This presentation presents adaptive access control for areas where risks require modifying authorizations dynamically at run time to enlarge and/or restrict privileges for risk rescue teams. Resources, which have a spatial description, as well as data elements of the areas to be protected, are considered. Based on a risk scenario, principles of access control based on the ABAC (Attribute Based Access Control) model for Subjects and Objects are given. Adaptivity of access control rules apply to subjects who intervene in the risk area and who require enlarged privileges to access to resources. The Access Control Domain concept models the policies of adaptive changes to Subject/Object attributes to face the crisis events. Events have a spatial description to enable managing the crisis according to where the event has occurred, since the same event can have different impacts on the environment depending on where it happens.
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Access Control Privileges Management for Risk Areas
1. ACCESS CONTROL PRIVILEGES MANAGEMENT
FOR RISK AREAS
Mariagrazia Fugini1, and Mahsa Teimourikia2
Politecnico di Milano
1mariagrazia.fugini@polimi.it, 2mahsa.teimourikia@polimi.it
October 16, 2014
2. Polo Territoriale di Como
Outline
2
Objectives
Scope
Motivations
Preliminaries
The Risk Management System
The Risk-Adaptive Access Control
Conclusions
3. Polo Territoriale di Como
Objective
this research tackles the problem of flexibility and dynamicity of access
control models with regards to the environment conditions and risks that
endangers the security, privacy and safety of the civilians, resources and
structures.
Dynamic and Adaptive Access
Control
Environment
Users
Resources
Security
Safety
Risk & Emergency
Privacy
3
4. Polo Territoriale di Como
Security:
Access Control
Models and Policies,
Physical Resources
and Data, Attributes
and Conditions of
Users, Resources and
the Environment, etc.
Risk:
Risk In the
Environment, User-
Centered Approach,
Proactive and
Reactive Risk
Treatment,
Distinction between
risks and
emergencies, etc.
Scope
Adaptive and Risk Aware
Access Control
4
5. Polo Territoriale di Como
Motivation
5
• In environmental risk management,
providing security for people and various
resources dynamically, according what
happens in the environment is an open
issue.
• In monitored environments, where risks
can be acknowledged via sensors and
spatial data technologies, security rules,
in particular access control rules, should
be made adaptive to the situation at hand
at run time.
The JASON Report [1] points out
the inflexibility of current access
control (AC) models that can be
a major limitation when dealing
with dynamic and unpredictable
environments.
[1] Horizontal integration: Broader access models for realizing information dominance.Technical
report, TheMITRE Corporation, JASON Program Office, Mclean, Virginia, 2004.
[2] K. Smith, Environmental hazards: assessing risk and reducing disaster, Routledge, 2013.
6. Polo Territoriale di Como
Preliminaries
6
• Risk: hazards and abnormalities recognized in an
environment that indicate a threat to the
infrastructures and/or the civilians (e.g., If sensors
indicate gas leak, there is a risk of fire and explosion.).
Risks can be avoided via preventive strategies (e.g.
closing the gas flow). Risks contain attributes like Type,
IntensityLevel, and Location.
• Emergency: When the Risk intensity is higher than a
threshold, it is considered as an emergency that needs
immediate interventions and corrective strategies. (e.g.
if the gas leak is very heavy it can indicate an emergency
situation where an explosion is going to happen (or have
already happened).
7. Polo Territoriale di Como
The Scenario
7
Environment: Airport
Users: In-domain Users (e.g. Airport Staff), Out-domain Users (e.g. passengers,
first responders).
Resources: Data and physical resources
8. Polo Territoriale di Como
The Risk Management System (RMS)
8
The RMS [3] receives the inputs from sensors and monitoring devices,
recognizes the risks and emergencies in the environment, and monitors
the data received about the emergencies and disasters that have
happened in nearby areas and produces a Risk Map and preventive or
corrective Strategies accordingly.
[2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation,"
Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012.
9. Polo Territoriale di Como
Risk Management System
9
Monitoring Analyzing Planning Executing
Risks are considered at two levels:
• Global Risk: That affects the whole or parts of an
environment. (e.g. Gas Leak Scenario)
• Personal: That affects individuals and has a potential to
cause global risk. (e.g. Mark’s Scenario)
• The Personal Risk Level (PRL):
10. Polo Territoriale di Como
The Access Control Model
10
The security model is based on Attribute Based Access Control
(ABAC) including the following components:
• Subjects: this abstracts a user, an application, or a process
wanting to perform an operation on a resource/object:
• Administrative Subjects: Their main responsibility is to
assign the Subject, Object, and Environment Attributes
• In Domain Subjects: are active subjects that need
permissions to access different kind of resources, and are
in charge in the organization, with some kind of an
organizational role. (e.g. Security Staff, etc.)
• Out Domain Subjects: are the Subjects that are outside
the organizational hierarchy. In our scenario, they can be
travelers or the first responders in an airport area.
11. Polo Territoriale di Como
The Access Control Model
11
In Domain Subjects: These subjects can hold many attributes
(Subject Attributes –SA) grouped as follows:
12. Polo Territoriale di Como
The Access Control Model
12
• Objects: abstract resources that a subject can access or act
on.
• Environment: this component models the environment (i.e.,
the airport) with its dynamic conditions, which affect the
security decisions.
• Privileges: the operations that a Subject requests to perform
on an Object. They can be actions such as read, write, and
update, activities, such as trigger (for alarms), close (for
doors and gas pipes), zoom in (for a camera), enter (for a
section of the Environment) and so on.
• Request: A request is defined as the result of the application
of an evaluate function as follows:
The results of this evaluation can be Permit, Deny and Not
applicable.
13. Polo Territoriale di Como
The Access Control Model
1
The access control and risk
components, in a class
diagram.
14. Polo Territoriale di Como
The Access Control Model
14
To dynamically adapt the access control model to risk
situations, two different methods are considered using Event-
Condition-Action (ECA) rules.
• Activating/Deactivating Access Control Rules: this is done
by considering set of access rules as an access control domain
(acd ∈ ACD). Access control domains are statically defined by
Administrative Subjects, but are activated and deactivated at
run-time to adapt the access control model to risk situations.
• Dynamically Changing Subject/Object/Environment
Attributes: Necessary changes are made in the attributes of
Subjects, Objects, and the Environment to allow the
successful execution of the RMS strategies.
15. Polo Territoriale di Como
The Access Control Model
The XACML
Architecture is
extended to support
the risk-aware
adaptivity in the access
control.
1
16. Polo Territoriale di Como
The Access Control Model
16
Examples:
• Activating/Deactivating Access Control Rules:
• Dynamically Changing Subject/Object/Environment
Attributes: Changing an Subject’s attribute to allow rescue
teams to localize them.
17. Polo Territoriale di Como
• Considering risks as recognized by a Risk Management
System based on monitoring data about the
environment, this paper has presented an access control
model, which is adaptive to risks.
• To facilitate the adaptivity we employed the concept of
ECA to dynamically change the security rules and make
changes in attributes of the security model components.
• As future work, we are working towards formalizing this
model using Event Calculus and Impalement it as an
addition to our RMS tool [2].
Conclusion and Future Work
1
[2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation,"
Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012.