Adaptive Security for Risk Management Using Spatial Data

Adaptive Security for Risk Management Using
Spatial Data
Mariagrazia Fugini1
, George Hadjichristofi2,
,and Mahsa Teimourikia3
1,3
Politecnico di Milano, 2
Frederick University
1
mariagrazia.fugini@polimi.it, 2
com.hg@frederick.ac.cy,
3
mahsa.teimourikia@polimi.it September 2014

Polo Territoriale di Como
Outlines
2
• Motivation
• Objectives
• Preliminaries
• Methodology:
• Components of the Security Model
• Adaptivity of the Security Model due to risks
• Conclusion and Future Work

Motivation
3
[1] K. Smith, Environmental hazards: assessing risk and reducing disaster, Routledge, 2013.
• In environmental risk management, providing
security for people and various resources
dynamically, according what happens in the
environment is an open issue [1].
• In monitored environments, where risks can be
acknowledged via sensors and spatial data
technologies, security rules, in particular access
control rules, should be made adaptive to the
situation at hand at run time.

Objectives
4
• This paper presents the design principles for adaptive
security for areas where changing conditions trigger
events signaling risks that might require modifying
authorizations of risk management teams.
• Spatial resources and information of the areas to be
protected are considered in sample scenarios, and
principles of security design are introduced building on
ABAC (Attribute Based Access Control) [2].
• Adaptivity of security rules applying to subjects who
intervene in the risk area is the core of our security
model so as to make it responsive to risks by
dynamically granting privileges to subjects to access
resources.
[2] Hu, V. C., et al. “Guide to Attribute Based Access Control (ABAC) Definition and
Considerations.” NIST Special Publication 800 (2014): 162

Preliminaries
5
• Risk: hazards and abnormalities recognized in an
environment that indicate a threat to the infrastructures
and/or the civilians (e.g., If sensors indicate gas leak,
there is a risk of fire and explosion.). Risks can be
avoided via preventive strategies (e.g. closing the gas
flow). Risks contain attributes like Type, IntensityLevel,
and Location.
• Emergency: When the Risk intensity is higher than a
threshold, it is considered as an emergency that needs
immediate interventions and corrective strategies. (e.g.
if the gas leak is very heavy it can indicate an emergency
situation where an explosion is going to happen (or have
already happened).

A Scenario
• Considering an smart environment (i.e. an airport), in
which the objects, people and the environment itself are
monitored using sensors, and monitoring devices such
as surveillance cameras, check points, wearable devices,
and etc.
• We consider the subjects that intervene for
Risk/Emergency Treatment:
• Security and Risk Manager
• Surveillance Personnel
• Security Staff
6

Security Modeling for Risk Treatment
• The security model is based on ABAC including the
following components:
Subjects: this abstracts a user, an application, or a process
wanting to perform an operation on a resource/object. A
subject can hold many attributes in these three
categories: General Attributes, Geo Attributes, Security
Attributes.
Objects: abstract resources that a subject can access or act
on. Objects hold three groups of attributes: General
Attributes, Geo Attributes, Security Attributes.
Environment: this component models the environment
(i.e., the airport) with its dynamic conditions, which
affect the security decisions.
7

Actions and Activities: these are operations that can be
executed by subjects on objects in a given context
including Simple operations (actions)(e.g. read, write,
etc.) and complex operations, called activities, which
combine simple actions to model a task, a processor or a
physical action. (e.g. “Redirect the airplane to another
runway”).
Contexts: this component indicates a set of security rules,
which are valid in a certain situation based on dynamic
changes in the environment, including occurrence of
risks.
8

Risk and Emergency: The monitored environment
conditions, which change dynamically, can cause the
occurrence of some risks/emergencies. A risky situation
is recognized based on parameters such as: type, level,
and location determining how to adapt security rules to
handle it.
Events: Changes in the environment monitored conditions,
trigger events that in turn activate/deactivate contexts
that modify the security rules. Or cause changes in the
subject/object attributes.
9

Adaptivity
We have adopted the
Event-Condition-
Action (ECA)
paradigm to manage
adaptivity of the
access control
system
Two methods used to dynamically permit subjects accessing
the needed objects in case of a risk or emergency:
•By dynamically changing the Subject/Object/Environment
attributes
•By dynamically activating or deactivating Contexts that
contain the policies to be applied in a certain situation.
10

Adaptivity
ECA (Event-Condition-Action): An Example
In a case that a “fire” Event is reported as an Risk of Type “explosion”
and with a “high” Intensity Level, and when the office hours have
passed, and people are present in the affected area, the following actions
are taken to dynamically adapt the Access Control System:
•The Risk Context is activated
•The Flight Context is Deactivated
•The level of security clearance of the Risk Manager is increased.
•The Time Restriction is removed from the objects that have such a
restriction on access.
11

Using XACML for Defining Policies
12
• The XACML [3] is used as the policy language for the
access control model:
• The XML Schema for Subject/Objects and the
Environment are defined to be used in XACML
• XACML <Rule> concept is used to represent our
security rules, <Policy> to represent the contexts that
are a collection of security rules and the <PolicySet>
to represent the active contexts at each moment.
• The XACML rule and policy combining rules are used
to avoid conflicts between rules.
[3] Rissanen, E. “Extensible Access Control Markup Language (XACML) Version 3.0.” Retrieved
August 7 (2013): 2013

A Sample of A Subject XAML schema
12
Here is a simplified example of a subject XML schema to
be used with XACML

Including Adaptive Risk Treatment In XACML
The adaptivity that
was explained before
is included in the
XACML Architecture
as shown in the figure
14

Conclusions
• This paper presented adaptive security
modeling motivated by the need for smart
environments to dynamically authorize actors
in facing risks.
• The Access Control model was developed on the
ABAC model and with use of XACML policy
language.
• The adaptivity is introduced using the ECA
paradigm, that dynamically changes the
Subject/Object/Environment attributes, and
activates/deactivates contexts based on risks
and emergencies that are detected in the
environment
15

Future Works
• As future work, we intend to focus on the topics of:
• binding environmental and spatial information,
• on the dynamics of assigning authoritative roles to
administrators,
• and on ways to handle conflicting Context switching.
• We are working towards inclusion of this security
model in the Risk Management Tool simulator
developed for risk management and described in [4],
based on Matlab and on a web application deployment
environment.
[4] M. Fugini, C. Raibulet and L. Ubezio, "Risk assessment in work environments: modeling
and simulation.," Concurrency and computation: Practice and experience, vol. 24, no. 18,
pp. 2381-2403, 2012.
16

Thank You
17

Adaptive Security for Risk Management Using Spatial Data

More Related Content

Viewers also liked (20)

Similar to Adaptive Security for Risk Management Using Spatial Data (20)

Recently uploaded (20)

Adaptive Security for Risk Management Using Spatial Data