CIS14: Physical and Logical Access Control Convergence
-
Upload
cloudidsummit -
Category
Technology
-
view
177 -
download
1
description
Transcript of CIS14: Physical and Logical Access Control Convergence
![Page 1: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/1.jpg)
Cloud Identity Summit 2014 Getting Physical: Holistic Identity Management
22 July 2014
Karyn Higa-Smith Program Manager Cyber Security Division Homeland Security Advanced Research Projects Agency Science and Technology Directorate
Physical and Logical Access Control Convergence
![Page 2: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/2.jpg)
• Presenter’s Name June 17, 2003
CSD Mission & Strategy
2
REQUIREMENTS
CSD MISSION § Develop and deliver new technologies, tools and techniques to defend and secure current
and future systems and networks § Conduct and support technology transition efforts § Provide R&D leadership and coordination within the government, academia, private sector and
international cybersecurity community
CSD STRATEGY Trustworthy
Cyber Infrastructure
Cybersecurity Research
Infrastructure
Network & System Security and
Investigations
Cyber Physical Systems
Transition and Outreach
Government Venture Capital IT Security
Companies Open
Source International
![Page 3: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/3.jpg)
Background
![Page 4: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/4.jpg)
• Presenter’s Name June 17, 2003
S&T Identity Management Testbed
Attribute Repository WS-Security
Policy Decision
Point
Attribute Aggregator
![Page 5: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/5.jpg)
• Presenter’s Name June 17, 2003 • 5
Identity & Access Management Research & Development
![Page 6: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/6.jpg)
• Presenter’s Name June 17, 2003
§ PIV-I/FRAC Technology Transition Working Group (TTWG) § Public Safety/Emergency Response § Security § Federated Identity for First Responders § National standard, Interoperable,
and trusted ID credential § One voice from the TTWG to policy
makers § Sharing lessons learned § Provide innovative, Cost-efficient
solutions 6
Technology Transition Working Group
![Page 7: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/7.jpg)
• Presenter’s Name June 17, 2003
PIN
Authorization Information: Certifications, Clearance, Job Function, Citizenship…
7
Enrollment Elements
![Page 8: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/8.jpg)
• Presenter’s Name June 17, 2003
Bio: Something
you are
• Something you have
• Something you know ****
• Something you are
8
Authentication
![Page 9: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/9.jpg)
• Presenter’s Name June 17, 2003
Federated Attribute Exchange
![Page 10: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/10.jpg)
• Presenter’s Name June 17, 2003 • 10
End-to-End Standard-Based Attribute Exchange
Authoritative Sources
F/ERO Repository (Attributes) SPML
Service
SPML Gateway
Handheld
Local Workstation
SAML Service
SPML Profile Create, Read, Update, Delete
SPML Read-Only Profile
ERO Entitlements Authoritative Source
SPML Read-Only Request/Response
Smartphone
OASIS: Organization for the Advancement of Structured Information Standards F/ERO: Federal/Emergency Response Official SPML: Service Provisioning Markup Language SAML: Security Assertion Markup Language
Lightweight Protocol JSON over REST
SAML Request/Response
BAE SAML Profile
Tablet
![Page 11: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/11.jpg)
Logical and Physical Access Control Systems
Convergence
*show video*
![Page 12: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/12.jpg)
• Presenter’s Name June 17, 2003
Capability Need: Centralized access
control management; utilize PIV/PIV-I
credentials
Technology: Develop standard interface
between Physical and logical access control
system
Impact: Security,
Remote and Central Access Management,
Granular Access Control, Less
Footprint, Usability, and Reduce Cost
Transition: proof-of-concept pilot, transition to industry
Customer: Fusion Center, FEMA,
CSO/CIO
Execution Model
12
![Page 13: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/13.jpg)
• Presenter’s Name June 17, 2003 13
§ Requirement for access control management using PIV and PIV-I § Interoperability testing at the S&T IdM Testbed
§ Test Physical Access Control System against the “Logical” Policy Decision Point § PACS vendors to integrate software code based on the standard interfaces
§ XACML (Extensible Access Control Markup Language) - open standard access control policy language
1
24
5
3
Policy Enforcement
Point
Policy Decision Point
Requestor
Cyber-Physical Access Control System Convergence
![Page 14: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/14.jpg)
• Presenter’s Name June 17, 2003 14
![Page 15: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/15.jpg)
• Presenter’s Name June 17, 2003 15
Pilot at DC Government
![Page 16: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/16.jpg)
• Presenter’s Name June 17, 2003
Visit Authorization Process
![Page 17: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/17.jpg)
• Presenter’s Name June 17, 2003
Visitor Enrollment Kiosk
![Page 18: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/18.jpg)
• Presenter’s Name June 17, 2003
Take Away
• Security, Interoperability, Efficiency, Enhances Access Control
Benefits
• Team dynamics, dedication, education • Convergence required constant communication and
coordination with many different groups that normally operate independently
Innovation – to - Operations
• Kiosk interface • Speed
Usability
Lessons Learned
![Page 19: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/19.jpg)
• Presenter’s Name June 17, 2003
Future
![Page 20: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/20.jpg)
• Presenter’s Name June 17, 2003
Resources
Websites http://www.ahcusa.org/PIV-I%20TTWG.htm http://www.dhs.gov/csd-idm http://www.dhs.gov/cyber-research Follow us on Twitter at @dhsscitech
![Page 21: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/21.jpg)
• Presenter’s Name June 17, 2003 • 21
Karyn Higa-Smith DHS Science and Technology Directorate Homeland Security Advanced Research Projects Agency Cyber Security Division Identity, Access, Privacy Research Program [email protected]
Questions
§ Additional Resources Location-based Access Control § https://www.youtube.com/watch?v=j3LXxqW160k Data Privacy Research: http://go.usa.gov/8JZ9
![Page 22: CIS14: Physical and Logical Access Control Convergence](https://reader033.fdocuments.in/reader033/viewer/2022051400/55392f3b4a79597c778b4912/html5/thumbnails/22.jpg)