Current trends in computing include increases in both distribution and wireless connectivity, leading to highly dynamic, complex environments on top of which applications must be built. The task of designing and ensuring the correctness of applications in these environments is similarly becoming more complex. The unified goal of much of the research in distributed wireless systems is to provide higher-level abstractions of complex low-level concepts to application programmers, easing the design and implementation of applications. A new and growing class of applications for wireless sensor networks require similar complexity encapsulation. However, sensor networks have some unique characteristics, including dynamic availability of data sources and application quality of service requirements, that are not common to other types of applications. These unique features, combined with the inherent distribution of sensors, and limited energy and bandwidth resources, dictate the need for network functionality and the individual sensors to be controlled to best serve the application requirements. In this article, we describe different types of sensor network applications and discuss existing techniques for managing these types of networks. We also overview a variety of related middleware and argue that no existing approach provides all the management tools required by sensor network applications. To meet this need, we have developed a new middleware called MiLAN. MiLAN allows applications to specify a policy for managing the network and sensors, but the actual implementation of this policy is effected within MiLAN. We describe MiLAN and show its effectiveness through the design of a sensor-based personal health monitor.

Pervasive computing applications are increasingly leveraging contextual information from several sources to provide users with behavior appropriate to the environment in which they reside. If these sources of contextual information are used and deployed in an ad hoc manner, however, they may provide overlapping functionality, fail to provide needed functionality, and require the use of inconsistent interfaces by applications. To overcome these problems, we introduce a Contextual Information Service that provides applications with contextual information via a virtual database. Unlike previous efforts, our service provides applications a consistent, lightweight, and powerful mechanism for obtaining contextual information, and includes explicit support for the on demand computation of contextual information. We show, via example applications and a Contextual Information Service prototype that we have implemented, how this approach can be used to allow proactive applications to adapt their behavior to match a user’s current environment.

Ubiquitous computing uses a variety of information for which access needs to be controlled. For instance, a person's current location is a sensitive piece of information, which only authorized entities should be able to learn. Several challenges arise in the specification and implementation of policies controlling access to location information. For example, there can be multiple sources of location information, the sources can be within different administrative domains, different administrative domains might allow different entities to specify policies, and policies need to be flexible. We address these issues in our design of an access control mechanism for a people location system. Our design encodes policies as digital certificates. We present an example implementation based on SPKI/SDSI certificates. Using measurements, we quantify the influence of access control on query processing time. We also discuss trade-offs between RSA-based and DSA-based signature schemes for digital certificates.

1 Introduction Ubiquitous computing environments, such as the ones examined in CMU's Aura project [1], rely on the availability of people location information to provide location-specific services. However, location is a sensitive piece of information and releasing it to random entities might pose security and privacy risks. For example, to limit the risk of being robbed, individuals wish to keep their location secret when walking home during the night. Therefore, only authorized entities should have access to people location information.

We show how untrusted computers can be used to facilitate secure mobile data access. We discuss a novel architecture, data staging, that improves the performance of distributed file systems running on small, storage-limited pervasive computing devices. Data staging opportunistically prefetches files and caches them on nearby surrogate machines. Surrogates are untrusted and unmanaged: we use end-to-end encryption and secure hashes to provide privacy and authenticity of data and have designed our system so that surrogates are as reliable and easy to manage as possible. Our results show that data staging reduces average file operation latency for interactive applications running on the Compaq iPAQ handheld by up to 54%.

This paper re-examines a number of the approaches, origins and ideals of context--aware systems design, looking particularly at the way that the past influences what we do in our ongoing activity. As a number of sociologists and philosophers have pointed out, past social interaction, as well as past use of the heterogeneous mix of media, tools and artifacts that we use in our everyday activity, influence our ongoing interaction with the people and media at hand. We suggest that the past is thus part of one's current context, and can be seen as combining and interweaving the temporal and subjective patterns of individuals' use of heterogeneous media as well as objectively structured representations of individual media. Based on this theoretical discussion, we present a number of critiques, examples and suggestions for systems designs that reflect this historical aspect of context, and which make good use of the past in supporting ongoing user activity.

Abstract. Enabling the ambient intelligence vision means that consumers will be provided with universal and immediate access to available content and services, together with ways of effectively exploiting them. Concentrating on the software system development aspect, this means that the actual implementation of any ambient intelligence application requested by a user can only be resolved at runtime according to the user’s specific situation. This paper introduces a base declarative language and associated core middleware, which supports the abstract specification of Ambient Intelligence applications together with their dynamic composition according to the environment. The proposed solution builds on the Web services architecture, whose pervasiveness enables both services availability in most environments, and specification of applications supporting automated retrieval and composition. In addition, dynamic composition of applications is dealt in a way that enforces the quality of service of deployed applications in terms of security and performance.

In this paper, trust-based recommendations control the exchange of personal information between handheld computers. Combined with explicit risk analysis, this enables unobtrusive information exchange, while limiting access to confidential information. This is illustrated with applications such as personal address books and electronic diaries. Recommendations associate categories with data and with each other, with degrees of trust belief and disbelief. Since categories also in turn confer privileges and restrict actions, they are analogous to roles in a Role-Based Access Control system, while principals represent their trust policies in recommendations. Participants first compute their trust in information, by combining their own trust assumptions with others' policies. Actions are then moderated by a risk assessment, which weighs up costs and benefits, including the cost of the user's time, before deciding whether to allow or forbid the information exchange, or ask for help. By unifying trust assessments and access control, participants can take calculated risks to automatically yet safely share their personal information.

Many types of information available in a pervasive computing environment, such as people location information, should be accessible only by a limited set of people. Some properties of the information raise unique challenges for the design of an access control mechanism: Information can emanate from more than one source, it might change its nature or granularity before reaching its final receiver, and it can flow through nodes administrated by different entities. We propose three design principles for the architecture of an access control mechanism: (1) extract pieces of information in raw data streams early, (2) define policies controlling access at the information level, and (3) exploit information relationships for access control. We describe an example architecture in which we apply these principles. We also report how our earlier work about adding access control to a people location service contributed to the more general access control architecture proposed here.

Abstract. Over the past five years, the MyCampus group at Carnegie Mellon University has been developing and experimenting with Ambient Intelligence technologies aimed at enhancing everyday life. The project has drawn on multiple areas of expertise, combining the development of an open Semantic Web infrastructure for context-aware service provisioning with an emphasis on issues of privacy and usability. In this paper, we review key motivations behind the project, discuss the MyCampus Semantic Web infrastructure and report on our experience tailoring the architecture for different environments (e.g. everyday campus life applications, office applications, museum tour guide). This includes a discussion of Semantic e-Wallets aimed at reconciling user demands for context awareness and privacy as well as a description of different context-aware applications developed and evaluated during the course of the project. We also discuss our experience using Case-Based Reasoning (CBR) functionality developed to overcome usability issues associated with capturing complex, context-sensitive user preferences. The paper concludes with a summary of lessons learned so far and of challenges still to be addressed.