Information SeeSaw: Availability vs. security management in the UbiComp world

The ubiquitous computing vision brings about a number of information security and privacy challenges, some of which we already face in the mobile computing arena. This work focuses on a context-specific class of information leakage threats not involving a malicious custodian. Information exposure threats arise as a side effect of a paxticular choice of data management procedures employed during legitimate information use or possession in a specific context. They affect, in different forms, information throughout its lifetime in a ubiquitous computing environment. To maximize information availability, and thus its value to user, under unpredictably varying threat models, we depart form static and inflexible approaches to secure data management to provide for continuous and adaptive information exposure protection. We outline a means of structured reasoning about information exposure and introduce a metric for its quantification. An approach to threat mitigating information management operations discrimination based on information utility change is also presented. To unify the introduced concepts into a coherent big picture we form a Levels of Exposure model. On the implementation side, we overview a type aware, sub-file granularity data repository system that meets the requirements implied in the paper.