SlideShare una empresa de Scribd logo

Access Control Privileges Management for Risk Areas

Descargar como PPTX, PDF
Mahsa Teimourikia
Mahsa Teimourikia

This presentation presents adaptive access control for areas where risks require modifying authorizations dynamically at run time to enlarge and/or restrict privileges for risk rescue teams. Resources, which have a spatial description, as well as data elements of the areas to be protected, are considered. Based on a risk scenario, principles of access control based on the ABAC (Attribute Based Access Control) model for Subjects and Objects are given. Adaptivity of access control rules apply to subjects who intervene in the risk area and who require enlarged privileges to access to resources. The Access Control Domain concept models the policies of adaptive changes to Subject/Object attributes to face the crisis events. Events have a spatial description to enable managing the crisis according to where the event has occurred, since the same event can have different impacts on the environment depending on where it happens.

Tecnología
1 de 18
ACCESS CONTROL PRIVILEGES MANAGEMENT FOR RISK AREAS Mariagrazia Fugini1, and Mahsa Teimourikia2 Politecnico di Milano 1mariagrazia.fugini@polimi.it, 2mahsa.teimourikia@polimi.it October 16, 2014
Polo Territoriale di Como Outline 2 Objectives Scope Motivations Preliminaries The Risk Management System The Risk-Adaptive Access Control Conclusions
Polo Territoriale di Como Objective this research tackles the problem of flexibility and dynamicity of access control models with regards to the environment conditions and risks that endangers the security, privacy and safety of the civilians, resources and structures. Dynamic and Adaptive Access Control Environment Users Resources Security Safety Risk & Emergency Privacy 3
Polo Territoriale di Como Security: Access Control Models and Policies, Physical Resources and Data, Attributes and Conditions of Users, Resources and the Environment, etc. Risk: Risk In the Environment, User- Centered Approach, Proactive and Reactive Risk Treatment, Distinction between risks and emergencies, etc. Scope Adaptive and Risk Aware Access Control 4
Polo Territoriale di Como Motivation 5 • In environmental risk management, providing security for people and various resources dynamically, according what happens in the environment is an open issue. • In monitored environments, where risks can be acknowledged via sensors and spatial data technologies, security rules, in particular access control rules, should be made adaptive to the situation at hand at run time. The JASON Report [1] points out the inflexibility of current access control (AC) models that can be a major limitation when dealing with dynamic and unpredictable environments. [1] Horizontal integration: Broader access models for realizing information dominance.Technical report, TheMITRE Corporation, JASON Program Office, Mclean, Virginia, 2004. [2] K. Smith, Environmental hazards: assessing risk and reducing disaster, Routledge, 2013.
Polo Territoriale di Como Preliminaries 6 • Risk: hazards and abnormalities recognized in an environment that indicate a threat to the infrastructures and/or the civilians (e.g., If sensors indicate gas leak, there is a risk of fire and explosion.). Risks can be avoided via preventive strategies (e.g. closing the gas flow). Risks contain attributes like Type, IntensityLevel, and Location. • Emergency: When the Risk intensity is higher than a threshold, it is considered as an emergency that needs immediate interventions and corrective strategies. (e.g. if the gas leak is very heavy it can indicate an emergency situation where an explosion is going to happen (or have already happened).
Polo Territoriale di Como The Scenario 7 Environment: Airport Users: In-domain Users (e.g. Airport Staff), Out-domain Users (e.g. passengers, first responders). Resources: Data and physical resources
Polo Territoriale di Como The Risk Management System (RMS) 8 The RMS [3] receives the inputs from sensors and monitoring devices, recognizes the risks and emergencies in the environment, and monitors the data received about the emergencies and disasters that have happened in nearby areas and produces a Risk Map and preventive or corrective Strategies accordingly. [2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation," Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012.
Polo Territoriale di Como Risk Management System 9 Monitoring Analyzing Planning Executing Risks are considered at two levels: • Global Risk: That affects the whole or parts of an environment. (e.g. Gas Leak Scenario) • Personal: That affects individuals and has a potential to cause global risk. (e.g. Mark’s Scenario) • The Personal Risk Level (PRL):
Polo Territoriale di Como The Access Control Model 10 The security model is based on Attribute Based Access Control (ABAC) including the following components: • Subjects: this abstracts a user, an application, or a process wanting to perform an operation on a resource/object: • Administrative Subjects: Their main responsibility is to assign the Subject, Object, and Environment Attributes • In Domain Subjects: are active subjects that need permissions to access different kind of resources, and are in charge in the organization, with some kind of an organizational role. (e.g. Security Staff, etc.) • Out Domain Subjects: are the Subjects that are outside the organizational hierarchy. In our scenario, they can be travelers or the first responders in an airport area.
Polo Territoriale di Como The Access Control Model 11 In Domain Subjects: These subjects can hold many attributes (Subject Attributes –SA) grouped as follows:
Polo Territoriale di Como The Access Control Model 12 • Objects: abstract resources that a subject can access or act on. • Environment: this component models the environment (i.e., the airport) with its dynamic conditions, which affect the security decisions. • Privileges: the operations that a Subject requests to perform on an Object. They can be actions such as read, write, and update, activities, such as trigger (for alarms), close (for doors and gas pipes), zoom in (for a camera), enter (for a section of the Environment) and so on. • Request: A request is defined as the result of the application of an evaluate function as follows: The results of this evaluation can be Permit, Deny and Not applicable.
Polo Territoriale di Como The Access Control Model 1 The access control and risk components, in a class diagram.
Polo Territoriale di Como The Access Control Model 14 To dynamically adapt the access control model to risk situations, two different methods are considered using Event- Condition-Action (ECA) rules. • Activating/Deactivating Access Control Rules: this is done by considering set of access rules as an access control domain (acd ∈ ACD). Access control domains are statically defined by Administrative Subjects, but are activated and deactivated at run-time to adapt the access control model to risk situations. • Dynamically Changing Subject/Object/Environment Attributes: Necessary changes are made in the attributes of Subjects, Objects, and the Environment to allow the successful execution of the RMS strategies.
Polo Territoriale di Como The Access Control Model The XACML Architecture is extended to support the risk-aware adaptivity in the access control. 1
Polo Territoriale di Como The Access Control Model 16 Examples: • Activating/Deactivating Access Control Rules: • Dynamically Changing Subject/Object/Environment Attributes: Changing an Subject’s attribute to allow rescue teams to localize them.
Polo Territoriale di Como • Considering risks as recognized by a Risk Management System based on monitoring data about the environment, this paper has presented an access control model, which is adaptive to risks. • To facilitate the adaptivity we employed the concept of ECA to dynamically change the security rules and make changes in attributes of the security model components. • As future work, we are working towards formalizing this model using Event Calculus and Impalement it as an addition to our RMS tool [2]. Conclusion and Future Work 1 [2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation," Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012.
Polo Territoriale di Como18 THANK YOU!

Recomendados

Risk and Safety in Work Environments
Risk and Safety in Work EnvironmentsRisk and Safety in Work Environments
Risk and Safety in Work EnvironmentsMahsa Teimourikia
 
Access Control Management
Access Control ManagementAccess Control Management
Access Control ManagementConferencias FIST
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsBharath Rao
 
Access Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationAccess Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationMark Niebergall
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerProlifics
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access ControlChandra Sharma
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBACAjit Dadresa
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 

Recomendados

Risk and Safety in Work Environments
Risk and Safety in Work EnvironmentsRisk and Safety in Work Environments
Risk and Safety in Work EnvironmentsMahsa Teimourikia
 
Access Control Management
Access Control ManagementAccess Control Management
Access Control ManagementConferencias FIST
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsBharath Rao
 
Access Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationAccess Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationMark Niebergall
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerProlifics
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access ControlChandra Sharma
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBACAjit Dadresa
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Risks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsRisks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsMahsa Teimourikia
 
Adaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataAdaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataMahsa Teimourikia
 
Dynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeDynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeMahsa Teimourikia
 
PERICLES workshop (IDCC 2016) - Appraisal
PERICLES workshop (IDCC 2016) - AppraisalPERICLES workshop (IDCC 2016) - Appraisal
PERICLES workshop (IDCC 2016) - AppraisalPERICLES_FP7
 
RAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with SecurityRAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with SecurityMahsa Teimourikia
 
Cognition
CognitionCognition
CognitionAbhishek Kumar
 
Crisis management & situational awareness system in smart Cities
Crisis management & situational awareness system in smart CitiesCrisis management & situational awareness system in smart Cities
Crisis management & situational awareness system in smart CitiesGAURAV. H .TANDON
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comphanleson
 
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...ijcseit
 
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNINGPLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNINGCSEIJJournal
 
Dynamic responsibilities assignment in critical electronic institutions
Dynamic responsibilities assignment in critical electronic institutionsDynamic responsibilities assignment in critical electronic institutions
Dynamic responsibilities assignment in critical electronic institutionsLuxembourg Institute of Science and Technology
 
Aviation Training, Safety Management System
Aviation Training, Safety Management SystemAviation Training, Safety Management System
Aviation Training, Safety Management Systempghclearingsolutions
 
disaster drill
disaster drilldisaster drill
disaster drillHaseenaNaz2
 
Kost for china-2011
Kost for china-2011Kost for china-2011
Kost for china-2011Mathmodels Net
 
D12 1 risk assessment_final-web
D12 1 risk assessment_final-webD12 1 risk assessment_final-web
D12 1 risk assessment_final-webDir Jan
 
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk AnalysisSession B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk AnalysisProject Controls Expo
 
Exploration exploitation trade off in mobile context-aware recommender systems
Exploration exploitation trade off in mobile context-aware recommender systemsExploration exploitation trade off in mobile context-aware recommender systems
Exploration exploitation trade off in mobile context-aware recommender systemsBouneffouf Djallel
 
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and IdentUnit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and Identcorbing9ttj
 
M1-1-SMS_Aerodrome_Hazard Identfication.pdf
M1-1-SMS_Aerodrome_Hazard Identfication.pdfM1-1-SMS_Aerodrome_Hazard Identfication.pdf
M1-1-SMS_Aerodrome_Hazard Identfication.pdfGSEProject
 
Ir s 1_2_1_kovacs
Ir s 1_2_1_kovacsIr s 1_2_1_kovacs
Ir s 1_2_1_kovacsStefan Kovacs
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Más contenido relacionado

Similar a Access Control Privileges Management for Risk Areas

Risks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsRisks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsMahsa Teimourikia
 
Adaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataAdaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataMahsa Teimourikia
 
Dynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeDynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeMahsa Teimourikia
 
PERICLES workshop (IDCC 2016) - Appraisal
PERICLES workshop (IDCC 2016) - AppraisalPERICLES workshop (IDCC 2016) - Appraisal
PERICLES workshop (IDCC 2016) - AppraisalPERICLES_FP7
 
RAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with SecurityRAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with SecurityMahsa Teimourikia
 
Crisis management & situational awareness system in smart Cities
Crisis management & situational awareness system in smart CitiesCrisis management & situational awareness system in smart Cities
Crisis management & situational awareness system in smart CitiesGAURAV. H .TANDON
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comphanleson
 
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...ijcseit
 
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNINGPLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNINGCSEIJJournal
 
Aviation Training, Safety Management System
Aviation Training, Safety Management SystemAviation Training, Safety Management System
Aviation Training, Safety Management Systempghclearingsolutions
 
D12 1 risk assessment_final-web
D12 1 risk assessment_final-webD12 1 risk assessment_final-web
D12 1 risk assessment_final-webDir Jan
 
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk AnalysisSession B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk AnalysisProject Controls Expo
 
Exploration exploitation trade off in mobile context-aware recommender systems
Exploration exploitation trade off in mobile context-aware recommender systemsExploration exploitation trade off in mobile context-aware recommender systems
Exploration exploitation trade off in mobile context-aware recommender systemsBouneffouf Djallel
 
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and IdentUnit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and Identcorbing9ttj
 
M1-1-SMS_Aerodrome_Hazard Identfication.pdf
M1-1-SMS_Aerodrome_Hazard Identfication.pdfM1-1-SMS_Aerodrome_Hazard Identfication.pdf
M1-1-SMS_Aerodrome_Hazard Identfication.pdfGSEProject
 

Similar a Access Control Privileges Management for Risk Areas (20)

Risks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsRisks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access Controls
 
Adaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataAdaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial Data
 
Dynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeDynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental Knowledge
 
PERICLES workshop (IDCC 2016) - Appraisal
PERICLES workshop (IDCC 2016) - AppraisalPERICLES workshop (IDCC 2016) - Appraisal
PERICLES workshop (IDCC 2016) - Appraisal
 
RAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with SecurityRAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with Security
 
Cognition
CognitionCognition
Cognition
 
Crisis management & situational awareness system in smart Cities
Crisis management & situational awareness system in smart CitiesCrisis management & situational awareness system in smart Cities
Crisis management & situational awareness system in smart Cities
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.com
 
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
 
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNINGPLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
 
Dynamic responsibilities assignment in critical electronic institutions
Dynamic responsibilities assignment in critical electronic institutionsDynamic responsibilities assignment in critical electronic institutions
Dynamic responsibilities assignment in critical electronic institutions
 
Aviation Training, Safety Management System
Aviation Training, Safety Management SystemAviation Training, Safety Management System
Aviation Training, Safety Management System
 
disaster drill
disaster drilldisaster drill
disaster drill
 
Kost for china-2011
Kost for china-2011Kost for china-2011
Kost for china-2011
 
D12 1 risk assessment_final-web
D12 1 risk assessment_final-webD12 1 risk assessment_final-web
D12 1 risk assessment_final-web
 
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk AnalysisSession B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
 
Exploration exploitation trade off in mobile context-aware recommender systems
Exploration exploitation trade off in mobile context-aware recommender systemsExploration exploitation trade off in mobile context-aware recommender systems
Exploration exploitation trade off in mobile context-aware recommender systems
 
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and IdentUnit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
 
M1-1-SMS_Aerodrome_Hazard Identfication.pdf
M1-1-SMS_Aerodrome_Hazard Identfication.pdfM1-1-SMS_Aerodrome_Hazard Identfication.pdf
M1-1-SMS_Aerodrome_Hazard Identfication.pdf
 
Ir s 1_2_1_kovacs
Ir s 1_2_1_kovacsIr s 1_2_1_kovacs
Ir s 1_2_1_kovacs
 

Último

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Último (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Access Control Privileges Management for Risk Areas

  • 1. ACCESS CONTROL PRIVILEGES MANAGEMENT FOR RISK AREAS Mariagrazia Fugini1, and Mahsa Teimourikia2 Politecnico di Milano 1mariagrazia.fugini@polimi.it, 2mahsa.teimourikia@polimi.it October 16, 2014
  • 2. Polo Territoriale di Como Outline 2 Objectives Scope Motivations Preliminaries The Risk Management System The Risk-Adaptive Access Control Conclusions
  • 3. Polo Territoriale di Como Objective this research tackles the problem of flexibility and dynamicity of access control models with regards to the environment conditions and risks that endangers the security, privacy and safety of the civilians, resources and structures. Dynamic and Adaptive Access Control Environment Users Resources Security Safety Risk & Emergency Privacy 3
  • 4. Polo Territoriale di Como Security: Access Control Models and Policies, Physical Resources and Data, Attributes and Conditions of Users, Resources and the Environment, etc. Risk: Risk In the Environment, User- Centered Approach, Proactive and Reactive Risk Treatment, Distinction between risks and emergencies, etc. Scope Adaptive and Risk Aware Access Control 4
  • 5. Polo Territoriale di Como Motivation 5 • In environmental risk management, providing security for people and various resources dynamically, according what happens in the environment is an open issue. • In monitored environments, where risks can be acknowledged via sensors and spatial data technologies, security rules, in particular access control rules, should be made adaptive to the situation at hand at run time. The JASON Report [1] points out the inflexibility of current access control (AC) models that can be a major limitation when dealing with dynamic and unpredictable environments. [1] Horizontal integration: Broader access models for realizing information dominance.Technical report, TheMITRE Corporation, JASON Program Office, Mclean, Virginia, 2004. [2] K. Smith, Environmental hazards: assessing risk and reducing disaster, Routledge, 2013.
  • 6. Polo Territoriale di Como Preliminaries 6 • Risk: hazards and abnormalities recognized in an environment that indicate a threat to the infrastructures and/or the civilians (e.g., If sensors indicate gas leak, there is a risk of fire and explosion.). Risks can be avoided via preventive strategies (e.g. closing the gas flow). Risks contain attributes like Type, IntensityLevel, and Location. • Emergency: When the Risk intensity is higher than a threshold, it is considered as an emergency that needs immediate interventions and corrective strategies. (e.g. if the gas leak is very heavy it can indicate an emergency situation where an explosion is going to happen (or have already happened).
  • 7. Polo Territoriale di Como The Scenario 7 Environment: Airport Users: In-domain Users (e.g. Airport Staff), Out-domain Users (e.g. passengers, first responders). Resources: Data and physical resources
  • 8. Polo Territoriale di Como The Risk Management System (RMS) 8 The RMS [3] receives the inputs from sensors and monitoring devices, recognizes the risks and emergencies in the environment, and monitors the data received about the emergencies and disasters that have happened in nearby areas and produces a Risk Map and preventive or corrective Strategies accordingly. [2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation," Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012.
  • 9. Polo Territoriale di Como Risk Management System 9 Monitoring Analyzing Planning Executing Risks are considered at two levels: • Global Risk: That affects the whole or parts of an environment. (e.g. Gas Leak Scenario) • Personal: That affects individuals and has a potential to cause global risk. (e.g. Mark’s Scenario) • The Personal Risk Level (PRL):
  • 10. Polo Territoriale di Como The Access Control Model 10 The security model is based on Attribute Based Access Control (ABAC) including the following components: • Subjects: this abstracts a user, an application, or a process wanting to perform an operation on a resource/object: • Administrative Subjects: Their main responsibility is to assign the Subject, Object, and Environment Attributes • In Domain Subjects: are active subjects that need permissions to access different kind of resources, and are in charge in the organization, with some kind of an organizational role. (e.g. Security Staff, etc.) • Out Domain Subjects: are the Subjects that are outside the organizational hierarchy. In our scenario, they can be travelers or the first responders in an airport area.
  • 11. Polo Territoriale di Como The Access Control Model 11 In Domain Subjects: These subjects can hold many attributes (Subject Attributes –SA) grouped as follows:
  • 12. Polo Territoriale di Como The Access Control Model 12 • Objects: abstract resources that a subject can access or act on. • Environment: this component models the environment (i.e., the airport) with its dynamic conditions, which affect the security decisions. • Privileges: the operations that a Subject requests to perform on an Object. They can be actions such as read, write, and update, activities, such as trigger (for alarms), close (for doors and gas pipes), zoom in (for a camera), enter (for a section of the Environment) and so on. • Request: A request is defined as the result of the application of an evaluate function as follows: The results of this evaluation can be Permit, Deny and Not applicable.
  • 13. Polo Territoriale di Como The Access Control Model 1 The access control and risk components, in a class diagram.
  • 14. Polo Territoriale di Como The Access Control Model 14 To dynamically adapt the access control model to risk situations, two different methods are considered using Event- Condition-Action (ECA) rules. • Activating/Deactivating Access Control Rules: this is done by considering set of access rules as an access control domain (acd ∈ ACD). Access control domains are statically defined by Administrative Subjects, but are activated and deactivated at run-time to adapt the access control model to risk situations. • Dynamically Changing Subject/Object/Environment Attributes: Necessary changes are made in the attributes of Subjects, Objects, and the Environment to allow the successful execution of the RMS strategies.
  • 15. Polo Territoriale di Como The Access Control Model The XACML Architecture is extended to support the risk-aware adaptivity in the access control. 1
  • 16. Polo Territoriale di Como The Access Control Model 16 Examples: • Activating/Deactivating Access Control Rules: • Dynamically Changing Subject/Object/Environment Attributes: Changing an Subject’s attribute to allow rescue teams to localize them.
  • 17. Polo Territoriale di Como • Considering risks as recognized by a Risk Management System based on monitoring data about the environment, this paper has presented an access control model, which is adaptive to risks. • To facilitate the adaptivity we employed the concept of ECA to dynamically change the security rules and make changes in attributes of the security model components. • As future work, we are working towards formalizing this model using Event Calculus and Impalement it as an addition to our RMS tool [2]. Conclusion and Future Work 1 [2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation," Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012.
  • 18. Polo Territoriale di Como18 THANK YOU!