Webinar:

Privacy regulations – a complex
authorization challenge
Webinar:

Privacy regulations – a complex
authorization challenge
this webinar will start in:
Guidelines

You are muted centrally

The webinar is recorded

Slides available for download

Q&A at the end

3
Speakers & Agenda
 Today‟s speakers

Finn Frisch

Pablo Giambiagi
Twitter

@axiomatics
#XACML

5
Upcoming webinar

Axiomatics
Agenda
 Introduction/overview:
Axiomatics technology offerings and their objectives
 Privacy problem:
Overview of the a ...
Axiomatics solutions – objectives


Secure access to sensitive
information without sacrificing
business agility



Provi...
Axiomatics technology solutions – issues addressed

Who?
What?

Where?
When?
Why?
How?
© 2013 Axiomatics AB

9
Axiomatics technology solutions – what we do

Who?
What?

Where?
Authorization for
applications:
Axiomatics Policy Server
...
The privacy problem
 For efficient collaboration you must share information
 Information you cannot share is of little u...
What is privacy?
 ”Freedom from unauthorized intrusion” (Merriam-Webster)

 “A private matter” (Merriam-Webster)
 Priva...
When quantity becomes quality
Internet users per 100 inhabitants

Original image: Internet users per 100 inhabitants ITU.s...
When quantity becomes quality
 Number of post offices and other outlets in Sweden1996-2012
1,400

1,200

1,000

800

600
...
Technological capacity to process information
 Storage in optimally
compressed MB

With permissions from publisher. Sourc...
Privacy regulations

Axiomatics

16
European convention on human rights 1953
Article 8 – Right to respect for private and family life

Everyone has the right ...
European Union after the Treaty of Lisbon in 2009

THE TREATY ON THE FUNCTIONING OF THE EUROPEAN
UNION 2010
Article 16 (ex...
New EU data protection rules
 “Brussels, 25 January 2012 – The European
Commission has today proposed a comprehensive
ref...
EU regulation proposal for 2014


A single set of rules on data protection, valid across the EU. Unnecessary administrati...
Designing for privacy
Application design must cater for privacy requirements
Privacy – insurance example
Insurance company - claims adjuster

Insurance agent

• Privacy classified
HR administrator in...
Claims workflow sub-processes
 Risk-matrix
Claims
Administration

 Process-related segregation of duties

 Compliance w...
Sensitive data of mixed types
 Table with mixed types of privacy-sensitive data
 Authorization depends on multiple facto...
Multi-factor authorization needed

Souce: International association of privacy professinals (IAPP), Glossary
https://www.p...
A paradigm shift in Identity and Access Management
FROM:
 User-centric:
Role-Based
 Single-factor:
Who are you?

 Autho...
Claims Table with privacy filter

Bob
ID

Name

Social Security
Number

Financial
Data

Medical data

Company

Unit

1

Al...
Claims Table with privacy filter

Alice
ID

Name

Social Security
Number

1

Alex Jonson

123-45-6789

2

Bob Brown

456-7...
Claims Table with privacy filter

Joe
ID

Name

Social Security
Number

Financial
Data

Medical data

Company

Unit

1

Al...
Claims Table with privacy filter

Joe in a different context

Joe
ID

Name

Social Security
Number

Financial
Data

Medica...
Technology solutions
Axiomatics Policy Server



Authorization services:
 PDP - a Policy Decision Point for XACML 3.0 request/response
servic...
The XACML Architecture

Enforce
Policy Enforcement Point

Decide
Policy Decision Point

Support
Policy Information Point
P...
The Axiomatics Reverse Query in the architecture

Enforce
Policy Enforcement Point

List
Reverse Query evaluation

Support...
Axiomatics Data Acces Filter 1.0 - Overview
 Authorization on the data layer
 PEP or proxy intercepts SQL call to databa...
An example from law enforcement
 Resources to protect: Data in the ”Case” table.
Column Name

Data Type

Description

cas...
High-level privacy policy
 A Confidential case is visible to all people assigned to
the unit that is responsible for the ...
Resource Attribute Identification
Resource attribute:
case_classification

A Confidential case is visible
to all users ass...
Privacy protection policy
policy Case_Access {
target clause table_name == "CASE” and column_name == "CASE_NARRATIVE”
// A...
Unit and role assignments
Confidential
Case

116
User

assigned to

1005

Unit

4
Top Secret
Case

114

intelligence
offic...
Case narrative visibility for user 1005
Confidential
Case

116
User

assigned to

1005

Unit

4
Top Secret
Case

114

inte...
Case narrative visibility for user 1005
Axiomatics Data Acces Filter 1.0 – details
 Fine-grained data access control
 Table, row, column and cell levels
 Data-...
Axiomatics Data Acces Filter 1.0 – details
 ADAF currently requires Oracle VPD as the PEP
 VPD (Virtual Private Database...
Conclusions
 Applications need to be designed for privacy
 To do that, authorization must be context-aware
 To achieve ...
Questions?
Contact us at
info@axiomatics.com
© 2013 Axiomatics AB

46
Upcoming SlideShare
Loading in …5
×

Privacy regulations - a complex authorization challenge for today's organizations

700
-1

Published on

Watch the video at http://www.youtube.com/watch?v=nLEOnda1JBk

Efficient processing and sharing of information is essential in every organization. However, security often fails. This typically leads to either of two scenarios:

Data is locked away rather than being shared among colleagues and partners, which seriously reduces efficiency and/or results in loss of business.
Access to data is opened up for too many users, which can be a serious breach of the law.
Securely sharing records that include or refer to personally identifiable information (PII) represent a special challenge, as legal constraints differ between countries. In other words the complex issues for organizations operating nationally, such as a governmental agency, are multiplied for multinationals.

In this webinar we will look at how Axiomatics database security capabilities enable organizations to dynamically filter out relevant data from large data stores, based on a user's purpose of use and authorization, and thus resolve privacy data sharing issues.

Topics discussed:

Authorization requirements for existing privacy regulations
New regulations such as the planned EU Data Protection reform; what can we expect?
Examples: filtering of large data sets based on authorization policies as a means to achieve regulatory compliance

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
700
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Policy Enforcement PointIn the XACML architecture, the PEP is the component in charge of intercepting business messages and protecting targeted resources by requesting an access control decision from a policy decision point and enforcing that decision. PEPs can embrace many different form factors depending on the type of resource being protected.Policy Decision PointThe PDP sits at the very core of the XACML architecture. It implements the XACML standard and evaluation logic. Its purpose is to evaluate access control requests coming in from the PEP against the XACML policies read from the PRP. The PDP then returns a decision – either of Permit, Deny, Not Applicable, or Indeterminate.Policy Retrieval PointThe PRP is one of the components that support the PDP in its evaluation process. Its only purpose is to act as a persistence layer for XACML policies. It can therefore take many forms such as a database, a file, or a web service call to a remote repository.Policy Information PointXACML is a policy-based language which uses attributes to express rules & conditions. Attributes are bits of information about a subject, resource, action, or context describing an access control situation. Examples of attributes are a user id, a role, a resource URI, a document classification, the time of the day, etc… In its evaluation process, the PDP may need to retrieve additional attributes. It turns to PIPs where attributes are stored. Examples of PIPs include corporate user directories (LDAP…), databases, UDDIs… The PDP may for instance ask the PIP to look up the role of a given user.Policy Administration PointThe PAP’s purpose is to provide a management interface administrators can use to author policies and control their lifecycle.
  • Privacy regulations - a complex authorization challenge for today's organizations

    1. 1. Webinar: Privacy regulations – a complex authorization challenge
    2. 2. Webinar: Privacy regulations – a complex authorization challenge this webinar will start in:
    3. 3. Guidelines You are muted centrally The webinar is recorded Slides available for download Q&A at the end 3
    4. 4. Speakers & Agenda  Today‟s speakers Finn Frisch Pablo Giambiagi
    5. 5. Twitter @axiomatics #XACML 5
    6. 6. Upcoming webinar Axiomatics
    7. 7. Agenda  Introduction/overview: Axiomatics technology offerings and their objectives  Privacy problem: Overview of the a problem faced by our customers  Technology solution: How multi-factor authorization helps resolve privacy issues  Examples  Technology solutions
    8. 8. Axiomatics solutions – objectives  Secure access to sensitive information without sacrificing business agility  Provide accurate identity authorization governance  Enable secure information sharing across your value chain  Improve regulatory compliance readiness  Facilitate efficient software development
    9. 9. Axiomatics technology solutions – issues addressed Who? What? Where? When? Why? How? © 2013 Axiomatics AB 9
    10. 10. Axiomatics technology solutions – what we do Who? What? Where? Authorization for applications: Axiomatics Policy Server (APS) When? Why? Authorization for data storage: Axiomatics Data Access Filter (ADAF) How? © 2013 Axiomatics AB 10
    11. 11. The privacy problem  For efficient collaboration you must share information  Information you cannot share is of little use  Carelessly sharing PII with unauthorized users is a privacy infringement
    12. 12. What is privacy?  ”Freedom from unauthorized intrusion” (Merriam-Webster)  “A private matter” (Merriam-Webster)  Private sphere – as opposed to public sphere  An essential building block in a democratic society Private Public State
    13. 13. When quantity becomes quality Internet users per 100 inhabitants Original image: Internet users per 100 inhabitants ITU.svg Based on based on data from International Telecommunication Union (ITU) Internet users 2001-2011 and ITU Key Figures 2006-2013 Source: http://commons.wikimedia.org/wiki/File:Internet_users_per_100_inhabitants_ITU.svg Author: Jeff Ogden
    14. 14. When quantity becomes quality  Number of post offices and other outlets in Sweden1996-2012 1,400 1,200 1,000 800 600 400 200 0
    15. 15. Technological capacity to process information  Storage in optimally compressed MB With permissions from publisher. Source: Hilbert and Lopez, 2011 http://www.martinhilbert.net/WorldInfoCapacityPPT.html
    16. 16. Privacy regulations Axiomatics 16
    17. 17. European convention on human rights 1953 Article 8 – Right to respect for private and family life Everyone has the right to respect for his private and family life, his home and his correspondence. http://conventions.coe.int/treaty/en/Treaties/Html/005.htm
    18. 18. European Union after the Treaty of Lisbon in 2009 THE TREATY ON THE FUNCTIONING OF THE EUROPEAN UNION 2010 Article 16 (ex Article 286 TEC) Everyone has the right to the protection of personal data concerning them. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:083:0047:0200:en:PDF
    19. 19. New EU data protection rules  “Brussels, 25 January 2012 – The European Commission has today proposed a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy.”  New Regulation (replacing Directive 95/46/EC) “General Data Protection Regulation”  New Directive (replacing Framework Decision 2008/977/JHA)
    20. 20. EU regulation proposal for 2014  A single set of rules on data protection, valid across the EU. Unnecessary administrative requirements, such as notification requirements for companies, will be removed. This will save businesses around €2.3 billion a year.  Instead of the current obligation of all companies to notify all data protection activities to data protection supervisors – a requirement that has led to unnecessary paperwork and costs businesses €130 million per year, the Regulation provides for increased responsibility and accountability for those processing personal data.  For example, companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours).  Organisations will only have to deal with a single national data protection authority in the EU country where they have their main establishment. Likewise, people can refer to the data protection authority in their country, even when their data is processed by a company based outside the EU. Wherever consent is required for data to be processed, it is clarified that it has to be given explicitly, rather than assumed.  People will have easier access to their own data and be able to transfer personal data from one service provider to another more easily (right to data portability). This will improve competition among services.  A ‘right to be forgotten’ will help people better manage data protection risks online: people will be able to delete their data if there are no legitimate grounds for retaining it.  EU rules must apply if personal data is handled abroad by companies that are active in the EU market and offer their services to EU citizens.  Independent national data protection authorities will be strengthened so they can better enforce the EU rules at home. They will be empowered to fine companies that violate EU data protection rules. This can lead to penalties of up to €1 million or up to 2% of the global annual turnover of a company.  A new Directive will apply general data protection principles and rules for police and judicial cooperation in criminal matters. The rules will apply to both domestic and cross-border transfers of data.
    21. 21. Designing for privacy Application design must cater for privacy requirements
    22. 22. Privacy – insurance example Insurance company - claims adjuster Insurance agent • Privacy classified HR administrator in policyholding entity of which • Visibility depending on victim is an employee purpose of use • Context-awareness is key! Insurance Name Victim Claim Social Sec Number Medical data Financial data John Doe 1976-05-01 Disorder due to work related accident … 28 500 EUR 22
    23. 23. Claims workflow sub-processes  Risk-matrix Claims Administration  Process-related segregation of duties  Compliance with privacy constraints Claims Reserves Claims Payments Claims Quality Assurance, monit oring
    24. 24. Sensitive data of mixed types  Table with mixed types of privacy-sensitive data  Authorization depends on multiple factors ID Name Social Security Number Financial Data Medical data Company Unit 1 Alex Jonson 123-45-6789 12000 Sore throat X A1 2 Bob Brown 456-78-9012 11000 Broken leg X A2 3 Cecilia George 789-10-2345 15000 Bleeding nose Y B1 4 David Dargan 234-56-7890 19000 Neurosis due to … Y B2
    25. 25. Multi-factor authorization needed Souce: International association of privacy professinals (IAPP), Glossary https://www.privacyassociation.org/resource_center/privacy_glossary
    26. 26. A paradigm shift in Identity and Access Management FROM:  User-centric: Role-Based  Single-factor: Who are you?  Authorization logic and rules native to each system  Authorization rules hard-wired into application code  Static & pre-defined TO:  Context-aware: Attribute-Based  Multi-factor: Who? What? Where? When? Why? How?  Centralized policy management using a standard – XACML  Authorization rules externalized from application code  Dynamic at run-time
    27. 27. Claims Table with privacy filter Bob ID Name Social Security Number Financial Data Medical data Company Unit 1 Alex Jonson RWD 12000 RWD Sore throat 123-45-6789 X A1 2 Bob Brown 456-78-9012 11000 Broken leg X A2 3 Cecilia George 789-10-2345 15000 Bleeding nose Y B1 4 David Dargan 234-56-7890 19000 Neurosis due to … Y B2 RWD 27
    28. 28. Claims Table with privacy filter Alice ID Name Social Security Number 1 Alex Jonson 123-45-6789 2 Bob Brown 456-78-9012 11000 3 Cecilia George 789-10-2345 4 David Dargan 234-56-7890 R Financial Data Company Unit X A1 Broken leg X A2 15000 Bleeding nose Y B1 19000 Neurosis due to … Y B2 12000 Medical data R Sore throat R 28
    29. 29. Claims Table with privacy filter Joe ID Name Social Security Number Financial Data Medical data Company Unit 1 Alex Jonson 123-45-6789 12000 Sore throat X A1 2 Bob Brown RWD 11000 RWD Broken leg 456-78-9012 X A2 3 Cecilia George 789-10-2345 15000 Bleeding nose Y B1 4 David Dargan 234-56-7890 19000 Neurosis due to … Y B2 RWD 29
    30. 30. Claims Table with privacy filter Joe in a different context Joe ID Name Social Security Number Financial Data Medical data Company Unit 1 Alex Jonson 123-45-6789 12000 Sore throat X A1 2 Bob Brown 456-78-9012 X A2 3 Cecilia George 789-10-2345 15000 Bleeding nose Y B1 4 David Dargan 234-56-7890 19000 Neurosis due to … Y B2 R 11000 R Broken leg R 30
    31. 31. Technology solutions
    32. 32. Axiomatics Policy Server  Authorization services:  PDP - a Policy Decision Point for XACML 3.0 request/response services.  ARQ SQL - an Axiomatics Reverse Query service which applies authorization decisions for database access by returning a proper SQL SELECT statement.
    33. 33. The XACML Architecture Enforce Policy Enforcement Point Decide Policy Decision Point Support Policy Information Point Policy Retrieval Point Manage Policy Administration Point 33
    34. 34. The Axiomatics Reverse Query in the architecture Enforce Policy Enforcement Point List Reverse Query evaluation Support Policy Information Point Policy Retrieval Point Manage Policy Administration Point 34
    35. 35. Axiomatics Data Acces Filter 1.0 - Overview  Authorization on the data layer  PEP or proxy intercepts SQL call to database  ADAF returns conditions allowing PEP or proxy to adapt SQL statement
    36. 36. An example from law enforcement  Resources to protect: Data in the ”Case” table. Column Name Data Type Description case_id integer The unique ID of the case case_narrative varchar A narrative describing the case case_classification varchar A security classification for the case – can be ‘Confidential’, ‘Secret’, ‘Top Secret’. Default is ‘Confidential’. responsible_unit integer The ID of the unit that is responsible for the case case_status varchar ‘Open’ or ‘Closed’. date_case_closed date The date that the case was closed
    37. 37. High-level privacy policy  A Confidential case is visible to all people assigned to the unit that is responsible for the case  A Secret or Top Secret case is only visible to people who are assigned to the case (via a role assignment)
    38. 38. Resource Attribute Identification Resource attribute: case_classification A Confidential case is visible to all users assigned to the unit that is responsible for the case Column Name case_id case_narrative case_classification Data Type integer varchar varchar responsible_unit case_status date_case_closed integer varchar date Description The unique ID of the case A narrative describing the case A security classification for the case – can be „Confidential‟, „Secret‟, „Top Secret‟. Default is „Confidential‟. The ID of the unit that is responsible for the case „Open‟ or „Closed‟. The date that the case was closed Resource attribute: case_responsible_unit
    39. 39. Privacy protection policy policy Case_Access { target clause table_name == "CASE” and column_name == "CASE_NARRATIVE” // A Confidential case is visible to all users assigned to the unit that is responsible for the case. case_responsible_unit ==unit_id rule { target clause case_classification == "Confidential" permit condition integerOneAndOnly(case_responsible_unit) == integerOneAndOnly(unit_id) } // A Secret or Top Secret case is only visible to users who are assigned to the case (via a role assignment) rule { target clause case_classification == "Secret" or case_classification == "Top Secret" permit condition integerIsIn(integerOneAndOnly(user_id), currently_assigned_users_of_case) } user_id IN } currently_assigned_users_of_case
    40. 40. Unit and role assignments Confidential Case 116 User assigned to 1005 Unit 4 Top Secret Case 114 intelligence officer area commander Top Secret Case 118 Confidential Case supervisor User 1007 112 Unit 3 © 2013 Axiomatics AB 40
    41. 41. Case narrative visibility for user 1005 Confidential Case 116 User assigned to 1005 Unit 4 Top Secret Case 114 intelligence officer area commander Top Secret Case 118 Confidential Case supervisor User 1007 112 Unit 3 © 2013 Axiomatics AB 41
    42. 42. Case narrative visibility for user 1005
    43. 43. Axiomatics Data Acces Filter 1.0 – details  Fine-grained data access control  Table, row, column and cell levels  Data-masking  Flexible Policy-based authorization  Richer than role-based models defined in the SQL standard  Externalized enforcement  No need to code and edit VPD functions manually  Declarative policy language (compare with lower-level programming of VPD)  No need to modify the application with the insertion of an XACML PEP  All applications using the database share the same policy and enforcement.
    44. 44. Axiomatics Data Acces Filter 1.0 – details  ADAF currently requires Oracle VPD as the PEP  VPD (Virtual Private Database) is a part of Oracle DB Enterprise Edition, requiring no extra licenses.  For other databases  ADAF SDK to connect a SQL proxy to SFS
    45. 45. Conclusions  Applications need to be designed for privacy  To do that, authorization must be context-aware  To achieve context-awareness, you must be able to consider multiple factors
    46. 46. Questions? Contact us at info@axiomatics.com © 2013 Axiomatics AB 46
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×