Presentation is loading. Please wait.

Presentation is loading. Please wait.

[ [ WP3 : Modelling and delegation of secure interoperability policies Brussels – 29/05/2013.

Published byGervase Watson Modified over 8 years ago

Similar presentations

Presentation on theme: "[ [ WP3 : Modelling and delegation of secure interoperability policies Brussels – 29/05/2013."— Presentation transcript:

1 [ [ WP3 : Modelling and delegation of secure interoperability policies Brussels – 29/05/2013

2 Presentation Outline WP3 Objectives WP3’Deliverables WP3’ Tasks T3.1: Specification of Secure Interoperability Policies Security Model Negotiation Process & Architecture Interoperability T3.2: Delegation T3.3: Privacy for Information exchange T3.4: Deployment of Policies 09/07/20162INTER-TRUST First Review

3 WP3 Objectives Describing interoperable security policies as security SLA Designing privacy-preserving negotiation and delegation mechanisms for the interoperability of security policies Insuring privacy in the information exchange Deployment of policies Input: requirements and architecture defined in WP2 Output: providing support for the use of these models by the techniques and tools defined in WP4 09/07/20163INTER-TRUST First Review

4 WP3’Deliverables 09/07/2016INTER-TRUST First Review4 4

5 Leaders and Participants of WP3’Tasks 09/07/20165 T3.1: Specification of secure Interoperability policies T3.2: DelegationT3.3: Privacy in Information exchange T3.4: Deployment of Policies IT SOF MI UOR UMU INDRA MI IT URVSCYTL SOF UOR IT SOF MI UMU INDRA INTER-TRUST First Review

6 T3.1: Specification of Secure Interoperability Policies 09/07/20166 6 Threat Modeling Extend existing security policy models to express how the system must take into account different possible threats Negotiation Agreement on the security requirements that must be enforced Ontological mapping to map the entities of the two devices that have to interoperate and define compatibility Trust Negotiation Adapting trust negotiation concepts to interoperability requirements Interoperability framework: digital credentials, disclosure policies and negotiation strategies INTER-TRUST First Review

7 Adversary View 09/07/20167 7 New Security Attacks Digital car hijacking [Koscher,10] Car control by malware Reprogramming parameters Replacing the whole firmware Inject bogus traffic information signals [Andrea, 07] Deception (bad weather, full car parking, road works, accidents Physical attack on the e-Tolling device [root labs,06] IDs are cloneable Communication is replayable Privacy compromise INTER-TRUST First Review

8 Threat Modeling 09/07/20168 8 Adversary Model Adversary Profile Attack Objectives Attack Consequences Attack Mode & Attack Method Threat Modeling Profile Rely on exiting threat and vulnerability modeling approaches Attack Trees Knowledge-centric Attack Tree Misuse case Abuse Frames INTER-TRUST First Review

9 Interoperability and Negotiation 09/07/20169 Negotiation phase: definition of interoperability contracts  SLA Based on SLA and local security policies, definition of interoperability policies Trust Negotiation phase: definition of processes to access interoperability policies 1 2 3 INTER-TRUST First Review

10 10 Security Model Define a model which specifies the security policies to be applied on different components of Inter-TRUST architecture These security policies have to be applied and instantiated on different parties of use cases of the project V2V: on vehicles V2I: vehicles, RSU, control center e-voting : client, e-voting application, e-voting server The security model is based especially on access control rules which enforce different security properties: privacy, confidentiality, integrity, etc INTER-TRUST First Review09/07/2016

11 OrBAC Model (1/3) Organization Based Access Control – OrBAC Abstraction of security policies: abstract rules Role, View, Activity Instantiation of security policies: concrete rules Subject, object, action Context: Spatial context: depends on the subject position Temporal context: depends on the time of the subject request User-declared context: depends on parameters declared by the subject Prerequisite context: depends on a relation between the subject, the action and the object Provisional context: depends on the previous actions of the subject 11INTER-TRUST First Review09/07/2016

12 OrBAC Model (2/3) 12 SR (Type, Org, Role, Activity, View, Context) Type  {permission, interdiction, obligation} SR (Type, Org, Role, Activity, View, Context) Type  {permission, interdiction, obligation} 4 predicates: empower (org, subject, role): means that in organization org, subject is empowered in role consider (org, action, activity): means that in organization org, action is considered an implementation of activity use (org, object, view): means that in organization org, object is used in view hold (subject, action, object, c): means that context c is true between subject, action and object An abstract security rule: INTER-TRUST First Review09/07/2016

13 OrBAC Model (3/3) 13 SR (Permission, Org, Role, Activity, View, Context)  empower(org, subject, role)  consider(org, action, activity)  use(org, object, view)  hold(subject, action, object, c) → SR (Permission, Org, subject, action, object, c) SR (Permission, Org, Role, Activity, View, Context)  empower(org, subject, role)  consider(org, action, activity)  use(org, object, view)  hold(subject, action, object, c) → SR (Permission, Org, subject, action, object, c) A concrete security rule is defined as: INTER-TRUST First Review09/07/2016

14 MotOrBAC Tool 14 Plug-ins interface Plug-in1Plug-in2Plug-in1... MotOrBAC Functionalities Administration Delegation management Entity hierarchies Conflict management INTER-TRUST First Review09/07/2016

15 Security Policies for Use cases V2V: Contextual Speed Advisory – CSA The vehicle requesting access to the contextual speed advisory service is located in the road controlled by the operator. The vehicle requesting access to the contextual speed advisory service is authorized to access this service offered by the road operator. INTER-TRUST First Review09/07/201615

16 09/07/201616 OrganizationsRolesActivitiesViewsContexts ITS_S_Org Vehicle RSU ITS_S Authenticate, Access, Sign, Receive, Connect, Encrypt Certificate, Speed_Advisory_app, Symmetric_session_key, RSU, ITS_S, messages, Traffic_information, Advisable_speed_information Default, signature_conditions, encrypt_conditions Vehicle_Org ITS_S, Vehicle Authenticate, Access, Communicate, Send_UDP, Sign, Encrypt Certificate, In_Vehicle_CSA_app, In_Vehicle_host, Nodes_Multicast, messages Default, secure_channel, signature_conditions, encrypt_conditions RSU_OrgITS_S, RSU Authenticate, Access, Connect, Send_UDP, Communicate Certificate, message_delivery_service, RSU, nodes_multicast, ITS Default, Secure_Channel Entities in CSA scenario INTER-TRUST First Review

17 09/07/201617 Security policy typeSecurity rules Authentication Obligation (ITS_S_Org, Vehicle, Authenticate, Certificate, default) Obligation (Vehicle_Org, ITS_S, Authenticate, Certificate, default) Obligation (ITS_S_Org, RSU, Authenticate, Certificate, default) Authorization Permission (ITS_S_Org, RSU, Access, Speed_advisory_app, default) Obligation (ITS_S_Org, Vehicle, Authenticate, Certificate, Default) Permission (ITS_S_Org, Vehicle, Access, Speed_advisory_app, default) Obligation (ITS_S_Org, Vehicle, Receive, Symmetric_session_key, default) Permission (RSU_Org, ITS_S, Access, Message _delivery_service, default) Permission (Vehicle_Org, ITS_S, Access, In_Vehicle_CSA_app, default) Trust-InteroperabilityEmpower (ITS_SB_Org, ITS_SB, ITS_S) <-- Empower (ITS_SA_Org, ITS_SA, ITS_S) Permission (ITS_SA_Org, ITS_S, Receive, traffic_information, default) Empower (ITS_SA_Area, ITS_SA, ITS_S) <-- Empower (ITS_SB_Area, ITS_SB, ITS_S) Permission (ITS_SB_Area, ITS_S, Receive, Advisable_speed_information, default) Example Security Policies for CSA scenario INTER-TRUST First Review

18 09/07/201618 Security policy typeSecurity rules Channel protection Permission (ITS_S_Org, RSU, Connect, ITS_S, Secure_Channel) Permission (RSU_Org, ITS_S, connect, RSU, Secure_Channel) Permission (Vehicle_Org, Vehicle, Communicate, In_Vehicle_Host, Secure_Channel) Filtering Permission (RSU_Org, RSU, send_UDP, Nodes_Multicast, default) Permission (Vehicle_Org, Vehicle, send_UDP, Nodes_Multicast, default) Permission (RSU_Org, ITS_S, Communicate, RSU, Secure_Channel) Permission (RSU_Org, RSU, Communicate, ITS_S, Secure_Channel) Permission (ITS_S_Org, ITS_S, Communicate, RSU, Secure_Channel) Permission (ITS_S_Org, RSU, Communicate, ITS_S, Secure_Channel) Message security Permission (Vehicle_Org, Vehicle, sign, messages, Signature_conditions) Permission (ITS_S_Org, ITS_S, sign, messages, Signature_conditions) Data securityPermission (Vehicle_Org, Vehicle, Encrypt, messages, Encrypt_conditions) Permission (ITS_S_Org, ITS_S, Encrypt, messages, Encrypt_conditions) Examples of Security Policies ( CSA scenario ) INTER-TRUST First Review

19 09/07/201619 OrganizationsRolesActivitiesViewsContexts ITS_S_Org Vehicle RSU ITS_S Authenticate, Access, Sign, Receive, Connect, Encrypt Certificate, Dynamic_Route_Planning, Symmetric_session_key, RSU, ITS_S, messages, Traffic_information, Advisable_speed_information Default, signature_conditions, encrypt_conditions Vehicle_Org ITS_S, Vehicle Authenticate, Access, Communicate, Send_UDP, Send_TCP, Sign, Encrypt Certificate, In_Vehicle_DRP_app, In_Vehicle_host, Nodes_Multicast, messages, nodes_unicast Default, secure_channel, signature_conditions, encrypt_conditions RSU_OrgITS_S, RSU Authenticate, Access, Connect, Send_UDP, Send_TCP, Communicate Certificate, message_delivery_service, RSU, nodes_multicast, ITS, nodes_unicast Default, Secure_Channel Examples of Security Policies entities( DRP scenario ) INTER-TRUST First Review

20 09/07/201620 Security policy typeSecurity rules Authentication Obligation (ITS_S_Org, Vehicle, Authenticate, Certificate, default) Obligation (Vehicle_Org, ITS_S, Authenticate, Certificate, default) Obligation (ITS_S_Org, RSU, Authenticate, Certificate, default) Obligation (RSU_Org, ITS_S, Authenticate, Certificate, default) Authorization Obligation (ITS_S_Org, Vehicle, Authenticate, Certificate, Default) Permission (ITS_S_Org, Vehicle, Access, Dynamic_Route_Planning, default) Obligation (ITS_S_Org, Vehicle, Receive, Symmetric_session_key, default) Permission (Vehicle_Org, ITS_S, Access, In_Vehicle_DRP_app, default) Trust- Interoperability Empower (ITS_SB_Area, ITS_SB, ITS_S) <-- Empower (ITS_SA_Area, ITS_SA, ITS_S) Permission (ITS_SA_Area, ITS_S, Receive, traffic_information, default) Empower (ITS_SA_Area, ITS_SA, ITS_S) <-- Empower (ITS_SB_Area, ITS_SB, ITS_S) Permission (ITS_SB_Area, ITS_S, Receive, Advisable_speed_information, default) Channel protectionPermission (RSU_Org, RSU, Connect, Vehicle, Secure_Channel) Permission (RSU_Org, ITS_S, connect, RSU, Secure_Channel) Permission (ITS_S_Org, RSU, Connect, ITS_S, Secure_Channel) Permission (RSU_Org, ITS_S, connect, RSU, Secure_Channel) Permission (Vehicle_Org, Vehicle, Communicate, In_Vehicle_Host, Secure_Channel) Examples of Security Policies ( DRP scenario ) INTER-TRUST First Review

21 09/07/201621 Filtering Permission (RSU_Org, RSU, send_UDP, Nodes_Multicast, default) Permission (RSU_Org, RSU, send_TCP, Nodes_Unicast, default) Permission (Vehicle_Org, Vehicle, send_UDP, Nodes_Multicast, default) Permission (Vehicle_Org, Vehicle, send_TCP, RSU, default) Permission (Vehicle_Org, RSU, send_TCP, Vehicle, default) Permission (RSU_Org, RSU, Communicate, ITS_S, Secure_Channel) Permission (ITS_S_Org, ITS_S, Communicate, RSU, Secure_Channel) Permission (ITS_S_Org, RSU, Communicate, ITS_S, Secure_Channel) Message security Permission (Vehicle_Org, Vehicle, sign, messages, Signature_conditions) Permission (ITS_S_Org, ITS_S, sign, messages, Signature_conditions) Permission (ITS_S_Org, ITS_S, Encrypt, messages, Encrypt_conditions) Data securityPermission (Vehicle_Org, Vehicle, Encrypt, messages, Encrypt_conditions) Permission (ITS_S_Org, ITS_S, Encrypt, messages, Encrypt_conditions) Examples of Security Policies ( DRP scenario ) INTER-TRUST First Review

22 Negotiation Process a decision D ∈ {permission, prohibition}, - a group of subjects S, - a group of actions A, - a group of objects O, - some contextual conditions Ctx - X: s, o, a - group : S, O, A - C : conditions of mapping, C ∈ {Cs, Ca,Co} a decision D ∈ {permission, prohibition}, - a group of subjects S, - a group of actions A, - a group of objects O, - some contextual conditions Ctx - X: s, o, a - group : S, O, A - C : conditions of mapping, C ∈ {Cs, Ca,Co} In a negotiation process, there are mainly three components: The negotiation protocols are the set of rules managing the interaction, The negotiation objects are the range of issues over which agreement must be reached, The decision making models are the decision making tool the participants employ to act in line with the negotiation protocol in order to achieve their objectives Negotiation Policy: P: (D, S, A, O, Ctx) Pm: (X, group, C) 09/07/2016

23 Negotiation Architecture INTER-TRUST First Review09/07/201623

24 Negotiation vs. Interoperability INTER-TRUST First Review09/07/201624

25 T3.2: Delegation 09/07/201625 In the DOW: In this task we will Study the Challenges to delegation Pervasive environments Limited processing power of some devices Cryptographic operations can be slow on those devices Solution: Delegation of processing Expressed using the OrBAC model Deployment of the specified delegation rules will be studied in T3.4 INTER-TRUST First Review, Samiha Ayed (IT-TB)

26 T3.3: Privacy in Information exchange 09/07/201626 In the DOW: In this task we will Designing privacy-preserving negotiation mechanisms Categorizing and evaluating privacy scenarios based on: needs of pervasive systems in dynamic environment level of privacy they provide Solving the new privacy problems: specific privacy-preserving technologies (PPDM) Output: used in WP2, WP4 INTER-TRUST First Review, Samiha Ayed (IT-TB)

27 Privacy Modeling (1/3) Privacy requirements: Purpose : before delivering private data, third parties should mention the purpose of the access request Accuracy of the private data : is a data owner parameter. The user can set its preferences by choosing the accuracy, which corresponds to the level of anonymity User consent : data owner preference can include the requirement of consent before delivering the personal data to third parties Obligations after the access : the data controller, which collects personal data has to ensure the usage of personal data. This corresponds to some obligations ordered to third parties. INTER-TRUST First Review, Samiha Ayed (IT-TB)09/07/201627

28 Privacy Modeling (2/3) Privacy aware models: Take into account purposes and obligations P-RBAC, Purpose-BAC, Pu-RBAC PrivOrBAC: Dynamic contexts could be expressive enough to take into account the major privacy principles Extends the existing model with a new consent context Models the object’s accuracy and the provisional obligations that requesters and providers must perform after accessing sensitive data INTER-TRUST First Review09/07/201628

29 Privacy Modeling (3/3) INTER-TRUST First Review09/07/201629

30 T3.4: Deployment of Policies 09/07/201630 In the DOW: In this task we will Configuring applications and generating the security aspects that must be integrated into applications Considering the special scenario of V2I communication in ITS application Generating code or configuration files used by the APIs weaved into the applications to make them secure Deployment of policies: interoperability policies + reaction policies INTER-TRUST First Review

Download ppt "[ [ WP3 : Modelling and delegation of secure interoperability policies Brussels – 29/05/2013."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Operating System Security

Operating System Security
Workpackage 2: Norms www.agreement-technologies.org.

Workpackage 2: Norms
OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007.

OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.

MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Key Management in Cryptography

Key Management in Cryptography
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Survey of Identity Repository Security Models JSR 351, Sep 2012.

Survey of Identity Repository Security Models JSR 351, Sep 2012.
1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.

1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.

Similar presentations

Ads by Google