The document proposes a dynamic security model for risk management in smart environments. It describes a security model based on attribute-based access control (ABAC) that dynamically authorizes access to resources based on changes in attributes of subjects and objects, and conditions in the environment. The model includes subjects, objects, actions, contexts, risks/emergencies, and events. Contexts define valid security rules according to environmental changes. Events triggered by environmental monitoring can activate/deactivate contexts, modifying security rules and subject/object attributes. The goal is an adaptive security model that handles risk situations dynamically according to the environment.
Integrating Threat Modeling in Secure Agent-Oriented Software Development
Dynamic Security Modeling in Risk Management Using Environmental Knowledge
1. Dynamic Security Modeling in Risk Management
Using Environmental Knowledge
Mariagrazia Fugini1
, George Hadjichristofi2,
,and Mahsa Teimourikia3
1,3
Politecnico di Milano, 2
Frederick University
1
mariagrazia.fugini@polimi.it, 2
com.hg@frederick.ac.cy,
3
mahsa.teimourikia@polimi.it June 2014
2. Polo Territoriale di Como
Motivations
2
[1] K. Smith, Environmental hazards: assessing risk and reducing disaster, Routledge, 2013.
[2] R. H. Weber, " Internet of Things–New security and privacy challenges," Computer Law &
Security Review, vol. 26, no. 1, pp. 23-30, 2010.
• In environmental risk management, providing security
for people and various devices dynamically, according
what happens in the environment is an open issue [1].
• The characteristics of a highly distributed and resource-
constrained systems, make the application of
conventional access control models a challenging issue.
• With the emergence of smart environments and Internet
of things (IoT), security issues considering both
conceptual and physical security should be properly
addressed [2].
3. Polo Territoriale di Como
Objectives
• To design a security model, which is flexible enough to
accommodate varying security rules according to
changes in the environment conditions.
• Elements of the security model are described based on
the Attribute-Based Access Control (ABAC).
• The model aims at dynamically authorize subjects to
access diverse data and physical objects employing the
adaptive activation and deactivation of security rules
and changes in the subject and object attributes.
4. Polo Territoriale di Como
A Scenario
• Considering an smart environment (i.e. an airport), in
which the objects, people and the environment itself are
monitored using sensors, and monitoring devices such
as surveillance cameras, check points, wearable devices,
and etc.
• The environment includes both open and closed areas in
which different sensors and monitoring devices are
available.
• The airport Security Staff intervene in case of
emergencies, the Security Manager, is the subject in
charge in case of an emergency with the highest
clearance, and the Surveillance Personnel are in charge of
monitoring the environment and can only intervene in
minor security problems.
5. Polo Territoriale di Como
Security Modeling for Risk Management
• The security model is based on ABAC including the
following components:
Subjects: this abstracts a user, an application, or a process
wanting to perform an operation on a resource/object. A
subject can hold many attributes in these three
categories: General Attributes, Geo Attributes, Security
Attributes.
Objects: abstract resources that a subject can access or act
on. Objects hold three groups of attributes: General
Attributes, Geo Attributes, Security Attributes.
Environment: this component models the environment
(i.e., the airport) with its dynamic conditions, which
affect the security decisions.
6. Polo Territoriale di Como
Security Modeling for Risk Management
Actions and Activities: these are operations that can be
executed by subjects on objects in a given context
including Simple operations (actions)(e.g. read, write,
etc.) and complex operations, called activities, which
combine simple actions to model a task, a processor or a
physical action. (e.g. “Redirect the airplane to another
runway”).
Contexts: this component indicates a set of security rules,
which are valid in a certain situation based on dynamic
changes in the environment, including occurrence of
risks.
7. Polo Territoriale di Como
Security Modeling for Risk Management
Risk and Emergency: The monitored environment
conditions, which change dynamically, can cause the
occurrence of some risks/emergencies. A risky situation
is recognized based on parameters such as: type, level,
and location determining how to adapt security rules to
handle it.
Events: Changes in the environment monitored conditions,
trigger events that in turn activate/deactivate contexts
that modify the security rules. Or cause changes in the
subject/object attributes.
13. Polo Territoriale di Como
Conclusions
• Here we introduced design principles for
dynamic security modeling considering the
environment risks.
• We make extensions on ABAC paradigm to make
the security model adaptive to handle risk
situations.
• To facilitate this adaptivity we employed the
concept of contexts to dynamically change the
security rules
14. Polo Territoriale di Como
Future Works
• As future work, we intend to focus on the topics of:
• binding environmental and spatial information,
• on the dynamics of assigning authoritative roles to
administrators,
• and on ways to handle conflicting Context switching.
• We are working towards inclusion of this security
model in the Risk Management Tool simulator
developed for risk management and described in [3],
based on Matlab and on a web application deployment
environment.
[3] M. Fugini, C. Raibulet and L. Ubezio, "Risk assessment in work environments: modeling
and simulation.," Concurrency and computation: Practice and experience, vol. 24, no. 18,
pp. 2381-2403, 2012.