, Association for Computing Machinery (ACM), Trento, Italy, ACM/IFIP/USENIX Middleware 2016, Trento, Italy, 12/12/16. https://doi.org/10.1145/2988336.2988349

Policy-Driven Middleware for a Legally-Compliant Internet of Things. / Singh, Jatinder; Pasquier, Thomas; Bacon, Jean; Powles, Julia; Diaconu, Raluca; Eyers, David.

Middleware '16 : Proceedings of the 17th International Middleware Conference. Trento, Italy : Association for Computing Machinery (ACM), 2016. 13.

Research output: Chapter in Book/Conference paperConference paper

TY - GEN

T1 - Policy-Driven Middleware for a Legally-Compliant Internet of Things

AU - Singh, Jatinder

AU - Pasquier, Thomas

AU - Bacon, Jean

AU - Powles, Julia

AU - Diaconu, Raluca

AU - Eyers, David

PY - 2016/11/28

Y1 - 2016/11/28

N2 - Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT to develop lawfully, there must be technical mechanisms that allow the enforcement of specified policy, such that systems align with legal realities. The audit of policy enforcement must assist the apportionment of liability, demonstrate compliance with regulation, and indicate whether policy correctly captures legal responsibilities. As both systems and obligations evolve dynamically, this cycle must be continuously maintained.This poses a huge challenge given the global scale of the IoT vision. The IoT entails dynamically creating new services through managed and flexible data exchange. Data management is complex in this dynamic environment, given the need to both control and share information, often across federated domains of administration.We see middleware playing a key role in managing the IoT. Our vision is for a middleware-enforced, unified policy model that applies end-to-end, throughout the IoT. This is because policy cannot be bound to things, applications, or administrative domains, since functionality is the result of composition, with dynamically formed chains of data flows.We have investigated the use of Information Flow Control (IFC) to manage and audit data flows in cloud computing; a domain where trust can be well-founded, regulations are more mature and associated responsibilities clearer. We feel that IFC has great potential in the broader IoT context. However, the sheer scale and the dynamic, federated nature of the IoT pose a number of significant research challenges.

AB - Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT to develop lawfully, there must be technical mechanisms that allow the enforcement of specified policy, such that systems align with legal realities. The audit of policy enforcement must assist the apportionment of liability, demonstrate compliance with regulation, and indicate whether policy correctly captures legal responsibilities. As both systems and obligations evolve dynamically, this cycle must be continuously maintained.This poses a huge challenge given the global scale of the IoT vision. The IoT entails dynamically creating new services through managed and flexible data exchange. Data management is complex in this dynamic environment, given the need to both control and share information, often across federated domains of administration.We see middleware playing a key role in managing the IoT. Our vision is for a middleware-enforced, unified policy model that applies end-to-end, throughout the IoT. This is because policy cannot be bound to things, applications, or administrative domains, since functionality is the result of composition, with dynamically formed chains of data flows.We have investigated the use of Information Flow Control (IFC) to manage and audit data flows in cloud computing; a domain where trust can be well-founded, regulations are more mature and associated responsibilities clearer. We feel that IFC has great potential in the broader IoT context. However, the sheer scale and the dynamic, federated nature of the IoT pose a number of significant research challenges.

KW - law

KW - regulation

KW - policy specification and enforcement

KW - audit

UR - http://www.scopus.com/inward/record.url?scp=85051091637&partnerID=8YFLogxK

U2 - 10.1145/2988336.2988349

DO - 10.1145/2988336.2988349

M3 - Conference paper

SN - 9781450343008

BT - Middleware '16

PB - Association for Computing Machinery (ACM)

CY - Trento, Italy

ER -

Singh J, Pasquier T, Bacon J, Powles J, Diaconu R, Eyers D. Policy-Driven Middleware for a Legally-Compliant Internet of Things. In Middleware '16 : Proceedings of the 17th International Middleware Conference. Trento, Italy: Association for Computing Machinery (ACM). 2016. 13 https://doi.org/10.1145/2988336.2988349