Adaptive Security for Risk Management Using Spatial Data

Adaptive Security for Risk Management Using Spatial Data

Mariagrazia Fugini1, George Hadjichristofi2,,and Mahsa Teimourikia3

1,3Politecnico di Milano, 2Frederick University

[email protected], [email protected], [email protected] September 2014

Polo Territoriale di Como

Outlines

2

• Motivation

• Objectives

• Preliminaries

• Methodology:

• Components of the Security Model

• Adaptivity of the Security Model due to risks

• Conclusion and Future Work


Motivation

3

[1] K. Smith, Environmental hazards: assessing risk and reducing disaster, Routledge, 2013.

• In environmental risk management, providing security for people and various resources dynamically, according what happens in the environment is an open issue [1].

• In monitored environments, where risks can be acknowledged via sensors and spatial data technologies, security rules, in particular access control rules, should be made adaptive to the situation at hand at run time.


Objectives

4

• This paper presents the design principles for adaptive security for areas where changing conditions trigger events signaling risks that might require modifying authorizations of risk management teams.

• Spatial resources and information of the areas to be protected are considered in sample scenarios, and principles of security design are introduced building on ABAC (Attribute Based Access Control) [2].

• Adaptivity of security rules applying to subjects who intervene in the risk area is the core of our security model so as to make it responsive to risks by dynamically granting privileges to subjects to access resources.

[2] Hu, V. C., et al. “Guide to Attribute Based Access Control (ABAC) Definition and Considerations.” NIST Special Publication 800 (2014): 162


Preliminaries

5

• Risk: hazards and abnormalities recognized in an environment that indicate a threat to the infrastructures and/or the civilians (e.g., If sensors indicate gas leak, there is a risk of fire and explosion.). Risks can be avoided via preventive strategies (e.g. closing the gas flow). Risks contain attributes like Type, IntensityLevel, and Location.

• Emergency: When the Risk intensity is higher than a threshold, it is considered as an emergency that needs immediate interventions and corrective strategies. (e.g. if the gas leak is very heavy it can indicate an emergency situation where an explosion is going to happen (or have already happened).


A Scenario

• Considering an smart environment (i.e. an airport), in which the objects, people and the environment itself are monitored using sensors, and monitoring devices such as surveillance cameras, check points, wearable devices, and etc.

• We consider the subjects that intervene for Risk/Emergency Treatment:

• Security and Risk Manager

• Surveillance Personnel

• Security Staff

6


Security Modeling for Risk Treatment

• The security model is based on ABAC including the following components:

Subjects: this abstracts a user, an application, or a process wanting to perform an operation on a resource/object. A subject can hold many attributes in these three categories: General Attributes, Geo Attributes, Security Attributes.

Objects: abstract resources that a subject can access or act on. Objects hold three groups of attributes: General Attributes, Geo Attributes, Security Attributes.

Environment: this component models the environment (i.e., the airport) with its dynamic conditions, which affect the security decisions.

7



Actions and Activities: these are operations that can be executed by subjects on objects in a given context including Simple operations (actions)(e.g. read, write, etc.) and complex operations, called activities, which combine simple actions to model a task, a processor or a physical action. (e.g. “Redirect the airplane to another runway”).

Contexts: this component indicates a set of security rules, which are valid in a certain situation based on dynamic changes in the environment, including occurrence of risks.

8



Risk and Emergency: The monitored environment conditions, which change dynamically, can cause the occurrence of some risks/emergencies. A risky situation is recognized based on parameters such as: type, level, and location determining how to adapt security rules to handle it.

Events: Changes in the environment monitored conditions, trigger events that in turn activate/deactivate contexts that modify the security rules. Or cause changes in the subject/object attributes.

9


Adaptivity

We have adopted the Event-Condition-Action (ECA) paradigm to manage adaptivity of the access control system

Two methods used to dynamically permit subjects accessing the needed objects in case of a risk or emergency:•By dynamically changing the Subject/Object/Environment attributes•By dynamically activating or deactivating Contexts that contain the policies to be applied in a certain situation.

10


Adaptivity

ECA (Event-Condition-Action): An Example

In a case that a “fire” Event is reported as an Risk of Type “explosion” and with a “high” Intensity Level, and when the office hours have passed, and people are present in the affected area, the following actions are taken to dynamically adapt the Access Control System:

•The Risk Context is activated•The Flight Context is Deactivated•The level of security clearance of the Risk Manager is increased.•The Time Restriction is removed from the objects that have such a restriction on access.

11


Using XACML for Defining Policies

12

• The XACML [3] is used as the policy language for the access control model:

• The XML Schema for Subject/Objects and the Environment are defined to be used in XACML

• XACML <Rule> concept is used to represent our security rules, <Policy> to represent the contexts that are a collection of security rules and the <PolicySet> to represent the active contexts at each moment.

• The XACML rule and policy combining rules are used to avoid conflicts between rules.

[3] Rissanen, E. “Extensible Access Control Markup Language (XACML) Version 3.0.” Retrieved August 7 (2013): 2013


A Sample of A Subject XAML schema

12

Here is a simplified example of a subject XML schema to be used with XACML


Including Adaptive Risk Treatment In XACML

The adaptivity that was explained before is included in the XACML Architecture as shown in the figure

14


Conclusions

• This paper presented adaptive security modeling motivated by the need for smart environments to dynamically authorize actors in facing risks.

• The Access Control model was developed on the ABAC model and with use of XACML policy language.

• The adaptivity is introduced using the ECA paradigm, that dynamically changes the Subject/Object/Environment attributes, and activates/deactivates contexts based on risks and emergencies that are detected in the environment

15


Future Works

• As future work, we intend to focus on the topics of:

• binding environmental and spatial information,

• on the dynamics of assigning authoritative roles to administrators,

• and on ways to handle conflicting Context switching.

• We are working towards inclusion of this security model in the Risk Management Tool simulator developed for risk management and described in [4], based on Matlab and on a web application deployment environment.

[4] M. Fugini, C. Raibulet and L. Ubezio, "Risk assessment in work environments: modeling and simulation.," Concurrency and computation: Practice and experience, vol. 24, no. 18,pp. 2381-2403, 2012.

16


Thank You

17

Technology

Adaptive Security for Risk Management Using Spatial Data