View
161
Download
2
Category
Preview:
Citation preview
ConvergingPhysicalandLogicalEnvironmentsforEnhanced
DecisionMaking
QueraltInc
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 1
CompanyBackground&Management
Queralt,Inc.wasstartedinJanuary2011withprivatefundingfromtheDepartmentofHomelandSecurityScienceandTechnologyDirectorate,amulB-naBonalindustrialgascompanyanditsshareholderstodevelopacloudbasedsystemthatisabletomakeintelligentreal-BmeacBonsanddecisionsbasedonsimultaneousinputsfrommulBpletypesofsensoryinput,includingacBveandpassiveRFID,sensors,GPS,cellphones,datafeeds,etc.DavidCook,co-founderandCEO–focusonstrategyandfinanceSerialentrepreneur,mostrecentlyfounderofInSiteOne,amedicalimagingSaaScompanyacquiredbyDell;holdsaBAfromDartmouthCollegeandanMBAfromtheUniversityofChicago.MichaelQueralt,co-founderandPresident–focusonbusinessdevelopment,salesandmarkeDngPriorseniorsalesandmarkePngposiPonsatMicrosToMainframes,XeroxandCervalis.JohnVanSteenburgh,co-founderandCOO–engineeringandoperaDonsFormerlyheldmanagementposiPonswithCompuComandDellservingglobalcompanies.PaulStrassmann,Chairman-RePredCIOoftheDept.ofDefenseandNASA,authorandmemberoftheCIOHallofFame(www.strassmann.com).
proprietaryandconfidenPal
ProjectObjecPve
TheoverallobjecPveistocreateanenvironment,whereintelligentsystemsprovidetheconvergenceofthephysicalandlogicalworlds,becomingapla\ormforgatheringsensorialdatapoints,enablinglogicalsystemtomakesmarteraccessandcontroldecisions.
QueraltInc-2011-ConfidenPal
ComplianceandBusinessDriversPIAM(PhysicalIdenPtyandAccessManagement)deploymentsaredrivenbycompliancemandates,andisrequiredwiththefollowingsecuritystandards:• WhiteHouseOMBMemorandumM-11-11:RequiresPIVcardauthenPcaPonwithX.509
cerPficatetoPACSsin2012.• NorthAmericanElectricReliabilityCorporaPonCriPcalInfrastructureProtecPon(NERCCIP):A
strictstandardfortheIdMofusersintheelectricalpowerindustry.ThisstandardwasadoptedbytheFederalEnergyRegulatoryCommission(FERC).
• NuclearRegulatoryCommission(NRC)Title10CodeofFederalRegulaPonsPart73.54(10CFR73.54)andtheNuclearEnergyInsPtute(NEI)-08/09standards:AsubsetofthesestandardsfocusesonPACSauthorizaPon,authenPcaPonandPmelylifecyclemanagementofidenPPes.
• DHSChemicalFacilityAnP-TerrorismStandards(CFATS):Requirethathigh-riskchemicalfaciliPes(e.g.,petroleumrefineries,chemicalprocessingplants,explosivesmanufacturersandaerospacefaciliPes)submitaphysicalsecurityplantoDHSforapproval.Theplanmustdocumentinternalcontrolsassociatedwithphysicalaccess,includingIdM.
Source:GartnerReport-PhysicalIden8tyandAccessManagement–Published:1February2012
July21,2016 ProductdevelopedunderthesponsorshipofDHSS&TDirectorate 4
PROJECTOVERVIEWFROMDHSS&T
July21,2016 ProductdevelopedunderthesponsorshipofDHSS&TDirectorate 5
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 6
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 7
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 8
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 9
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 10
QUERALT’SSOLUTION
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 11
AhributeBasedSecurityForFineGrainAuthorizaPon
• ABAC– AhributeBasedAccessControl
• RAdAC– RiskAdaptableAccessControl
• LBS– LocaPonBasedAssuranceSoluPon
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 12
SystemaPc–AccessdeterminaPonbysystems
RunPme–GrantpermissionsatPmeofdecision
Procedure–Accessdeterminedbypeople
AhributedBasedAccessControl
RiskAdaptableAccessControl
RoleBasedAccessControl
GroupsAccess
AdministraPon–Grantpermissionspriortoaccessdecisions
Why–AhributeBased
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 13
SystemaPc–AccessdeterminaPonbysystems
RunPme–GrantpermissionsatPmeofdecision
Procedure–Accessdeterminedbypeople
AhributedBasedAccessControl
RiskAdaptableAccessControl
RoleBasedAccessControl
GroupsAccess
AdministraPon–Grantpermissionspriortoaccessdecisions
Low
High
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 14
SystemaPc–AccessdeterminaPonbysystems
RunPme–GrantpermissionsatPmeofdecision
Procedure–Accessdeterminedbypeople
AhributedBasedAccessControl
RiskAdaptableAccessControl
RoleBasedAccessControl
GroupsAccess
AdministraPon–Grantpermissionspriortoaccessdecisions
OurposiPoninthetechnologygrid
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 15
Howdowedoit?
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 16
HighLevelarchitecture
QueraltInc-2011-ConfidenPal
WhatisiQ3andwhatdoesthatmean?
iQ3performsasanapplicaPonframeworkthatcantakeinputfromanydatasourceandmakesrealPmedecisionsbasedonthatinformaPon.UPlizingstandardprotocols,iQ3canalsoactuateexternaldevicesbasedoninternaland/orexternaldecisions.
iQ3isasensory-agnosPcintelligentdecisionPla\orm
QueraltInc-2011-ConfidenPal
iQ3–KeyPoints• Thepla\ormconsistsoffourkeypieces.
– DataVector-Adatavectorisanytypeofdeviceorsensorthatcanprovidedata.
– Enabler-Anenablerisapieceofsomwarethateithersitsinsideof,orconnectsto,thedevicetoallowitsinformaPontobesenttotheiQ3DecisionEngineforanalysis.
– iQ3DecisionEngine-iQ3’sDecisionEnginetakesincomingdatafromenablersandperformscomplexanalysesonthatdatainconjuncPonwithuserdefinedrule-setstodeterminearesult.Basedontheresult,theiQ3DecisionEnginehastheabilitytosendaneventcarryingacustompayloadtoareceiverthatimplementstheAutomatedReacPveManipulator(ARM)Protocol.
– AutomatedReacPveManipulator(ARM)Protocol–ThisinternalprotocolisthereceiverthatinterfaceswithexternaldevicesandcantriggeritsownactuaPoneventssuchaslocking/unlockingadoor,takingapicture,workingwithexternalcontrollers,etc.
QueraltInc-2011-ConfidenPal
KeySoluPonPoints• Xcaml2.0and3.0Standard• PIV&PIV-Icompliant• Cloudbasedarchitectureanddesign.• Ahributebased–leveragesourworkwithIoT,Sensorsandother
externalapplicaPons.• AccessControl–Usingourstandardprotocolwecanactuate
remotephysicalenvironments.• AccessControl–Usingourprotocol,wecanintegratewithlogical
systemsforenhancedsecurityinformaPon.• WiegandConnector–ExtendsahributebasedtocurrentPACS
(enhancescurrentdeployments)• LBS–Leveragescurrentenginesandbuildstobehaviorandother
externalenvironmentalahributesforDynamicdecisions• RAdBACArchitectureReady
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 20
AhributedBased-Opportunity
• LocaPonBasedahributeprovider• EnvironmentalahributedproviderforFederatedandIndividualSystems
• PointofEnforcementforFederatedSystems• PointofDecisionforIndividualSystems
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 21
Recommended