In November of 2001, he joined the Telecooperation Office (TecO) research group, Karlsruhe University, Germany, to investigate topics concerned with security in Ubiquitous Computing (UbiComp). He also joined  SAP Research to work with the Security and Trust Research group, investigating security for enterprise level applications that incorporate ubiquitous computing technology. This includes trust and security issues for mobile business applications and collaborative business processes enhanced with context awareness . The current project with SAP is called TrustCoM (Trust and Contract Management for Virtual Organizations). Virtual Organizations have dynamic properties that are comparable to those of UbiComp environments. There is therefore a conceptual overlap in the research issues even though the technical assumptions are very different.

Philip has also been the co-organizer of three workshops on security in Ubiquitous and Pervasive Computing in UbiComp 2002, UbiComp 2003 and Pervasive 2004, the latter being published as a post proceedings in the Kluwer Computer Science series. The publication is entitled: “Security, Privacy and Trust in the Context of Pervasive Computing”. 

The core hypothesis of my thesis is that entities in dynamic environments aim at maintaining their limited “perception of security” rather than explicitly protecting the system. If all trusted entities perceive that the system is secure, then this is the best possible security state. Furthermore, I believe that a security system may be divided into 5 hierarchical, distributable roles, which work together to form a complete security system. These roles are defined as initiator, coordinator, effector, monitor and announcer; The thesis claims that a system is most secure when all five of these management roles are assigned to and executable by trusted entities, yet allows the simplest case of all roles being carried out by a single entity.

There are two main challenges that I investigate:

1.      Complexity of managing (specification, enforcement, update) adaptive security and

2.      Coordinating secure interaction between entities in dynamic computing systems

 Before progressing to discuss the relevance of this thesis, I want to clarify the concept of “perception of security”: Perception is possible when an entity creates a model of the world in which it interacts. Perception is positively affected by events that confirm or enforce the validity of the model and negatively affected by events that distort the model. A perception of security is therefore an entity's model of system defined by its knowledge, assigned tasks and permissible views.

The research is being conducted in two different systems areas yet the similar properties of dynamics and distribution have prompted this research emphasis: 

i)     Meeting rooms and offices outfitted with supporting technology for ubiquitous computing. This allows new meeting attendees to spontaneously arrive and use equipment (projector, sensors, air conditioning) available in the room, or they may even bring their own equipment (cameras, laptops) to further enhance the system. Consequently, meeting attendees may also leave and take their equipment, causing the system to spontaneously reconfigure.

ii)     Virtual organizations represent coalitions of organizations that come together only to accomplish a business venture that could not be completed by only one (or subset) of the organizations. Therefore they need to create connections between their computer systems for resource sharing and coordination of business processes. However, partners change frequently, changing the availability of services and resources of the virtual organization, as well as the order in which processes are executed.

 The following properties are used to describe both of the above system scenarios:

 1.      Dynamic: Not possible to pre-determine actual constituents (hardware, software, users) of systems and consequent behaviour

2.      Distributed: protection goals must be locally enforced although centrally specified

3.      Task-Oriented: challenge of securing tasks as opposed to securing data

4.      Context Aware: protection goals may invariably change based on the actual state of the system

 The goal of the thesis is to show how dependable security in a distributed, dynamic system can be obtained when each entity (referred to as a controller) is given a clear description of its security assignment in the system, having proven that it can fulfill that role. The term Authorised Transient Control is used as a container for the research, as it defines:

 Authorised: each active entity in the system must be authorized to fulfill its security role, from which its perception of security is derived

Transient: the perception of security however frequently changes based on the situation, and the controllers are also expected to dynamically change (entity or role)

Control: therefore each entity of the system is assigned to control with a particular perception as reference.

 The contribution of the thesis will therefore be a security management model and coordination protocols for dynamically reconfiguring systems with the properties identified above.

• Context and situation awareness: development of adaptive software platforms that use system and environment information in order to define behaviour (see 9, 8, 1)
  
• Crypto Protocols: usage of asymmetric and symmetric cryptographic mechanisms for designing secure message-based protocols at the application layer (see 8)
  
• Policy-based systems: specification and generation of policies for specifying application behaviour (see 7, 5)
  
• Security management: approaches for system administrators to manage security in such a way that the immediate requirements of users and the protection goals of the application are supported. (see 4, 3)
  
• Software Engineering: object-oriented approaches to designing complex software systems (see 5, 2)
  
• Trust Management: the dynamics of trust between collaborating entities and its influence on how shared applications are deployed and adapted (see 6, 2)

• (being updated...)