Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger...
-
Upload
aubrie-mcdaniel -
Category
Documents
-
view
212 -
download
0
Transcript of Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger...
![Page 1: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/1.jpg)
Fine-grained Access Control for Spatial Services
...enforcing the Need-to-Know PrincipleRüdiger Gartmann
con terra GmbH, Münster, Germany
![Page 2: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/2.jpg)
© con terra GmbH2
Actors:
Public Safety Scenario: Planning an Event
![Page 3: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/3.jpg)
© con terra GmbH3
User Groups
X
![Page 4: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/4.jpg)
© con terra GmbH4
Planning team
> Event preparation
> Plan roadblocks, routes, evacuation scenarios, personnel...
> Assign areas for police, firefighters, paramedics, ...
Control team
> Event monitoring
> Measuring of movements, reaction to incidents and emergencies, revision of plans, ...
> Management of emergency response teams
> Observation of surveillance cameras, location of suspects, ...
Access to All Information
![Page 5: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/5.jpg)
© con terra GmbH5
Access to Limited Information
Technical preparation
> Create roadblocks, traffic control systems, barriers, ...
> Seal gully holes, check security measures, ...
Emergency response teams
> Situation assessments
> Taking orders
> Status reports
> Finding places of accident
> Guidance, evacuation, protection...
![Page 6: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/6.jpg)
© con terra GmbH6
Access to Public Information
Tourists
> Plan their trips
> See what‘s going on
> Find friends
> Post information, photos, ...
> Get event notifications
Threats
> Only access to public information
![Page 7: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/7.jpg)
© con terra GmbH7
Regardless of the security classification, access is only permitted if there is an actual need
Planning team is allowed to see evacuation routes...
Control team is allowed to use surveillance cameras...
Poliecemen are allowed to report incidents...
Paramedics are allowed to request ambulances...
> ...but only for the very event they are actually dealing with!
Security Levels vs. Need-To-Know
![Page 8: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/8.jpg)
© con terra GmbH8
Class 1 Class 2 Class 3 Class 4
Event A
Event B
Event C
Event D
Authorisation Decision
Information is classified
Information is assigned to certain tasks
Users are classified
Users are assigned to certain roles (responsible for certain tasks)
Access is granted, only if
> classification level matches and
> task/role assignment matches
![Page 9: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/9.jpg)
based on security.manager
Access Control to Spatial Content
![Page 10: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/10.jpg)
© con terra GmbH10
Policy structure
Creating Policies
Subject Resource Action ObligationSubject Resource Action Obligation
Planning Team
Evacuation Routes
* Area of Interest, Classification = green
Subject Resource Action Obligation
Planning Team
Places to inspect
* Area of Interest, Classification = green
Policemen Places to inspect
Check Area of Duty, Classification = yellow
System is deny-biased
> Everyone without explicit permissions is denied
![Page 11: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/11.jpg)
© con terra GmbH11
Example: Places to Inspect
![Page 12: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/12.jpg)
Required Authorisation Capabilities
![Page 13: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/13.jpg)
© con terra GmbH13
Authorisation of Services
Full set
Authorize services in securityManager
Restricted
![Page 14: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/14.jpg)
© con terra GmbH14
Layer Authorisation
All layers
Restricted listof layers
Define rights
![Page 15: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/15.jpg)
© con terra GmbH15
Feature Authorization
All features Filtered to features classified as yellow
Classification = yellow
![Page 16: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/16.jpg)
© con terra GmbH16
Authorise Functionalities
Identify result
Assign permissions for operations in securityManager
Identify not authorized
![Page 17: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany.](https://reader035.fdocuments.in/reader035/viewer/2022070412/56649dbb5503460f94aac00f/html5/thumbnails/17.jpg)
© con terra GmbH17
Spatial restrictionsin securityManager
Spatial Restrictions
Full extent
Spatial restriction for Germany