Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

S.3.4 Security and Privacy

704 views

Published on

SUNSHINE Project: security and privacy

Published in: Technology
  • Be the first to comment

  • Be the first to like this

S.3.4 Security and Privacy

  1. 1. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) D6.4 S3.4 Security and Privacy
  2. 2. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Highlights • Publication of D1.3 now being updated from T1.6 Following on from T1.6 we’re re-viewing and revising D1.3 throughout the project Focus on what we’re doing and ensuring it works with SUNSHINE to counter risk, maximise privacy protection, comply to standards including the development of new standards and best practices • Architecture based on XACML/SAML with federated IdM • Result is rule based access control in a number of flavours: • Role Based Access Control • Attribute Based Access Control • Consent Based Access Control
  3. 3. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Update of D1.3 Taken alongside developments in T4.8 Reviews newer attack models Heartbleed as an example Introduces metrics from MITRE, ISO and Common Criteria in developing products and services Considering use of STIX for incident reports
  4. 4. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Identity management - generic
  5. 5. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Access control – generic XACML
  6. 6. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Identity and access management in SUNSHINE Implemented using WSO2 toolkit Identity Manager XACML policy engine SAML policy engine X509 certificate generator, verifier Multiple algorithms (RSA, ECC, etc.)
  7. 7. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Sunshine’s XACML implementation
  8. 8. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Sunshine’s XACML implementation
  9. 9. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Sunshine’s XACML implementation PEP PAP/PDP User Directory
  10. 10. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Principles involved Rule processing Attestation creation using signed attributes Attestation verification
  11. 11. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
  12. 12. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Process
  13. 13. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Next steps #1 Testing of implementation Done by Sinergis SUNSHINE specific scripts Re-analysis of data and user model to assign rules for access Determine authority for each rule Distribute rules and collate policies More testing
  14. 14. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Next steps #2 Creation of new work item in ETSI CYBER for Access Control scripting Extending rules for good XACML essentially Building towards introducing the cPP concept to GML through OGC Reviewing algorithms for asymmetric access control attestations in a quantum safe cryptographic world
  15. 15. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Next steps #3 Working with OGC to tighten up geoXACML As part of smart city initiatives in OGC Preparing report on anonymisation Current anonymisation practices in SUNSHINE are adequate Concern is linkage and inference from other data sources (much more complex anti-privacy attack but concern has been raised in the EU)
  16. 16. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Standards development goals • Developments with ETSI at smartM2M, ITS and CYBER TR 102 893 Risk analysis TVRA TS 103 097 Security data definitions TS 102 940 ITS security architecture & sec management TS 102 941 Trust & Privacy TS 102 942 Confidentiality TS 102 943 Access control All published and in revision/mai ntenance mode
  17. 17. www.sunshineproject.eu SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161) Credits For more training material and courses visit http://www.sunshineproject.eu/solutions/training or contact us directly at training@sunshineproject.eu Source:www.unionegeometri.com Thank you! Scott CADZOW C3L

×