1 / 32

Contextual Risk-based Access Control Mechanism

Contextual Risk-based Access Control Mechanism. NGUYEN NGOC DIEP Master Fellow – uSec Group. AGENDA. 1 – Introduction 2 – Access Control Model 3 – Risk Assessment 4 – Related Work 5 – Conclusion. Introduction- Background.

aneko
Télécharger la présentation

Contextual Risk-based Access Control Mechanism

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Contextual Risk-based Access Control Mechanism NGUYEN NGOC DIEP Master Fellow – uSec Group

  2. AGENDA 1 – Introduction 2 – Access Control Model 3 – Risk Assessment 4 – Related Work 5 – Conclusion

  3. Introduction- Background • In the new environment, security problems are much more complex since ubiquitous environment is more dynamic, more distributed, more invisible and heterogeneous. Therefore, we need to view security problems in a new paradigm and explore them thoroughly under the above effects. • Information security can be broadly categorized into three types: confidentiality, integrity and availability. Access Control is critical to preserve the confidentiality and integrity of information. • Autonomous decision-making is an increasingly popular application for security, including access control in ubiquitous computing

  4. Introduction- Motivation • Current research about Access Control is mostly based on the context and role. Some recently research used trust as the fundamental component. • Risk Assessment is an effective tool using in decision-making and is an important factor in economics, but is not applied well in security, especially in access control • Context is not used in an effective way in decision-making process

  5. Introduction- Problem Statement • Risk in Access Control in Ubiquitous Computing Environment is a new problem. In this work, we will present a contextual risk-based Access Control model. • Applying risk assessment to make decisions, based on context parameters.

  6. Access Control Model

  7. Access Control Model - A request by principle p (user or process) to Access Control Manager - Risk Assessment module calculate risk based on the credentials, sort of actions and the current context (risk context) - The risk value is compared with the threshold, then return the decision We call the period doing action is session

  8. Access Control Model Factors in the access control model: • Principle (p): admin, staff, professor, guest • Set of Actions (a), i.e. : read, write, delete, modify • Set of Outcomes (o): confidentiality, availability, integrity • Set of Context (c): time (night, daytime,…), location (in-building, in-office, outside), network state • Consequence function: shows the cost of each outcome in a specific context • Risk function: calculates risk of the action in current context.

  9. Risk Assessment • Definition:“Risk is often evaluated based on the probability of the threat and the potential impact” • 3 factors: loss of availability, loss of confidentiality and loss of integrity. • The parameters: - Principle context - Environment context - Resource context - List of outcomes of the action

  10. Risk Assessment Multi Factor Evaluation Process: • In reality, we have many decision-making problems that need to consider many factors. We can use Multi Factor Evaluation Process (MFEP) • In MFEP, decision maker subjectively identify important factors in a given decision situation and assign a weight for each factor. The weight presents the relative importance of each factor in making the decision • Secondly, identify alternatives (solutions) available to decision maker. • Thirdly, factor evaluation: for each alternative, all factors are evaluated and a weight is assigned to each. • A weighted evaluation is then computed for each alternative as the sum of product of factors weights and factors evaluations.

  11. Risk Assessment Multi Factor Evaluation Process: • Step 1: List all factors and give to factor i a value weight Fwi (0 < Fwi < 1). Fwi expresses the important of factor i in comparative. • Step 2: Factor Evaluation With each factor i, we assess solution j by giving it a coefficient FEij (called evaluation of solution j under factor i) • Step 3: Total Weighted Evaluation •  choose solution j0 if we have Max TWEj with j = j0

  12. Risk Assessment MFEP example: Problems: A graduate student wants to find a work. The important factors in this situation is salary, position of office, partners, kind of works, other benefits, … He need to find a best decision. • Solution: Assuming that after considering, he found that 3 most important factors is: Salary, Promotion, Position of office and the relative importance of each factor is respectively 0.3, 0.6, 0.1. (Table 1) • There are 3 companies A, B, C that accepts him. For each company, he evaluates according to 3 above factors and has evaluation table (table 2)

  13. Risk Assessment • Step 1: • Step 2: Evaluate FEij

  14. Risk Assessment Step 3: Total Weight Evaluation (TWE) TWE(A) = 0.3*0.7+0.6*0.9+0.1*0.6 = 0.81 TWE(B) = 0.3*0.8+0.7*0.7+0.1*0.8 = 0.74 TWE(C) = 0.3*0.9+0.6*0.6+0.1*0.9 = 0.72  choose company A

  15. A case study –Access control management in a hospital • Access control system to manage accesses to patient‘s records in a hospital. • Data is stored in database and can be accessed through remote terminal. • The records can be text, video, image or sound format and it has some properties • Each member has his role and set of permitted corresponding actions. • Each action has list of outcomes

  16. Outcomes and risk values for each action

  17. Risk Assessment -Definitions • Action is an action in set of action A (available for the principle), • is an outcome in set of outcome O of action • is cost of outcome j of action in term of availability • is cost of outcome j of action in term of integrity • is cost of outcome j of action in term of confidentiality • is a set of context parameter • is the probability of outcome in

  18. Risk Assessment -Schema • Step 1: Identify actions in service, outcomes of each action • Step 2: Assign weight for each factor availability, integrity, confidentiality to each action. • Step 3: Specify cost of each outcome in term of availability, integrity, confidentiality • Step 4: Identify probability of outcome (f), based on the set of current context and probability of it. • Step 5: We have 2 solutions: Accept or Reject, and risk value of action in term of availability, integrity and confidentiality in both 2 solution • Step 6: Apply MFEP with the above parameters and choose the better solution

  19. Risk Assessment (cont) -Cost of outcome • Cost of outcome:is calculated based on context parameters. • We calculate the cost in the aspect of availability, integrity, confidentiality

  20. Risk Assessment (cont) -Cost of outcome • For loss of availability: • For loss of integrity: • For loss of confidentiality: with exists if and only if all required context parameters exist.

  21. Risk Assessment (cont) -Cost of action • Cost of an action is a total weighted evaluation of all outcomes of the action

  22. Risk Assessment (cont) -Cost of action • For availability: • For integrity: • For confidentiality:

  23. Risk Assessment (cont) - Risk value evaluation • With each service, we consider the importance of each element (availability, integrity, confidentiality) different. • Risk value of an action is defined as a weighted arithmetic mean of its risk value of availability, confidentiality and integrity. • where and they can be adjusted to a suitable value if more weight is to be given to a specific metric.

  24. A Case Study

  25. A Case Study • Step 1:

  26. A Case Study • Cost Evaluation: 1-10 0: No impact, 1-2: Small impact 3-5: Medium impact 5-8: Big impact 9-10: Disaster • View Action: Cost of each outcome • (See the table in previous slide)

  27. A Case Study • Assuming that: we have current context Record too big, Data unencrypted • View Action: Accept solution: RV = 0.3x1.5+0.3x0.6 = 0.63 Reject solution: RV = 0.3x5+0.4x0+0.3x0 = 1.5 • Choose Accept solution *But if current context includesRecord too big, Data unencrypted and Transaction session is in peak, the result will be Reject solution

  28. Related works - In some context-based access control model, they really provide dynamic and flexible , but the decision-making process is not powerful and precise as in our model using risk. - The paper “Using Trust and Risk in RBAC policies” [7] used the concept outcome to calculate cost for each outcome and risk value but they did not consider the context for risk assessment, but trust. - In “Risk Probability Estimating Based on Clustering” of YongChen et al (2003), they used neural network for risk estimator. In this work, we use a simpler method, that takes advantage of context to know about the state of the network and the service - Compare with my previous work, this one is better. We apply MFEP to calculate risk and do not need threshold which is hard to define.

  29. Conclusion • We have investigated how to apply risk to access control and propose an access control model with risk assessment. • It provides a precise way of making decision because of utilizing context in risk assessment process. • We have further demonstrated how this model can be applied to manage access control in a practical scenario and explored it in manner of ubiquitous computing. • The disadvantage of this mechanism is: the service provider need to work out the cost of each outcome in each action

  30. Future work • Decision-making should be done during the working period of the activity, whenever the context changes into another state. • Automatically update the cost of outcomes of the actions in making decision process and detailed information of current network state based on evidence gathered from context • Do the simulation work to prove the performance of the system • We need to consider more parameters and factors that effect to risk assessment process such as risk in authentication phase.

  31. References • [1] R.J. Hulsebosch , A.H. Salden, M.S. Bargh, P.W.G. Ebben, J. Reitsma. “Context Sensitive Access Control”. In proceedings of the tenth ACM symposium on Access control models and technologies, Stockholm, Sweden, 2005. • [2] Lalana Kagal, Tim Finin, and Anupam Joshi. “Trust-based security in pervasive computing environments”. IEEE Computer, 34(12):154--157, December 2001. • [3] V. Cahill, B. Shand, E. Gray, et al., "Using Trust for Secure Collaboration in Uncertain Environments," Pervasive Computing, vol. 2, no. 3, pp. 52--61, July-September 2003. • [4] Nathan Dimmock , Jean Bacon, David Ingram, and Ken Moody. “Risk Models for Trust Based Access Control”. University of Cambridge, Computer Laboratory, JJ Thomson Ave, Cambridge CB3 0FD,UK. • [5] Peter Chapin , Christian Skalka , X. Sean Wang. “Risk assessment in distributed authorization”. Proceedings of the 2005 ACM workshop on Formal methods in security engineering, November 11-11, 2005, Fairfax, VA, USA • [6] Hassan Jameel, Le Xuan Hung, Umar Kalim, Ali Sajjad, Sungyoung Lee, Young-Koo Lee, "A Trust Model for Ubiquitous Systems based on Vectors of Trust Values", ism, pp. 674-679,  Seventh IEEE International Symposium on Multimedia (ISM'05),  2005. • [7] Nathan Dimmock et al , “Using Trust and Risk in RBAC policies”, 2004

  32. THANK YOU!

More Related