1 Contextual Risk-based Access Control Mechanism NGUYEN NGOC DIEP Master Fellow – uSec Group.
-
Upload
mervyn-johnson -
Category
Documents
-
view
213 -
download
0
Transcript of 1 Contextual Risk-based Access Control Mechanism NGUYEN NGOC DIEP Master Fellow – uSec Group.
1
Contextual Risk-based Access Control Mechanism
NGUYEN NGOC DIEP Master Fellow – uSec Group
2
AGENDA
1 – Introduction
2 – Access Control Model
3 – Risk Assessment
4 – Related Work
5 – Conclusion
3
Introduction- Background
In the new environment, security problems are much more complex since ubiquitous environment is more dynamic, more distributed, more invisible and heterogeneous. Therefore, we need to view security problems in a new paradigm and explore them thoroughly under the above effects.
Information security can be broadly categorized into three types: confidentiality, integrity and availability. Access Control is critical to preserve the confidentiality and integrity of information.
Autonomous decision-making is an increasingly popular application for security, including access control in ubiquitous computing
4
Introduction- Motivation
Current research about Access Control is mostly based on the context and role. Some recently research used trust as the fundamental component.
Risk Assessment is an effective tool using in decision-making and is an important factor in economics, but is not applied well in security, especially in access control
Context is not used in an effective way in decision-making process
5
Introduction- Problem Statement
Risk in Access Control in Ubiquitous Computing Environment is a new problem. In this work, we will present a contextual risk-based Access Control model.
Applying risk assessment to make decisions, based on context parameters.
6
Access Control Model
Access Control
Manager
Request (principle,credentials)
Decision
Risk Assessment
Context Retrieval
actions, outcomes
cost, outcomes
Context values
(time,space,network state)
Context values
7
Access Control Model
- A request by principle p (user or process) to Access Control Manager
- Risk Assessment module calculate risk based on the credentials, sort of actions and the current context (risk context)
- The risk value is compared with the threshold, then return the decision
We call the period doing action is session
8
Access Control Model
Factors in the access control model:
• Principle (p): admin, staff, professor, guest• Set of Actions (a), i.e. : read, write, delete, modify• Set of Outcomes (o): confidentiality, availability,
integrity• Set of Context (c): time (night, daytime,…), location
(in-building, in-office, outside), network state • Consequence function: shows the cost of each
outcome in a specific context• Risk function: calculates risk of the action in
current context.
10
Risk Assessment
Definition: “Risk is often evaluated based on the probability of the threat and the potential impact”
3 factors: loss of availability, loss of confidentiality and loss of integrity.
The parameters:
- Principle context
- Environment context
- Resource context
- List of outcomes of the action
11
Risk AssessmentMulti Factor Evaluation Process: In reality, we have many decision-making problems that need
to consider many factors. We can use Multi Factor Evaluation Process (MFEP)
In MFEP, decision maker subjectively identify important factors in a given decision situation and assign a weight for each factor. The weight presents the relative importance of each factor in making the decision
Secondly, identify alternatives (solutions) available to decision maker.
Thirdly, factor evaluation: for each alternative, all factors are evaluated and a weight is assigned to each.
A weighted evaluation is then computed for each alternative as the sum of product of factors weights and factors evaluations.
12
Risk AssessmentMulti Factor Evaluation Process:
Step 1: List all factors and give to factor i a value weight Fwi (0 < Fwi < 1). Fwi expresses the important of factor i in comparative.
Step 2: Factor Evaluation
With each factor i, we assess solution j by giving it a coefficient FEij (called evaluation of solution j under factor i)
Step 3: Total Weighted Evaluation
choose solution j0 if we have Max TWEj with j = j0
13
Risk AssessmentMFEP example:
Problems: A graduate student wants to find a work. The important factors in this situation is salary, position of office, partners, kind of works, other benefits, … He need to find a best decision.
- Solution: Assuming that after considering, he found that 3 most important factors is: Salary, Promotion, Position of office and the relative importance of each factor is respectively 0.3, 0.6, 0.1. (Table 1)
- There are 3 companies A, B, C that accepts him. For each company, he evaluates according to 3 above factors and has evaluation table (table 2)
14
Risk Assessment Step 1:
Step 2: Evaluate FEij
Factor i Factor weight Fwi
Salary 0.3
Promotion 0.6
Position of office 0.1
Solution j A B C
Factor i
Salary 0.7 0.8 0.9
Promotion 0.9 0.7 0.6
Position of office 0.6 0.8 0.9
15
Risk Assessment
Step 3: Total Weight Evaluation (TWE)
TWE(A) = 0.3*0.7+0.6*0.9+0.1*0.6 = 0.81
TWE(B) = 0.3*0.8+0.7*0.7+0.1*0.8 = 0.74
TWE(C) = 0.3*0.9+0.6*0.6+0.1*0.9 = 0.72
choose company A
16
A case study –Access control management in a hospital Access control system to manage accesses to
patient‘s records in a hospital. Data is stored in database and can be accessed
through remote terminal. The records can be text, video, image or sound
format and it has some properties Each member has his role and set of permitted
corresponding actions. Each action has list of outcomes
17
Outcomes and risk values for each action
Actions Outcomes Risk context /ProbabilityRisk value
Availability Integrity Confidentiality
View record
- Unavailable
- Leaking information
- Service corrupted- Can not do
- Record too big /f1- Transaction session is full /f2- Data unencrypted /f3- Connection is not secured/f4- Connection is lost /f5
f=1
Cost1
Cost4
Cost7
cost10
Cost2
Cost5
Cost8
0
Cost3
Cost6
Cost9
0
Modify record
- Lose information- Can not update- Can not do
- Connection lost /f6
- Server busy, corrupted /f7 f=1
Cost11
Cost14Cost17
Coss12
Cost150
Cost13
Cost160
18
Risk Assessment -Definitions
Action is an action in set of action A (available for the principle),
is an outcome in set of outcome O of action
is cost of outcome j of action in term of availability
is cost of outcome j of action in term of integrity
is cost of outcome j of action in term of confidentiality
is a set of context parameter is the probability of outcome in
jaio ,
iaNi
jaialo ,_
jaiilo ,_
jaiclo ,_
ks
kjiasof ,, jai
o , ks
19
Risk Assessment -Schema Step 1: Identify actions in service, outcomes of each
action Step 2: Assign weight for each factor availability,
integrity, confidentiality to each action. Step 3: Specify cost of each outcome in term of
availability, integrity, confidentiality Step 4: Identify probability of outcome (f), based on
the set of current context and probability of it. Step 5: We have 2 solutions: Accept or Reject, and
risk value of action in term of availability, integrity and confidentiality in both 2 solution
Step 6: Apply MFEP with the above parameters and choose the better solution
20
Risk Assessment (cont) - Cost of outcome
Cost of outcome: is calculated based on context parameters.
We calculate the cost in the aspect of availability, integrity, confidentiality
21
Risk Assessment (cont) - Cost of outcome
For loss of availability:
For loss of integrity:
For loss of confidentiality:
with exists if and only if all required context parameters exist.
)(__ ,, ,,k
sojao kjiaijiafaloac
)(__ ,, ,,k
sojao kjiaijiafiloic
)(__ ,, ,, k
sojao kjiaijiafclocc
ks
22
Risk Assessment (cont) -Cost of action
Cost of an action is a total weighted evaluation of all outcomes of the action
23
Risk Assessment (cont) -Cost of action
For availability:
For integrity:
For confidentiality:
j
oii jiaactyavailabiliatARV
,_)"",(cos_
j
oii jiaicintegrityatIRV
,_)"",(cos_
j
oii jiaccalityconfidentiatCRV
,_)"",(cos_
24
Risk Assessment (cont) - Risk value evaluation
With each service, we consider the importance of each element (availability, integrity, confidentiality) different.
Risk value of an action is defined as a weighted arithmetic mean of its risk value of availability, confidentiality and integrity.
where and they can be adjusted to a suitable value if more weight
is to be given to a specific metric.
321
321 ___
www
CRVwIRVwARVwRV iii
1,2,3 i , Nwi
25
A Case Study
Actions Outcomes Risk context /ProbabilityRisk value
Availability Integrity Confidentiality
View record
- Unavailable
- Leaking information
- Service corrupted- Can not do
- Record too big /f1=0.3- Transaction session is in peak /f2=0.6- Data unencrypted /f3=0.6- Connection is not secured/f4=0.5- Connection is lost /f5=0.7
f=1
Cost1=5
Cost4=0
Cost7=5
Cost10=cost1
Cost2=0
Cost5=0
Cost8=0
0
Cost3=0
Cost6=1
Cost9=0
0
Modify record
- Lose information- Can not update- Can not do
- Connection lost /f6=0.1
- Server busy, corrupted/f7=0.05 f=1
Cost11
Cost14Cost17
Coss12
Cost150
Cost13
Cost160
26
Step 1: Factor i Factor weight Fwi
Availability 0.3
Integrity 0.4
Confidentiality 0.3
A Case Study
27
A Case Study
Cost Evaluation: 1-10 0: No impact,
1-2: Small impact
3-5: Medium impact
5-8: Big impact
9-10: Disaster View Action: Cost of each outcome- (See the table in previous slide)
28
A Case Study
Assuming that: we have current contextRecord too big, Data unencrypted
View Action:
Accept solution: RV = 0.3x1.5+0.3x0.6
= 0.63
Reject solution:RV = 0.3x5+0.4x0+0.3x0
= 1.5 Choose Accept solution
* But if current context includes Record too big, Data unencrypted and Transaction session is in peak, the result will be Reject solution
Solution Accept Reject
Factor
Availability 1.5 5
Integrity 0 0
Confidentiality 0.6 0
29
Related works
- In some context-based access control model, they really provide dynamic and flexible , but the decision-making process is not powerful and precise as in our model using risk.
- The paper “Using Trust and Risk in RBAC policies” [7] used the concept outcome to calculate cost for each outcome and risk value but they did not consider the context for risk assessment, but trust.
- In “Risk Probability Estimating Based on Clustering” of YongChen et al (2003), they used neural network for risk estimator. In this work, we use a simpler method, that takes advantage of context to know about the state of the network and the service
- Compare with my previous work, this one is better. We apply MFEP to calculate risk and do not need threshold which is hard to define.
30
Conclusion We have investigated how to apply risk to access control and
propose an access control model with risk assessment.
It provides a precise way of making decision because of utilizing context in risk assessment process.
We have further demonstrated how this model can be applied to manage access control in a practical scenario and explored it in manner of ubiquitous computing.
The disadvantage of this mechanism is: the service provider need to work out the cost of each outcome in each action
31
Future work
Decision-making should be done during the working period of the activity, whenever the context changes into another state.
Automatically update the cost of outcomes of the actions in making decision process and detailed information of current network state based on evidence gathered from context
Do the simulation work to prove the performance of the system
We need to consider more parameters and factors that effect to risk assessment process such as risk in authentication phase.
32
References [1] R.J. Hulsebosch , A.H. Salden, M.S. Bargh, P.W.G. Ebben, J. Reitsma. “Context
Sensitive Access Control”. In proceedings of the tenth ACM symposium on Access control models and technologies, Stockholm, Sweden, 2005.
[2] Lalana Kagal, Tim Finin, and Anupam Joshi. “Trust-based security in pervasive computing environments”. IEEE Computer, 34(12):154--157, December 2001.
[3] V. Cahill, B. Shand, E. Gray, et al., "Using Trust for Secure Collaboration in Uncertain Environments," Pervasive Computing, vol. 2, no. 3, pp. 52--61, July-September 2003.
[4] Nathan Dimmock , Jean Bacon, David Ingram, and Ken Moody. “Risk Models for Trust Based Access Control”. University of Cambridge, Computer Laboratory, JJ Thomson Ave, Cambridge CB3 0FD,UK.
[5] Peter Chapin , Christian Skalka , X. Sean Wang. “Risk assessment in distributed authorization”. Proceedings of the 2005 ACM workshop on Formal methods in security engineering, November 11-11, 2005, Fairfax, VA, USA
[6] Hassan Jameel, Le Xuan Hung, Umar Kalim, Ali Sajjad, Sungyoung Lee, Young-Koo Lee, "A Trust Model for Ubiquitous Systems based on Vectors of Trust Values", ism, pp. 674-679, Seventh IEEE International Symposium on Multimedia (ISM'05), 2005.
[7] Nathan Dimmock et al , “Using Trust and Risk in RBAC policies”, 2004
33
THANK YOU!