260 likes | 439 Views
Synergy: A Trust-aware, Policy-driven Information Dissemination Framework. Ragib Hasan and Marianne Winslett University of Illinois at Urbana-Champaign. Overview. Motivation Synergy framework Trust negotiation Components Protocol Case study VisiRescue Conclusion. Motivation.
E N D
Synergy: A Trust-aware, Policy-driven Information Dissemination Framework Ragib Hasan and Marianne Winslett University of Illinois at Urbana-Champaign
Overview • Motivation • Synergy framework • Trust negotiation • Components • Protocol • Case study • VisiRescue • Conclusion
Motivation • Providing secure access to right information at the right time, to the right entities is important • Access control and authorization needs to be context-dependent, and scalable
Motivation • Hypothetical scenario 1: • A Train derails inside the City of Champaign • First Responders meet at the Emergency Operations Center (EOC) • For swift decisions, information needed from various sources • Video cameras at nearby locations • Three gas sensors used by the Hazmat team • Windspeed, direction sensors • Waterflow sensors from USGS
Motivation • Hypothetical scenario 1: • The info sources belong to different organizations • Security domains are different • Some resources will not be shared in normal situations • Cameras may not be shared, to protect privacy • Not feasible or manageable to create logins at every organization
Motivation • Hypothetical scenario 2: • The information from all power stations in the mid west are collected by Midwest ISO. For market-related reasons, all the details are not normally shared with every client • Suppose, an overload trips a generator in Champaign, IL. This, and other info from MISO can be used by other power stations to balance their loads • Lack of information caused the 2003 powergrid failure • But the info is also sensitive, so should only be shared during emergencies
Motivation • Hypothetical scenario 2: • Here the information source is single, but there are multiple clients • Not all information are shared with every client • Not all clients get the same view • Access to information is situation/context dependent • It is not feasible to create logins for every plant operator
Solution? • To utilize Trust Negotiation in creating a flexible information sharing framework • Use access control policies, to determine level of access to information • Use a modular architecture for separating the applications from the underlying security infrastructure
Contribution • A generalized modular framework for Policy-based Trust-aware secure information sharing (Synergy) • Utilization of heterogeneous components in building a situational awareness system (VisiRescue), running on top of Synergy
Overview • Motivation • Synergy framework • Trust negotiation • Components • Protocol • Case study • VisiRescue • Conclusion
Synergy • Goals • To build a information sharing framework that is, • Secure • Modular • Extensible • Decouple security and authorization mechanisms from information sources and consumers to allow diverse systems to be integrated easily • Use Trust Negotiation for attribute-based authorization
Trust negotiation overview • An iterative way of establishing trust between strangers • Uses attributes, certified by unforgeable digital credentials for authorization • Automated exchange based on policies allow flexibility and scalability • Example implementations: • Trustbuilder (UIUC and BYU) • Trust-X (Purdue, Milan)
Client establishes trust with previously unknown server via TN Prove you’re the real TV station server previously certified by the State Server credentials Request for access to the weather sensors Prove that you are a first responder First responder credentials Server establishes trust with previously unknown client via TN A certificate from FEMA/IEMA Access tokens/ Sensor data Prove that there is an emergency situation Trust negotiation example Fireman in Champaign EOC Wind sensors at TV station
Synergy components • Information Producer • The source of information, for example, a windspeed sensor • Information Consumer • The consumer of information, for example, a GIS display • Synergy Server • Provides access to resources based on access policies • Synergy Client • Retrieves information and converts it for use by consumer • Trust Agent • Provides access through Trust Negotiation
Information Sources set policies for access to information Model Synergy Servers provide negotiated access to resources Trust Agents negotiate access to information on behalf of Synergy clients and servers Synergy clients communicates with server, provides resources to local application Information Consumers interpret and use the information
Protocol (informal description) • Client to Server: • Request resource list • Server to Client: • Either the list, or a request for negotiation • Client: • Invoke its Trust Agent, negotiate with server’s designated Trust Agent, obtain token, resend list request • Client to Server: • Request individual resources • Server to Client: • Either the value of the resource, or a request to negotiate further • Client: • Invoke Trust Agent, negotiate, get token, resend request with token
Advantages • Decouple security and authorization from information producers and consumers • This allows integrating any application on top of Synergy • TN allows attribute based authorization between the information producer and consumer’s domain, • More scalable and flexible than traditional identity based schemes
Overview • Motivation • Synergy framework • Trust negotiation • Components • Protocol • Case study • VisiRescue • Conclusion
Case study: VisiRescue • Goal • Build a situational awareness tool for City of Champaign Emergency Operations Center • Project information from different types of sensors available from various organizations in the city • Wind sensors: Located at the airport, Atmospheric science department • Waterflow: Maintained by USGS • Video Camera: Maintained by many entities
Mapping to Synergy • Trust Agent • TrustBuilder 1.0 • Information Producer: • The sensor feeds, video streams, METCAD 911 data • Information Consumer: • Visual display with ArcGIS • Google Map API (quite useful and easy to program)
Front Ends • ArcGIS • Too slow, heavyweight • But can show finer details with data from CCGIS • Not free! • Google Maps • Simple API using AJAX • Free! • Works fine for simple tasks
Overview • Motivation • Synergy framework • Trust negotiation • Components • Protocol • Case study • VisiRescue • Conclusion
Conclusion and Future work • Synergy allows scalable, policy-based secure information dissemination • Work-in-progress • More case studies in different areas • More work needed to standardize Trust Agent component
Questions? Contact: rhasan@uiuc.edu