IoT Technologies for Context-Aware Security
0 likes138 views
The document presents the integration of IoT technologies into context-aware security, emphasizing the importance of context in enforcing access control policies. It discusses the granularity gap in access control and introduces sensor-enhanced access control to extend logical access in physical environments. A proof-of-concept prototype illustrates the implementation of a context manager and visibility manager to enforce security policies based on environmental context.
IoT Technologies for Context-Aware Security
- 1. IoT Technologies for Context-Aware Security Christian Damsgaard Jensen Head of Cyber Security Section DTU Compute Technical University of Denmark cdje@dtu.dk http://compute.dtu.dk/~cdje
- 2. 25/10/20182 DTU Compute Technical University of Denmark Visions of IoT
- 3. 25/10/20183 DTU Compute Technical University of Denmark IoT Security
- 4. 25/10/20184 DTU Compute Technical University of Denmark Context is Important Where is my car?
- 5. 25/10/20185 DTU Compute Technical University of Denmark Context is Important Who Should Have Access to Patient Data?
- 6. 25/10/20186 DTU Compute Technical University of Denmark Context is Important How do You Keep a Secret Here? Source: http://workdesign.com/2016/06/open-offices-bug-industry-news/
- 7. 25/10/20187 DTU Compute Technical University of Denmark Enforcing Computer Security Policies • Security enforced by logical and physical security mechanisms • Granularity of security mechanisms – Logical Security is fine-grained (individual records/files/…) – Physical Security is coarse-grained (buildings/rooms/…) • Computer Security Mechansms – Restricted to consider the state of computer system entities • Human users are not directly part of computer systems • Data must be rendered physically to be consumed by users – Displayed on monitor, printed, played on speakers • Access to rendered data is constrained by physical security – Confidentiality by restricting access to output devices – Integrity by restricting access to input devices
- 8. 25/10/20188 DTU Compute Technical University of Denmark Access Control in Practise Reference Monitor UID PID UID PID UID PID UID PID Enforcement of Logical Access Control Policy Trust
- 9. 25/10/20189 DTU Compute Technical University of Denmark The Granularity Gap in Acces Control • Granularity of physical access control (room, floor, building, …) – Defines the context for logical access control – Granularity of physical security dominates • min(physical, logical) = physical • Trust in subject fills the granularity gap
- 10. 25/10/201810 DTU Compute Technical University of Denmark Sensor Enhanced Access Control • Motivation – To extend logical access control with context awareness – Allows logical access control to be enforced in the physical env. • Defines two models – Logical access control • In principle any access control mechanism • Mandatory access control mechanisms are natural candidates – Environmental access control • Establish the context of subjects and objects • Defines authorization zones for location based services – Visibility zones for output devices (monitors, printers, …) • Enforces logical access control policy in authorization zones – Continuous enforcement based on context
- 11. 25/10/201811 DTU Compute Technical University of Denmark SEAC Motivation
- 12. 25/10/201812 DTU Compute Technical University of Denmark SEAC Prototype Architecture Context Manager Visibility Manager Process Person User space Kernel space Sensors Window Reference Monitor Files View Event Notification Draw Graphics Modify Visibility Read/Write
- 13. 25/10/201813 DTU Compute Technical University of Denmark Summary • Security depends on context in which decisions are made – Context is defined by context attributes • Access control policies should encode contextual constraints – User attributes • Security clearance, treating physician, assigned case worker, … – Object attributes • Security classification, geriatric patient, unemployed, … – Environmental attributes • Alert state (DEFCON), hospital ward, home visit, … • Access Control Mechanisms should enforce such policies
- 14. 25/10/201814 DTU Compute Technical University of Denmark Extra Slides
- 15. 25/10/201815 DTU Compute Technical University of Denmark Internet of Things • Embedding sensors, actuators & computing capabilities in env. – Sensors establishes current context – Actuators adapts “environment” to the need of the users • Environment may include computer equipment, monitors, etc. – Computing capabilities implement smart behaviour • Context aware applications, location based services, … • Acting on IoT (Ambient Intelligence) may provide environmental context to the logical access control mechanism – Sensors allow the system to establish location of human users – Computing capabilities may determine context of human users – Actuators will not be used by security mechanism, but logical access controls may be considered some form of “actuators”
- 16. 25/10/201816 DTU Compute Technical University of Denmark Role Based Access Control • Permissions are based on the role(s) a user is assuming • Several users have similar privileges • Limitations: – Role explosion – Permissions refer explicitly to objects identifiers – Not expressive enough for contextual information
- 17. 25/10/201817 DTU Compute Technical University of Denmark AERBAC Attribute Enhances Role-Based Access Control
- 18. 25/10/201818 DTU Compute Technical University of Denmark SEAC Prototype Implementation • Proof of concept prototype developed for standard Linux system • Simple mandatory access control model (based on Bell & LaPadula) – Simple security property (no read up) – *-property (no write down) – not implemented in prototype • Security Labelled file system (and open file monitor) – Associates security labels with all files + processes that open files – Implements logical access control • Context Manager – Derives context from sensors • Issues events when users enter/leave visibility zone • Visibility manager – Subscribes to events from context manage – Maps/unmaps X-windows based on subject clearances • Considers all persons in the visibility zone (minimum rule)
- 19. 25/10/201819 DTU Compute Technical University of Denmark SEAC Summary • Logical access controls are not enforced in the real world – Who has access to physical representation of logical object? • SEAC extends existing logical access control with context – Environmental access control enforces logical AC in the real world • Environmental access control policies – Multiple subjects and continuity of enforcement – Policy specification requires an aggregated subject (new challenge) • Simple minimum rule, relative importance rule, … – Policy specification requires context definition (new challenge) • Confidentiality rule, integrity rule, … – Allows community access control policies (new opportunity) • Simple separation of duty – Two (authorised) people present to pay a bill • Declassification of sensitive information – Two (authorised) people are needed to declassify information