1 / 13

Community Centric Access Control

Community Centric Access Control. Matt Guidry Jacob Rettig. Boolean Identity Verification. Password-based Authentication is not truly compatible with human behavior. Humans are not good at remembering passwords. ‘E=MC3’ ?!. Helpful Measure. Community Centric Access Control

warren
Télécharger la présentation

Community Centric Access Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Community Centric Access Control Matt Guidry Jacob Rettig

  2. Boolean Identity Verification • Password-based Authentication is not truly compatible with human behavior. • Humans are not good at remembering passwords ‘E=MC3’ ?!

  3. Helpful Measure • Community Centric Access Control - Vanilla Authentication • Allow Trusted Members in a Small Community to Admit Access

  4. Vanilla Access “I cant log in!” “This stupid thing forgot MY password!” • Allows Limited Access • Peers Can Let You In, Rollback Access

  5. Vanilla Rollback Access • Once You Are Verified You Attain “Rollback Access” • Your community members have the second half of your secret key

  6. Example • Jenn updates to the new Community Centric protocol her company installed • 10 digit password • Cant be a word • Must have special chars • Must have a number

  7. Treats and Responses • Laziness -Send detailed information such a tokens or pictures • Misuse -Notifies of Vanilla Access Attempts

  8. Community Access Control to Physical/Binary Data

  9. University Example Some situations may require specific people to be present to access information • May require a professor and a secretary to read a file. • May require a professor and a department chair to remove the file and/or update it.

  10. Files contained in a smart filing cabinet inside a common office space. • Professor A must pass through the doors and the occupied space of the workplace.

  11. Professor A reaches the cabinet and pulls on the drawer and a touch screen LCD pops out of the top of the cabinet and requires user verification (security badge, fingerprint). • The LCD reminds him he alone is not authorized to access this information, and that he must access it in conjunction with other members of his community. • He selects an option on the touch screen to see combinations of community users that will unlock the drawer and finds the assembly of himself and: • a secretary will together have permission to read the files • the department chair will together have permission to remove the files

  12. Supervised Access • Professor A wants to make sure these files are what he is looking for. • He finds the secretary and together they open the drawer. • Professor A is able to examine the files while the secretary is present to supervise. • Supervisory Access • Professor A now must ask the department chair to assist him in checking out the files for update. • After a legitimate reason, they together open the drawer. • Unsupervised Access • Upon returning the files late that evening, he tries to open the drawer and checks the community combinations and there are none since they left for the night. • Rather than leave them unsecured, he goes to the secure drop-box drawer, swipes his finger, and drops them in the drawer. • In the morning an authorized Information Clearing Agent will verify the integrity of the file, and return the file to the correct drawer.

  13. Binary Data • For sensitive files it is best to follow the physical data model with an on-location secure terminal connected by intranet and without internet. • In off location community access control, the advantages of person to person verification are less or even lost.

More Related