Internet of Things Andrew Cox.

Slides:

Advertisements

Similar presentations

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Advertisements

RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

Database Security - Farkas 1 Database Security and Privacy.

Access Control Intro, DAC and MAC System Security.

Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.

2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.

Lecture 7 Access Control

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

Li Xiong CS573 Data Privacy and Security Access Control.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.

G53SEC 1 Access Control principals, objects and their operations.

Li Xiong CS573 Data Privacy and Security Access Control.

Project MED INF 403 DL Winter 2008 Group 3. Group Members Michael Crosswhite Maureen Farrell Julia Hernandez R Steven McDonald Jennifer Ogg David Robbins.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.

COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:

CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.

Trusted Operating Systems

Privilege Management Chapter 22.

Computer Security: Principles and Practice

Context Aware RBAC Model For Wearable Devices And NoSQL Databases Amit Bansal Siddharth Pathak Vijendra Rana Vishal Shah Guided By: Dr. Csilla Farkas Associate.

Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.

Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Chapter 4 Access Control. Access Control Principles RFC 4949 defines computer security as: “Measures that implement and assure security services in a.

22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.

Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.

Database Security Advanced Database Dr. AlaaEddin Almabhouh.

Chapter 5 : DataBase Security Lecture #1-Week 8 Dr.Khalid Dr. Mohannad Information Security CIT460 Information Security Dr.Khalid Dr. Mohannad 1.

Database System Implementation CSE 507

Access Control in Cloud Security

Access Control Model SAM-5.

Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé

Introduction to NTFS Permissions

FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY

Institute for Cyber Security

World-Leading Research with Real-World Impact!

Cloud Testing Shilpi Chugh.

Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.

Internet of Things (IoT)

World-Leading Research with Real-World Impact!

Attribute-Based Access Control: Insights and Challenges

Executive Director and Endowed Chair

Discretionary Access Control (DAC)

Attribute-Based Access Control (ABAC)

Cyber Security Research: Applied and Basic Combined*

OS Access Control Mauricio Sifontes.

Attribute-Based Access Control: Insights and Challenges

Access Control.

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S

Computer Security Access Control

Cyber Security Research: A Personal Perspective

Attribute-Based Access Control (ABAC)

Access Control Evolution and Prospects

Cyber Security R&D: A Personal Perspective

Chapter 4: Security Policies

Module 1.4 Roles and User Management

Computer Science Dr Hwang Chair, Computer Science Department

Access Control Evolution and Prospects

Presentation transcript:

Internet of Things Andrew Cox

Outline Overview Applications Security Concerns Security of Data Storage Access Control References

Overview The Internet of Things (IoT) is a network of physical objects, each of which transmits data

🏠 🏥 📺 Applications Personal Business Healthcare Fig 1. Diagram of a Pacemaker (Mayo).

Security Concerns The primary focus of my research is the "Storage" Phase. Fig. 2 - Attacks based on Phase (Ferreira).

Security of Data Storage Scope Attacks Lack of standardization for data storage Inability to easily determine/control the type of data being stored Privacy Denial of Service (DoS) Data/Identity Theft Man-in-the-Middle

Access Control Access controls restrict the access which machines, users, and other entities have to data and systems. Primary Models: Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role-Based Access Control (RBAC) Attribute-Based Access Control (ABAC)

Example of an ACL for a Single Object Access Control (DAC) Example of an ACL for a Single Object Control over data access is granted to the data's owner. Access is typically regulated through an access control list (ACL). User_ID PERMISSIONS Andrew (OWNER) R,W,E,D,AC Adam R,E REBEcca R,W,E Sam E Key: R = "read"; W = "write"; E = "execute"; D = "delete"; AC = "access control"

Access Control (MAC) DAC Security Example The highest level of control over all data/resources is granted to the system administrator. The security model is standardized. DAC Security Example Users Security Level ADAM TS REBECCA S JOE C Sam Objects Security Level DOC_1 TS App_2 S Doc_3 C SPREADSHEET_4 Key: TS = "Top Secret"; S = "Secret"; C = "Confidential" TS > S > C

Access Control (RBAC) Roles (College Example) Permissions Objects Dept_Head R,W All Data for All Students in the Department Advisor R All Data for Their Advisees Courses for Their Advisees (Overrides) Instructor Rosters for Their Courses Grades Student Their Own Courses and Grades Personal Information Permissions are grouped by "roles." Each user is assigned a role which allows them to access different resources. RBAC is primarily used in businesses/organizations.

Access Control (ABAC) ABAC regulates access to data based on multiple attributes (e.g. time, location, device, etc.). This can be used to implement all three access control models previously discussed. "Due to its flexibility, the ABAC model has been widely used for implementing access control for IoT." (Bertin, 2019)

Issues with Access Control Even though the ABAC model can check for multiple attributes to prevent unauthorized access, it is still limited when using IoT. Most IoT devices have limited processing capabilities and might not be able to provide the necessary attributes. They might also be formatted differently.

References Ferreira, Roberto. "Internet of Things: Privacy and Security Implications." Proceedings of the Digital Privacy and Security Conference, 2019, privacyandsecurityconference.pt/proceedings.html. Bertin, Emmanuel, et al. "Access Control in the Internet of Things: a Survey of Existing Approaches and Open Research Questions." Annals of Telecommunications, 2019, doi:10.1007/s12243-019-00709-7. Belim, Sergey, et al. "A Precedent Approach to Assigning Access Rights." Cornell University, 2018, arxiv.org/abs/1812.10961.

References (cont.) "IPhone 8." Buy IPhone 8 and IPhone 8 Plus - Apple, www.apple.com/shop/buy-iphone/iphone-8. "Cartoon Light Switch #1581757." Clipart Library, clipart-library.com/clipart/LidoBAEdT.htm. Johnett. "A Thermostat Clipart." Kisspng, www.kisspng.com/png-thermostat-computer-icons-clipart-1907585/. "Modern SmartWatch PNG Clipart." Clipart PNG Pictures, clipartpng.com/?768,modern- smartwatch-png-clipart. "Pacemaker." Pacemaker - Mayo Clinic, Mayo Foundation for Medical Education and Research, 2019, www.mayoclinic.org/tests-procedures/pacemaker/about/pac-20384689. Oksmith. "Security Camera (#1)." OpenClipart, 11 Feb. 2018, openclipart.org/detail/296461/security-camera.