A Survey on Context Security Policies in the Cloud

A Survey on Context Security Policies in the

Cloud

Yiannis Verginadis, Gregoris Mentzas, Simeon Veloudis,

Iraklis Paraskakis

1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD'15) Limassol, Cyprus,

December 10, 2015

Information Management Unit / ICCS of NTUA www.imu.iccs.gr

Agenda

Introduction

Security-related context

Related work on policy modeling

PaaSword context-aware policy model

Conclusions


What is Context?

“Any information that can be

used to characterize the

situation of an entity. An entity is

a person, place, or object that is

considered relevant to the

interaction between a user and

an application, including the

user and applications

themselves” (Abowd, et al.,

1999; Dey, 2001)

3


What is Context-Aware Security?

“Context-aware security is the use of supplemental information to

improve security decisions at the time they are made, resulting in

more accurate security decisions capable of supporting dynamic

business and IT environments” (Gartner)

4


The Adoption of Cloud Computing

Many users have started relying on cloud services without realizing it

Many companies have remained cautious due to security concerns

Applications and storage volumes often reside next to potentially hostile

virtual environments, leaving sensitive information at risk to theft,

unauthorized exposure or malicious manipulation

Governmental regulation presents an additional concern of significant

legal and financial consequences if data confidentiality is breached

Focused interest Experimentation Near ubiquitous use Clo

ud A

doption


Security Challenges in the Cloud

Top four threats identified (CSA, 2013) are:

data leakage

data loss

account hijacking

insecure APIs

The OWASP foundation has categorized the database-related

attacks as the most critical ones

These attacks were responsible for 83% of the total records stolen

The most critical part of a

modern cloud application is the

data persistency layer and the

database itself


Agenda

Introduction




Conclusions


Related Work

Commonly used access control models (Ferrari 2010) are:

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

The Attribute Based Access Control (ABAC)


MAC and DAC Related Approaches

Solutions that are based on MAC access control they

involve rigid and static methods (Jürjens, 2001)

DAC models rely on access control matrices

rows and columns correspond to subjects and objects

respectively

their intersection points correspond to a set of allowed access

operations

Access control lists (ACL)

the controls are discretionary



Role

a grouping mechanism for categorizing individual users (called subjects) based

on various properties (e.g. job title, user functions, responsibilities etc.).

Each subject has a role set, which consists of all the roles

that the subject has been authorized to use.

It lacks support for expressing access control conditions that refer to

the state of a system

e.g. the state of a protected resource, parameter values, date or time



Extensions included

Organization Role Base Access Control (ORBAC)

authorization is given to users depending on their role in an organization in a

given context (Boustia & Mokhtari, 2008)

Generalized RBAC (GRBAC)

incorporates the concept of environment roles (Convington et al., 2001)

Shortcomings proposes a domain specific environment role hierarchy, not easily extensible and manageable

in heterogeneous domains

it doesn’t support the fine-grained modelling of different data objects

Context-aware access control (CAAC)

Shortcomings incorporate only specific types of contexts (Chandran & Joshi, 2005)

lack of fine-grained data access control (Zhang & Parashar, 2004)

inefficient inferring of context (Kayes et al., 2013)


ABAC Related Approaches

Authorization to perform operations is determined by

evaluating attributes associated with the subject, object,

requested operations, and environment conditions

Key difference

It can express a complex Boolean rule set that can evaluate

many different attributes

e.g. OASIS eXtensible Access Control Markup Language (XACML) declarative access control policies encouraging the separation of the access

decision from the point of use

Location-aware access control (LAAC)

No support of additional pertinent contextual information (Cleeff et

al.,2010)

OWL-based inefficient inferring of context

Onto-ACM (Choi et al., 2014), CONON (Wang et al., 2004), (Costabello et

al., 2012)


Agenda

Introduction




Conclusions


Policy Modeling

Provide a set of unambiguous rules

which are interpreted by enforcement mechanisms and which

constrain the behaviour of the entities.

There is lack of proper separation of concerns (Kourtesis

and Paraskakis, 2012)

The policy definition and policy enforcement are entangled in the

implementation of a single software component, leading to the

lack of

portability

explicit representation of policy relationships


Policy Modeling

Syntactic Policy Description

promotes a declarative approach to policy expression,

where access rules are encoded imperatively, as part of the same

software that checks for their compliance.

RuleML, XACML, WS-Trust

fail to capture the knowledge lurking behind policies

any interoperability relies on the use of vocabularies that are shared

among all parties involved in an interaction. leads to ad-hoc reasoning about policy compliance

limits the reusability and portability of policies

precludes the identification of inter-policy relations

limits the ability to perform policy governance


Policy Modeling

Semantically-rich Policy Description

employs ontologies in order to assign meaning to actors, actions

and resources

ability to reason about policy compliance generically

identification of inter-policy relations such as inconsistent policies, and

overlapping policies

portability, visibility, and reusability of policies

facilitates policy governance

KAoS [Uszok et al., 2004], Rei [Kagal et al., 2003], [Hu et al.,

2011]


Agenda

Introduction




Conclusions


Context-aware Security Model

A model for semantically describing associations

between types of access depending on the data objects

and circumstances under which this access should be

allowed

These circumstances are determined based on contextual

information

This model will constitute the background knowledge for

the DAO Annotations

It will involve lightweight semantics for allowing efficient

inferencing

It comprises of two dimensions related to

dynamic security controls

static security controls


Context-aware Security Model

SMM: Security model management DLM: Design-Time Library ManagementAF: Annotation-formation DAO: Data access objectSPM: Security Policies Management


Ontologically Describing an Access Rule Template


Agenda

Introduction

Data Security Challenges in the Cloud

PaaSword Framework

Conclusions


Conclusions & Next Steps

Future work involves the development of appropriate Context and

Policy models editors

Implementation and validation of the proposed framework in 5

pilots:

Encrypted persistency as a service in a PaaS provider

Intergovernmental secure document and personal data exchange

Secure sensors data fusion and analytics

Protection of personal data in a multi-tenant CRM

Protection of sensible enterprise information in multi-tenant ERP

Thank you for listening!

Acknowledgements:

This work is related to the PaaSword project and

has received funding from the European Union’s

Horizon 2020 research and innovation

programme under grant agreement No 644814

A Survey on Context Security Policies in the Cloud

Science

Transcript of A Survey on Context Security Policies in the Cloud