In recent years the use of embedded devices and smartcards has been growing rapidly. However, there are many threats related to this upsurge (e.g. abusing devices to gain illicit information or steal money). Hence there is a need for secure solutions for such cases. The JASON project aims to bring a better level of security to distributed systems that involve a large number of embedded devices.

Overview

The JASON project aims at building a secure system architecture and a corresponding programming paradigm for ambient applications that involve a large number of embedded devices. Point of departure is a strict separation of concerns: the programmer only has to specify the security and remote management requirements and then concentrates on implementing the actual functionality of the application. The programming platform and supporting architecture cover a large number of security properties: confidentiality, integrity, authenticity, privacy, logging, transaction support.

To this end, the ``secure network of objects'' paradigm has been developed. It allows programmers to specify requirements for individual methods and for the communication among objects. The JASON platform automatically transforms these into a secure implementation. The resulting platform allows for a straightforward design and programming of a system that is easy to be managed remotely.

An example application of the JASON system, that has been investigated, was Chess's Machine to Machine (M2M) platform, together with its typical applications: Payment Terminal and Home Control Box (details are in past research).

Recently we have also investigated the relation between our JASON system and the Service Oriented Architecture (SOA), keeping in mind the experience from the investigation of M2M systems (and M2M systems are sometimes implemented using SOA). Service Oriented Architecture is an architectural style for designing and utilizing business processes as well as defining and provisioning the infrastructure that allows different applications to participate in business processes. In the SOA model functionality is divided into distinct separate nodes (called services), which are distributed over a network and are combined together creating business processes. SOA aims at business functionality and fits very well to business systems. However, very often the security in SOA is omitted. Therefore we have investigated how to improve SOA security using JASON. Our research has resulted in feedback for designing JASON. We have intensively cooperated with specialists from Chess to obtain more knowledge about ``real'' implementations of SOA.

The general concepts of JASON for Service Oriented Architecture (SOA) is starting being used in implementations of Chess projects, in particular the development of a new payment terminal. The experiences of these implementations will provide valuable feedback to tune the JASON design. We will focus on implementing JASON architecture for SOA and formalising security. Chess is developing an experimental service oriented architecture for the JASON platform and use the feedback achieved during the JASON project in the second generation payment terminal prototype.

Papers

In the project some fundamental research have been performed and the following papers were published:

  • Chmielewski, L., Brinkman, R., Hoepman, J.-H. and Bos, B.
    Using JASON to secure SOAPDF document In: 1st International Workshop on Middleware Security (MIDSEC), Dec 2008, Leuven, Belgium
  • Ł. Chmielewski and J.-H. Hoepman.
    Fuzzy Private Matching (extended abstract) PDF document.
    In 3rd Int. Conf. on Availability, Reliability and Security, Barcelona, Spain, March 4-7 2008.
    (to appear).
  • B. Bos, Ł. Chmielewski, J.-H. Hoepman, and T. S. Nguyen.
    Remote Management and Secure Application Development for Pervasive Home Systems Using JASON PDF document.
    In 3rd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, Istanbul, Turkey, July 20 2007.
  • J.-H. Hoepman.
    Distributed Double Spending Prevention PDF document PostScript document.
    In 15th Int. Workshop on Security Protocols, 2007.
  • J.-H. Hoepman.
    Private Handshakes PDF document PostScript document.
    In F. Stajano, editor, 4th Eur. Symp. on Security and Privacy in Ad hoc and Sensor Networks, Lect. Not. Comp. Sci. 4572, pages 31-42, Cambridge, UK, June 2-3 2007.

Posters

During duration of the project, the posters were presented on the following events:

  • Siren Scientific ICT-Research Event (October 12, 2006) PDF document.
  • ICT-Delta congress (Utrecht, May 22, 2007) PDF document.
  • Siren Scientific ICT-Research Event (Technische Universiteit Delft, 20 October, 2007) PDF document.

The original poster for JASON for smartcards is here.

Research activities

The implementation of the M2M system that had been investigated in detail, are Home Control Box and Payment terminal. These scenarios were analyzed with respect to possible security threats and has refined the general security requirements for this system. This kind of investigations helped us to define exactly the JASON requirements.

We have investigated three possible approaches for secure compartments in JASON: Java sandbox, SELinux compartment and Xen guest operating system. As a result of this investigation we decided that Java sandbox is the most promising and convenient tool for our purposes. For the sake of generality we also considered the Xen mechanism.

Another topic that we investigated was the object communication model between sandboxes, which included:

  • Defining methods for objects to communicate (RMI, Secure RMI, Web services). We have chosen Web Services.
  • Defining an interface language for a JASON object. Formerly, this language was our own extension of the Java interface definition language. Since the introduction of annotations in Java 5, the JASON keywords are specified as Java annotations instead. However, we do not completely resign for using interfaces -- JASON annotations are compiled to security interfaces of services (that can be also seen as JASON objects).
  • Defining a key management system with role based access control (RBAC) support. We are still investigating this topic.

In the past year, our research within Chess concentrated on the following topics:

  • the design of the JASON system
  • complementing the SOA approach with our JASON system (details in report ``JASON and SOA''); we have investigated four possible approaches:
    • JASON on top of SOA
    • SOA on top of JASON
    • JASON plugged into SOA
    • JASON next to SOA
    For the final implementation we have chosen the JASON next to SOA approach.
  • designing and implementing JASON using Web Services and Java, that can work with SOA, and be used for implementing M2M systems. Following tools have been investigated to be used in the current implementation:
    • Mule - example implementation of SOA.
    • apt (Java annotations processor tool):
      • J2EE
      • Glashfish (Java Enterprise Application Server)
    • Spring
  • designing and implementing an experimental SOA environment at Chess
  • key management system with RBAC support for JASON

Conclusions

Our investigations support our claim that the JASON platform can significantly improve the security level in SOA and therefore, also in M2M systems.

The JASON project builds on previous research, which is summarized here (summary of research made in 2006 and beginning of 2007) and here (summary of research made before start of JASON project).