Add to collection(s) Add to saved
  1. Business
  2. Economics
  3. Microeconomics

Apply Risk to Access Control in Ubiquitous Computing

advertisement 
NGUYEN NGOC DIEP
Master Fellow – uSec Group
Contextual Risk-based
Access Control Mechanism
1
AGENDA
1 – Introduction
2 – Access Control Model
3 – Risk Assessment
4 – Related Work
5 – Conclusion
2
Introduction- Background
 In the new environment, security problems are much
more complex since ubiquitous environment is more
dynamic, more distributed, more invisible and
heterogeneous. Therefore, we need to view
security problems in a new paradigm and explore
them thoroughly under the above effects.
 Information security can be broadly categorized into
three types: confidentiality, integrity and
availability. Access Control is critical to preserve
the confidentiality and integrity of information.
 Autonomous decision-making is an increasingly
popular application for security, including access
control in ubiquitous computing
3
Introduction- Motivation
 Current research about Access Control is mostly
based on the context and role. Some recently
research used trust as the fundamental component.
 Risk Assessment is an effective tool using in
decision-making and is an important factor in
economics, but is not applied well in security,
especially in access control
 Context is not used in an effective way in decision-
making process
4
Introduction- Problem Statement
 Risk
in Access Control in Ubiquitous
Computing Environment is a new problem.
In this work, we will present a contextual
risk-based Access Control model.
 Applying risk assessment to make decisions,
based on context parameters.
5
Access Control Model
Context
Retrieval
Context
values
(time,space,
network
state)
Context
values
actions,
outcomes
Risk
Assessment
Access
Control
Manager
Request
(principle,c
redentials)
Decision
cost,
outcomes
6
Access Control Model
- A request by principle p (user or process) to Access
Control Manager
- Risk Assessment module calculate risk based on the
credentials, sort of actions and the current context
(risk context)
- The risk value is compared with the threshold, then
return the decision
We call the period doing action is session
7
Access Control Model
Factors in the access control model:
• Principle (p): admin, staff, professor, guest
• Set of Actions (a), i.e. : read, write, delete, modify
• Set of Outcomes (o): confidentiality, availability,
integrity
• Set of Context (c): time (night, daytime,…), location
(in-building, in-office, outside), network state
• Consequence function: shows the cost of each
outcome in a specific context
• Risk function: calculates risk of the action in
current context.
8
Risk Assessment
 Definition: “Risk is often evaluated based on the
probability of the threat and the potential impact”
 3 factors: loss of availability, loss of confidentiality
and loss of integrity.
 The parameters:
- Principle context
- Environment context
- Resource context
- List of outcomes of the action
10
Risk Assessment
Multi Factor Evaluation Process:
 In reality, we have many decision-making problems that need




to consider many factors. We can use Multi Factor Evaluation
Process (MFEP)
In MFEP, decision maker subjectively identify important factors
in a given decision situation and assign a weight for each
factor. The weight presents the relative importance of each
factor in making the decision
Secondly, identify alternatives (solutions) available to decision
maker.
Thirdly, factor evaluation: for each alternative, all factors are
evaluated and a weight is assigned to each.
A weighted evaluation is then computed for each alternative as
the sum of product of factors weights and factors evaluations.
11
Risk Assessment
Multi Factor Evaluation Process:
 Step 1: List all factors and give to factor i a value weight Fwi (0
< Fwi < 1). Fwi expresses the important of factor i in
comparative.
 Step 2: Factor Evaluation
With each factor i, we assess solution j by giving it a coefficient
FEij (called evaluation of solution j under factor i)
 Step 3: Total Weighted Evaluation


 choose solution j0 if we have Max TWEj with j =
j0
12
Risk Assessment
MFEP example:
Problems: A graduate student wants to find a work. The
important factors in this situation is salary, position of
office, partners, kind of works, other benefits, … He need
to find a best decision.
-
Solution: Assuming that after considering, he found that 3
most important factors is: Salary, Promotion, Position of office
and the relative importance of each factor is respectively 0.3,
0.6, 0.1. (Table 1)
-
There are 3 companies A, B, C that accepts him. For each
company, he evaluates according to 3 above factors and has
evaluation table (table 2)
13
Risk Assessment
 Step 1:
Factor i
Factor weight Fwi
Salary
0.3
Promotion
0.6
Position of office
0.1
 Step 2: Evaluate FEij
Solution j
A
B
C
Salary
0.7
0.8
0.9
Promotion
0.9
0.7
0.6
Position of office
0.6
0.8
0.9
Factor i
14
Risk Assessment
Step 3: Total Weight Evaluation (TWE)
TWE(A) = 0.3*0.7+0.6*0.9+0.1*0.6 = 0.81
TWE(B) = 0.3*0.8+0.7*0.7+0.1*0.8 = 0.74
TWE(C) = 0.3*0.9+0.6*0.6+0.1*0.9 = 0.72
 choose company A
15
A case study –Access control
management in a hospital
 Access control system to manage accesses to




patient‘s records in a hospital.
Data is stored in database and can be accessed
through remote terminal.
The records can be text, video, image or sound
format and it has some properties
Each member has his role and set of permitted
corresponding actions.
Each action has list of outcomes
16
Outcomes and risk values for each
action
Risk value
Actions
View
record
Outcomes
- Unavailable
- Leaking
information
- Service
corrupted
- Can not do
Modify
record
- Lose
information
- Can not update
- Can not do
Risk context /Probability
Availability
Integrity
Confidentia
lity
- Record too big /f1
- Transaction
session is full /f2
- Data unencrypted /f3
- Connection is not
secured/f4
- Connection is lost /f5
Cost1
Cost2
Cost3
Cost4
Cost5
Cost6
Cost7
Cost8
Cost9
f=1
cost10
0
0
- Connection lost /f6
Cost11
Coss12
Cost13
- Server busy, corrupted /f7
f=1
Cost14
Cost17
Cost15
0
Cost16
0
17
Risk Assessment Definitions
 Action
is an action in set of action A
(available for the principle), i  N
 o ai , j is an outcome in set of outcome O of
action
 lo _ a a , j is cost of outcome j of action in term of
availability
 lo _ i a , j is cost of outcome j of action in term of
integrity
 lo _ c a , j is cost of outcome j of action in term of
confidentiality
 s k is a set of context parameter
 f o ,s is the probability of outcome oa , j in s k
ai
i
i
i
ai , j
k
i
18
Risk Assessment Schema
 Step 1: Identify actions in service, outcomes of each





action
Step 2: Assign weight for each factor availability,
integrity, confidentiality to each action.
Step 3: Specify cost of each outcome in term of
availability, integrity, confidentiality
Step 4: Identify probability of outcome (f), based on
the set of current context and probability of it.
Step 5: We have 2 solutions: Accept or Reject, and
risk value of action in term of availability, integrity and
confidentiality in both 2 solution
Step 6: Apply MFEP with the above parameters and
choose the better solution
19
Risk Assessment (cont) Cost of outcome
 Cost of outcome: is calculated based on context
parameters.
 We calculate the cost in the aspect of availability,
integrity, confidentiality
20
Risk Assessment (cont) Cost of outcome
 For loss of availability:
c _ aoai , j  lo _ aai , j  (  f oai , j , sk )
k
 For loss of integrity:
c _ ioai , j  lo _ iai , j  (  f oai , j ,sk )
 For loss of confidentiality:
k
c _ coa , j  lo _ cai , j  ( f oa , j , sk )
i
k
i
with s k exists if and only if all required context parameters exist.
21
Risk Assessment (cont) Cost of action
 Cost of an action is a total weighted evaluation of all
outcomes of the action
22
Risk Assessment (cont) Cost of action
 For availability:
RV _ Ai  cos t (a i , " availabili ty" )   c _ aoa , j
i
j
 For integrity:
RV _ I i  cos t (a i , " integrity" )   c _ ioa , j
i
j
 For confidentiality:
RV _ Ci  cos t (a i , " confidentiality" )   c _ coa , j
j
i
23
Risk Assessment (cont) Risk value evaluation
 With each service, we consider the importance of
each element (availability, integrity, confidentiality)
different.
 Risk value of an action is defined as a weighted
arithmetic mean of its risk value of availability,
confidentiality and integrity.
w1 RV _ Ai  w2 RV _ I i  w3 RV _ Ci
RV 
w1  w2  w3

where
wi  N , i  1,2,3
and they can be adjusted to a suitable value if more
weight is to be given to a specific metric.
24
A Case Study
Risk value
Actions
View
record
Outcomes
- Unavailable
- Leaking
information
- Service
corrupted
- Can not do
Modify
record
- Lose
information
- Can not update
- Can not do
Risk context /Probability
Availability
Integrity
Confidentia
lity
- Record too big /f1=0.3
- Transaction
session is in peak /f2=0.6
- Data unencrypted /f3=0.6
- Connection is not
secured/f4=0.5
- Connection is lost /f5=0.7
Cost1=5
Cost2=0
Cost3=0
Cost4=0
Cost5=0
Cost6=1
Cost7=5
Cost8=0
Cost9=0
f=1
Cost10=cost1
0
0
- Connection lost /f6=0.1
Cost11
Coss12
Cost13
- Server busy, corrupted/f7=0.05
f=1
Cost14
Cost17
Cost15
0
Cost16
0
25
A Case Study
 Step 1:
Factor i
Factor weight Fwi
Availability
0.3
Integrity
0.4
Confidentiality
0.3
26
A Case Study
 Cost Evaluation: 1-10
0: No impact,
1-2: Small impact
3-5: Medium impact
5-8: Big impact
9-10: Disaster
 View Action: Cost of each outcome
-
(See the table in previous slide)
27
A Case Study
 Assuming that: we have current context
Record too big, Data unencrypted
 View Action:
Accept solution:
RV = 0.3x1.5+0.3x0.6
= 0.63
Reject solution:
RV = 0.3x5+0.4x0+0.3x0
= 1.5
Solution
Accept
Reject
1.5
5
0
0
0.6
0
Factor
Availability
Integrity
Confidentiality
 Choose Accept solution
* But if current context includes Record too big, Data unencrypted and
Transaction session is in peak, the result will be Reject solution
28
Related works
-
In some context-based access control model, they really provide
dynamic and flexible , but the decision-making process is not
powerful and precise as in our model using risk.
-
The paper “Using Trust and Risk in RBAC policies” [7] used the
concept outcome to calculate cost for each outcome and risk
value but they did not consider the context for risk assessment,
but trust.
-
In “Risk Probability Estimating Based on Clustering” of
YongChen et al (2003), they used neural network for risk
estimator. In this work, we use a simpler method, that takes
advantage of context to know about the state of the network and
the service
- Compare with my previous work, this one is better. We apply
MFEP to calculate risk and do not need threshold which is hard
to define.
29
Conclusion
 We have investigated how to apply risk to access control and
propose an access control model with risk assessment.
 It provides a precise way of making decision because of utilizing
context in risk assessment process.
 We have further demonstrated how this model can be applied to
manage access control in a practical scenario and explored it in
manner of ubiquitous computing.
 The disadvantage of this mechanism is: the service provider
need to work out the cost of each outcome in each action
30
Future work
 Decision-making should be done during the working period of the
activity, whenever the context changes into another state.
 Automatically update the cost of outcomes of the actions in
making decision process and detailed information of current
network state based on evidence gathered from context
 Do the simulation work to prove the performance of the system
 We need to consider more parameters and factors that effect to
risk assessment process such as risk in authentication phase.
31
References







[1] R.J. Hulsebosch , A.H. Salden, M.S. Bargh, P.W.G. Ebben, J. Reitsma. “Context
Sensitive Access Control”. In proceedings of the tenth ACM symposium on Access control
models and technologies, Stockholm, Sweden, 2005.
[2] Lalana Kagal, Tim Finin, and Anupam Joshi. “Trust-based security in pervasive
computing environments”. IEEE Computer, 34(12):154--157, December 2001.
[3] V. Cahill, B. Shand, E. Gray, et al., "Using Trust for Secure Collaboration in Uncertain
Environments," Pervasive Computing, vol. 2, no. 3, pp. 52--61, July-September 2003.
[4] Nathan Dimmock , Jean Bacon, David Ingram, and Ken Moody. “Risk Models for Trust
Based Access Control”. University of Cambridge, Computer Laboratory, JJ Thomson Ave,
Cambridge CB3 0FD,UK.
[5] Peter Chapin , Christian Skalka , X. Sean Wang. “Risk assessment in distributed
authorization”. Proceedings of the 2005 ACM workshop on Formal methods in security
engineering, November 11-11, 2005, Fairfax, VA, USA
[6] Hassan Jameel, Le Xuan Hung, Umar Kalim, Ali Sajjad, Sungyoung Lee, Young-Koo
Lee, "A Trust Model for Ubiquitous Systems based on Vectors of Trust Values", ism, pp. 674679, Seventh IEEE International Symposium on Multimedia (ISM'05), 2005.
[7] Nathan Dimmock et al , “Using Trust and Risk in RBAC policies”, 2004
32
THANK YOU!
33
Related documents
Observation of Associate Teacher by Student Teacher
Observation of Associate Teacher by Student Teacher
Confidentiality
Confidentiality
Confidentiality Agreement for Staff
Confidentiality Agreement for Staff
student staff member confidentiality statement
student staff member confidentiality statement
Employee Confidentiality Statement
Employee Confidentiality Statement
31 Confidentiality
31 Confidentiality
Developing Effective Communication in Health and Social Care
Developing Effective Communication in Health and Social Care
Template: Client Notice of Rights Form/Confidentiality
Template: Client Notice of Rights Form/Confidentiality
Confidentiality Agreement
Confidentiality Agreement
Download
advertisement