320 likes | 562 Views
Contextual Risk-based Access Control Mechanism. NGUYEN NGOC DIEP Master Fellow – uSec Group. AGENDA. 1 – Introduction 2 – Access Control Model 3 – Risk Assessment 4 – Related Work 5 – Conclusion. Introduction- Background.
E N D
Contextual Risk-based Access Control Mechanism NGUYEN NGOC DIEP Master Fellow – uSec Group
AGENDA 1 – Introduction 2 – Access Control Model 3 – Risk Assessment 4 – Related Work 5 – Conclusion
Introduction- Background • In the new environment, security problems are much more complex since ubiquitous environment is more dynamic, more distributed, more invisible and heterogeneous. Therefore, we need to view security problems in a new paradigm and explore them thoroughly under the above effects. • Information security can be broadly categorized into three types: confidentiality, integrity and availability. Access Control is critical to preserve the confidentiality and integrity of information. • Autonomous decision-making is an increasingly popular application for security, including access control in ubiquitous computing
Introduction- Motivation • Current research about Access Control is mostly based on the context and role. Some recently research used trust as the fundamental component. • Risk Assessment is an effective tool using in decision-making and is an important factor in economics, but is not applied well in security, especially in access control • Context is not used in an effective way in decision-making process
Introduction- Problem Statement • Risk in Access Control in Ubiquitous Computing Environment is a new problem. In this work, we will present a contextual risk-based Access Control model. • Applying risk assessment to make decisions, based on context parameters.
Access Control Model - A request by principle p (user or process) to Access Control Manager - Risk Assessment module calculate risk based on the credentials, sort of actions and the current context (risk context) - The risk value is compared with the threshold, then return the decision We call the period doing action is session
Access Control Model Factors in the access control model: • Principle (p): admin, staff, professor, guest • Set of Actions (a), i.e. : read, write, delete, modify • Set of Outcomes (o): confidentiality, availability, integrity • Set of Context (c): time (night, daytime,…), location (in-building, in-office, outside), network state • Consequence function: shows the cost of each outcome in a specific context • Risk function: calculates risk of the action in current context.
Risk Assessment • Definition:“Risk is often evaluated based on the probability of the threat and the potential impact” • 3 factors: loss of availability, loss of confidentiality and loss of integrity. • The parameters: - Principle context - Environment context - Resource context - List of outcomes of the action
Risk Assessment Multi Factor Evaluation Process: • In reality, we have many decision-making problems that need to consider many factors. We can use Multi Factor Evaluation Process (MFEP) • In MFEP, decision maker subjectively identify important factors in a given decision situation and assign a weight for each factor. The weight presents the relative importance of each factor in making the decision • Secondly, identify alternatives (solutions) available to decision maker. • Thirdly, factor evaluation: for each alternative, all factors are evaluated and a weight is assigned to each. • A weighted evaluation is then computed for each alternative as the sum of product of factors weights and factors evaluations.
Risk Assessment Multi Factor Evaluation Process: • Step 1: List all factors and give to factor i a value weight Fwi (0 < Fwi < 1). Fwi expresses the important of factor i in comparative. • Step 2: Factor Evaluation With each factor i, we assess solution j by giving it a coefficient FEij (called evaluation of solution j under factor i) • Step 3: Total Weighted Evaluation • choose solution j0 if we have Max TWEj with j = j0
Risk Assessment MFEP example: Problems: A graduate student wants to find a work. The important factors in this situation is salary, position of office, partners, kind of works, other benefits, … He need to find a best decision. • Solution: Assuming that after considering, he found that 3 most important factors is: Salary, Promotion, Position of office and the relative importance of each factor is respectively 0.3, 0.6, 0.1. (Table 1) • There are 3 companies A, B, C that accepts him. For each company, he evaluates according to 3 above factors and has evaluation table (table 2)
Risk Assessment • Step 1: • Step 2: Evaluate FEij
Risk Assessment Step 3: Total Weight Evaluation (TWE) TWE(A) = 0.3*0.7+0.6*0.9+0.1*0.6 = 0.81 TWE(B) = 0.3*0.8+0.7*0.7+0.1*0.8 = 0.74 TWE(C) = 0.3*0.9+0.6*0.6+0.1*0.9 = 0.72 choose company A
A case study –Access control management in a hospital • Access control system to manage accesses to patient‘s records in a hospital. • Data is stored in database and can be accessed through remote terminal. • The records can be text, video, image or sound format and it has some properties • Each member has his role and set of permitted corresponding actions. • Each action has list of outcomes
Risk Assessment -Definitions • Action is an action in set of action A (available for the principle), • is an outcome in set of outcome O of action • is cost of outcome j of action in term of availability • is cost of outcome j of action in term of integrity • is cost of outcome j of action in term of confidentiality • is a set of context parameter • is the probability of outcome in
Risk Assessment -Schema • Step 1: Identify actions in service, outcomes of each action • Step 2: Assign weight for each factor availability, integrity, confidentiality to each action. • Step 3: Specify cost of each outcome in term of availability, integrity, confidentiality • Step 4: Identify probability of outcome (f), based on the set of current context and probability of it. • Step 5: We have 2 solutions: Accept or Reject, and risk value of action in term of availability, integrity and confidentiality in both 2 solution • Step 6: Apply MFEP with the above parameters and choose the better solution
Risk Assessment (cont) -Cost of outcome • Cost of outcome:is calculated based on context parameters. • We calculate the cost in the aspect of availability, integrity, confidentiality
Risk Assessment (cont) -Cost of outcome • For loss of availability: • For loss of integrity: • For loss of confidentiality: with exists if and only if all required context parameters exist.
Risk Assessment (cont) -Cost of action • Cost of an action is a total weighted evaluation of all outcomes of the action
Risk Assessment (cont) -Cost of action • For availability: • For integrity: • For confidentiality:
Risk Assessment (cont) - Risk value evaluation • With each service, we consider the importance of each element (availability, integrity, confidentiality) different. • Risk value of an action is defined as a weighted arithmetic mean of its risk value of availability, confidentiality and integrity. • where and they can be adjusted to a suitable value if more weight is to be given to a specific metric.
A Case Study • Step 1:
A Case Study • Cost Evaluation: 1-10 0: No impact, 1-2: Small impact 3-5: Medium impact 5-8: Big impact 9-10: Disaster • View Action: Cost of each outcome • (See the table in previous slide)
A Case Study • Assuming that: we have current context Record too big, Data unencrypted • View Action: Accept solution: RV = 0.3x1.5+0.3x0.6 = 0.63 Reject solution: RV = 0.3x5+0.4x0+0.3x0 = 1.5 • Choose Accept solution *But if current context includesRecord too big, Data unencrypted and Transaction session is in peak, the result will be Reject solution
Related works - In some context-based access control model, they really provide dynamic and flexible , but the decision-making process is not powerful and precise as in our model using risk. - The paper “Using Trust and Risk in RBAC policies” [7] used the concept outcome to calculate cost for each outcome and risk value but they did not consider the context for risk assessment, but trust. - In “Risk Probability Estimating Based on Clustering” of YongChen et al (2003), they used neural network for risk estimator. In this work, we use a simpler method, that takes advantage of context to know about the state of the network and the service - Compare with my previous work, this one is better. We apply MFEP to calculate risk and do not need threshold which is hard to define.
Conclusion • We have investigated how to apply risk to access control and propose an access control model with risk assessment. • It provides a precise way of making decision because of utilizing context in risk assessment process. • We have further demonstrated how this model can be applied to manage access control in a practical scenario and explored it in manner of ubiquitous computing. • The disadvantage of this mechanism is: the service provider need to work out the cost of each outcome in each action
Future work • Decision-making should be done during the working period of the activity, whenever the context changes into another state. • Automatically update the cost of outcomes of the actions in making decision process and detailed information of current network state based on evidence gathered from context • Do the simulation work to prove the performance of the system • We need to consider more parameters and factors that effect to risk assessment process such as risk in authentication phase.
References • [1] R.J. Hulsebosch , A.H. Salden, M.S. Bargh, P.W.G. Ebben, J. Reitsma. “Context Sensitive Access Control”. In proceedings of the tenth ACM symposium on Access control models and technologies, Stockholm, Sweden, 2005. • [2] Lalana Kagal, Tim Finin, and Anupam Joshi. “Trust-based security in pervasive computing environments”. IEEE Computer, 34(12):154--157, December 2001. • [3] V. Cahill, B. Shand, E. Gray, et al., "Using Trust for Secure Collaboration in Uncertain Environments," Pervasive Computing, vol. 2, no. 3, pp. 52--61, July-September 2003. • [4] Nathan Dimmock , Jean Bacon, David Ingram, and Ken Moody. “Risk Models for Trust Based Access Control”. University of Cambridge, Computer Laboratory, JJ Thomson Ave, Cambridge CB3 0FD,UK. • [5] Peter Chapin , Christian Skalka , X. Sean Wang. “Risk assessment in distributed authorization”. Proceedings of the 2005 ACM workshop on Formal methods in security engineering, November 11-11, 2005, Fairfax, VA, USA • [6] Hassan Jameel, Le Xuan Hung, Umar Kalim, Ali Sajjad, Sungyoung Lee, Young-Koo Lee, "A Trust Model for Ubiquitous Systems based on Vectors of Trust Values", ism, pp. 674-679, Seventh IEEE International Symposium on Multimedia (ISM'05), 2005. • [7] Nathan Dimmock et al , “Using Trust and Risk in RBAC policies”, 2004