Access Control Privileges Management for Risk Areas

ACCESS CONTROL PRIVILEGES MANAGEMENT FOR RISK AREAS

Mariagrazia Fugini1, and Mahsa Teimourikia2

Politecnico di Milano

[email protected], [email protected] 16, 2014

Polo Territoriale di Como

Outline

2

Objectives

Scope

Motivations

Preliminaries

The Risk Management System

The Risk-Adaptive Access Control

Conclusions


Objective

this research tackles the problem of flexibility and dynamicity of access control models with regards to the environment conditions and risks that endangers the security, privacy and safety of the civilians, resources and structures.

Dynamic and Adaptive Access Control

Environment

Users

Resources

SecuritySafety

Risk & Emergency

Pri

vacy

3


Security:

Access Control Models and Policies, Physical Resources

and Data, Attributes and Conditions of

Users, Resources and the Environment,

etc.

Risk:

Risk In the Environment, User-Centered Approach,

Proactive and Reactive Risk

Treatment, Distinction between

risks and emergencies, etc.

Scope

Adaptive and Risk Aware Access Control

4


Motivation

5

• In environmental risk management, providing security for people and various resources dynamically, according what happens in the environment is an open issue.

• In monitored environments, where risks can be acknowledged via sensors and spatial data technologies, security rules, in particular access control rules, should be made adaptive to the situation at hand at run time.

The JASON Report [1] points out the inflexibility of current access control (AC) models that can be a major limitation when dealing with dynamic and unpredictable environments.

[1] Horizontal integration: Broader access models for realizing information dominance.Technical report, TheMITRE Corporation, JASON Program Office, Mclean, Virginia, 2004.[2] K. Smith, Environmental hazards: assessing risk and reducing disaster, Routledge, 2013.


Preliminaries

6

• Risk: hazards and abnormalities recognized in an environment that indicate a threat to the infrastructures and/or the civilians (e.g., If sensors indicate gas leak, there is a risk of fire and explosion.). Risks can be avoided via preventive strategies (e.g. closing the gas flow). Risks contain attributes like Type, IntensityLevel, and Location.

• Emergency: When the Risk intensity is higher than a threshold, it is considered as an emergency that needs immediate interventions and corrective strategies. (e.g. if the gas leak is very heavy it can indicate an emergency situation where an explosion is going to happen (or have already happened).


The Scenario

7

Environment: Airport

Users: In-domain Users (e.g. Airport Staff), Out-domain Users (e.g. passengers,

first responders).

Resources: Data and physical resources


The Risk Management System (RMS)

8

The RMS [3] receives the inputs from sensors and monitoring devices, recognizes the risks and emergencies in the environment, and monitors the data received about the emergencies and disasters that have happened in nearby areas and produces a Risk Map and preventive or corrective Strategies accordingly.

[2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation," Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012.


Risk Management System

9

Monitoring Analyzing Planning Executing

Risks are considered at two levels:

• Global Risk: That affects the whole or parts of an

environment. (e.g. Gas Leak Scenario)

• Personal: That affects individuals and has a potential to

cause global risk. (e.g. Mark’s Scenario)

• The Personal Risk Level (PRL):


The Access Control Model

10

The security model is based on Attribute Based Access Control (ABAC) including the following components:• Subjects: this abstracts a user, an application, or a process

wanting to perform an operation on a resource/object: • Administrative Subjects: Their main responsibility is to

assign the Subject, Object, and Environment Attributes • In Domain Subjects: are active subjects that need

permissions to access different kind of resources, and are in charge in the organization, with some kind of an organizational role. (e.g. Security Staff, etc.)

• Out Domain Subjects: are the Subjects that are outside the organizational hierarchy. In our scenario, they can be travelers or the first responders in an airport area.



11

In Domain Subjects: These subjects can hold many attributes (Subject Attributes –SA) grouped as follows:



12

• Objects: abstract resources that a subject can access or act on.

• Environment: this component models the environment (i.e., the airport) with its dynamic conditions, which affect the security decisions.

• Privileges: the operations that a Subject requests to perform on an Object. They can be actions such as read, write, and update, activities, such as trigger (for alarms), close (for doors and gas pipes), zoom in (for a camera), enter (for a section of the Environment) and so on.

• Request: A request is defined as the result of the application of an evaluate function as follows:

The results of this evaluation can be Permit, Deny and Not applicable.



13

The access control and risk components, in a class diagram.



14

To dynamically adapt the access control model to risk situations, two different methods are considered using Event-Condition-Action (ECA) rules.

• Activating/Deactivating Access Control Rules: this is done by considering set of access rules as an access control domain (acd ∈ ACD). Access control domains are statically defined by Administrative Subjects, but are activated and deactivated at run-time to adapt the access control model to risk situations.

• Dynamically Changing Subject/Object/Environment Attributes: Necessary changes are made in the attributes of Subjects, Objects, and the Environment to allow the successful execution of the RMS strategies.



The XACML Architecture is extended to support the risk-aware adaptivity in the access control.

15



16

Examples:

• Activating/Deactivating Access Control Rules:

• Dynamically Changing Subject/Object/Environment Attributes: Changing an Subject’s attribute to allow rescue teams to localize them.


• Considering risks as recognized by a Risk Management System based on monitoring data about the environment, this paper has presented an access control model, which is adaptive to risks.

• To facilitate the adaptivity we employed the concept of ECA to dynamically change the security rules and make changes in attributes of the security model components.

• As future work, we are working towards formalizing this model using Event Calculus and Impalement it as an addition to our RMS tool [2].

Conclusion and Future Work

17

[2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation," Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012.

Polo Territoriale di Como18

THANK YOU!

Access Control Privileges Management for Risk Areas

Technology

Transcript of Access Control Privileges Management for Risk Areas