A Context-Risk-Aware Access Control Model for Pervasive Environments
21
The University of Manchester A Context-Risk-Aware Access Control Model for Pervasive Environments Ali Ahmed, Ning Zhang {ahmeda, nzhang}@cs.man.ac.uk School of Computer Science, University of Manchester, UK
-
Upload
independent -
Category
Documents
-
view
1 -
download
0
Transcript of A Context-Risk-Aware Access Control Model for Pervasive Environments
The
Univ
ersi
ty
of M
anch
este
r A Context-Risk-Aware Access Control Model for Pervasive Environments
Ali Ahmed, Ning Zhang{ahmeda, nzhang}@cs.man.ac.uk
School of Computer Science, University of Manchester, UK
The
Univ
ersi
ty
of M
anch
este
r Pervasive Computing
Smart“Context-Aware”
What about tomorrow?
Pervasive Computing new Era Calm/Seamless Invisible Everywhere Heterogeneity
Augmented Reality
Adaptation Services
The
Univ
ersi
ty
of M
anch
este
r Access Control
PermissionsRoleUser User-RoleAssignment
Role-PermissionsAssignment
Sample Policy:<Target> <Subject> <”Pop”/> </Subject> <Role> <”Staff”/> </Role></Target>
Sample Policy:<Target> <Role> <”Staff”/> </Role> <Resource> <"srv.config"> </Resource> <AccessMode> <{"Read”, ”Write”}/> </AccessMode></Target>
Basic RBAC Model
Can RBAC fit into such environment?
The
Univ
ersi
ty
of M
anch
este
r Dynamic Access Control (RBAC-based)
PermissionsRoleUser
ContextInformation
User-RoleAssignment
Role-PermissionsAssignment
Cons
trai
nts
Cons
trai
nts
RBAC-Based Context-Aware AC Solutions (see paper for more details)
Sample Policy:<Target> <Subject> <”Pop”/> </Subject> <LocCXT> Loc1 </LocCXT> <TimeCXT> WHours </TimeCXT> <Role> <”Staff”/> </Role></Target>
Sample Policy:<Target> <Role> <”Staff”/> </Role> <Resource> <"srv.config"> </Resource> <DevCXT> DCAT1 </DevCXT> <AccessMode> <{"Read”, ”Write”}/> </AccessMode></Target>
The
Univ
ersi
ty
of M
anch
este
r Dynamic Access Control (RBAC-based)
PermissionsRoleUser
ContextInformation
User-RoleAssignment
Role-PermissionsAssignment
Cons
trai
nts
Cons
trai
nts
Sample Policy:<Target> <Subject> <”Pop”/> </Subject> <LocCXT> Loc1 </LocCXT> <TimeCXT> WHours </TimeCXT> <Role> <”Staff”/> </Role></Target>
Sample Policy:<Target> <Role> <”Staff”/> </Role> <Resource> <"srv.config"> </Resource> <DeviceCXT> DCAT1 </DeviceCXT> <AccessMode> <{"Read”, ”Write”}/> </AccessMode></Target>
RBAC-based Models Major Pitfalls:
Context/Application Dependency
Context CorrelationOverlooking
Objects Sensitivity and RiskOverlooking
Consequences: Limited Generality, Flexibility, Extensibility, and Fine-grainularity AC
RBAC-Based Context-Aware AC Solutions (see paper for more details)
Overlooking
Context Providers Trust
The
Univ
ersi
ty
of M
anch
este
r Approach
PermissionsRoleUser
ContextInformation
User-RoleAssignment
Role-PermissionsAssignment
LoA Constraints LoA Constraints
Context-Risk Aware Access Control
Sample Policy:<Target> <Subject> <”Pop”/> </Subject> <LoA> 0.25 </LoA> <Role> <”Staff”/> </Role></Target>
Sample Policy:<Target> <Role> <”Staff”/> </Role> <Resource> <"srv.config"> </Resource> <LoA> 0.055 </LoA> <AccessMode> <{"Read”, ”Write”}/> </AccessMode></Target>
Risk Assessment & LoA Derivation
2n
1
3Resources
Risk Assessment
The
Univ
ersi
ty
of M
anch
este
r CRAAC Model:How it works
54 27 3
8n
OLoA*1
.......
Resources
Reso
urce
s G
roup
s“S
ensi
tivity
Lev
els”
LocTime
e-Token
AH
CS
LoA
Der
ivat
ion
OLoA*2
OLoA*m
RLoA** OLoAi≥?
Off-line
*: Object Level of Assurance**: Requester's Level of Assurance***: Context-Aware Access Request
16
CAAR***
CRAAC Model:Methodology
(1) Contextual attributes identification.
(2) Investigate, analyse, and define the respective assurance levels for these attributes.
(3) Devise a method that can derive the RLoA value based upon the attributes’ LoA.
The
Univ
ersi
ty
of M
anch
este
r
CRAAC Model:Methodology, Contextual attributes identification
There are a number of factors that can increase the risk of unauthorised access like: Weak authentication protocol/token Less trustworthy access location Repeated authentication and authorisation failures Unprotected communication channels ... etc.
The
Univ
ersi
ty
of M
anch
este
r
CRAAC Model:Methodology, Contextual attributes identification
The eToken types versus their assurance levels have been recommended by NIST [4]
The
Univ
ersi
ty
of M
anch
este
r
Table 1, Token Types Versus LoAeToken [4]
Authentication LoA
CRAAC Model:Methodology, LoA Derivation
Formally, given a set of contextual attributes (A1, A2, …, An) and their associated assurance levels (LoAA1
, LoAA2,...., LoAAn
), then
The
Univ
ersi
ty
of M
anch
este
r
RLoA Aggregation
RLoA= f LoAA1, LoAA2
,... , LoA An (1)
Ranks Vs Ratings
CRAAC Model:Methodology, LoA Derivation
Rank Order Centroids (ROCs)
Weights (Ratings) are derived from a simplex w1 ≥ w2 ≥ .... ≥ wn ≥ 0 restricted to:
The
Univ
ersi
ty
of M
anch
este
r
Ranks to Ratings
(2)
where n is the number of attributes (system cardinality). The vertices of the simplex are e1 = (1, 0, ..., 0), e2 = (1/2, 1/2 0, ..., 0), e3 = (1/3, 1/3, 1/3, 0, ..., 0), ........ en = (1/n, 1/n, ..., 1/n).
In general, the weight of the kth most important attribute is calculated as:
(3)
∑i =1
n
wi=1
∑i=k
n 1i/n
CRAAC Model:Methodology, LoA Derivation
The
Univ
ersi
ty
of M
anch
este
r
What is f ?
What security policy the system runs?
● Strict Security (Weakest-Link principle)● Elevated Security
RLoA Aggregation
(1)RLoA= f LoAA1, LoAA2
,... , LoA An
CRAAC Model:Methodology, LoA Derivation
The
Univ
ersi
ty
of M
anch
este
r
Given: n contextual attributes (A1, A
2, ..., A
n),
each attribute has a confidence LoAAi, Where i {1, n}∈
Assumption: 0 < LoAAi ≤ 1
Then the overall confidence, OC, can be calculated (using probability theory) as [27]:
RLoA Aggregation, f in Elevated Security
(1)
(4)
Leading to:(5)
(6)Obviously:
RLoA= f LoAA1, LoAA2
,... , LoA An
RLoA=1−1−LoAauthN 1−LoA IR1−LoACS
LoAauthN=1−1−LoAeToken1−LoAALoc
OC=1−1−LoAA11−LoAA2
...1−LoAAn
CRAAC Model:Methodology, LoA Derivation
The
Univ
ersi
ty
of M
anch
este
r
RLoA Aggregation, f in Weakest-Link
RLoA= f LoAA1, LoAA2
,... , LoA An (1)
(7)
LoAauthN=1−1−LoAeToken1−LoAALoc
It is worth emphasising that: etoken and ALoc are still in elevated relation and still using equation (6)
RLoA=min LoAauthN , LoAIR , LoACS
Case StudyTh
e Un
iver
sity
of
Man
ches
ter
Case StudyTh
e Un
iver
sity
of
Man
ches
ter
Requesters' Attributes Vs LoA Values
Access History
Case StudyTh
e Un
iver
sity
of
Man
ches
ter
Dynamic Context Change:Alice upgrades her channel security
Requesters' Attributes Vs LoA Values
Access History
Current Progress*
CRAAC Architecture
CRAAC Performance Evaluation
CRAAC Denial of Service Attack Resilience
*: To be submitted to PerCom2010
Conclusion and Future Research
The
Univ
ersi
ty
of M
anch
este
r
CRAAC Model: how to? Context Abstraction LoA and RLoA Derivation
Other CRAAC Configuration Scenarios Evaluation RBAC-only
RLoA-only
LoA-Only
Combine-use
T ha nk Y o u
The
Univ
ersi
ty
of M
anch
este
r
