SlideShare a Scribd company logo

Dynamic Security Modeling in Risk Management Using Environmental Knowledge

Download as PPT, PDF
Mahsa Teimourikia
Mahsa Teimourikia

The document proposes a dynamic security model for risk management in smart environments. It describes a security model based on attribute-based access control (ABAC) that dynamically authorizes access to resources based on changes in attributes of subjects and objects, and conditions in the environment. The model includes subjects, objects, actions, contexts, risks/emergencies, and events. Contexts define valid security rules according to environmental changes. Events triggered by environmental monitoring can activate/deactivate contexts, modifying security rules and subject/object attributes. The goal is an adaptive security model that handles risk situations dynamically according to the environment.

1 of 15
Dynamic Security Modeling in Risk Management Using Environmental Knowledge Mariagrazia Fugini1 , George Hadjichristofi2, ,and Mahsa Teimourikia3 1,3 Politecnico di Milano, 2 Frederick University 1 mariagrazia.fugini@polimi.it, 2 com.hg@frederick.ac.cy, 3 mahsa.teimourikia@polimi.it June 2014
Polo Territoriale di Como Motivations 2 [1] K. Smith, Environmental hazards: assessing risk and reducing disaster, Routledge, 2013. [2] R. H. Weber, " Internet of Things–New security and privacy challenges," Computer Law & Security Review, vol. 26, no. 1, pp. 23-30, 2010. • In environmental risk management, providing security for people and various devices dynamically, according what happens in the environment is an open issue [1]. • The characteristics of a highly distributed and resource- constrained systems, make the application of conventional access control models a challenging issue. • With the emergence of smart environments and Internet of things (IoT), security issues considering both conceptual and physical security should be properly addressed [2].
Polo Territoriale di Como Objectives • To design a security model, which is flexible enough to accommodate varying security rules according to changes in the environment conditions. • Elements of the security model are described based on the Attribute-Based Access Control (ABAC). • The model aims at dynamically authorize subjects to access diverse data and physical objects employing the adaptive activation and deactivation of security rules and changes in the subject and object attributes.
Polo Territoriale di Como A Scenario • Considering an smart environment (i.e. an airport), in which the objects, people and the environment itself are monitored using sensors, and monitoring devices such as surveillance cameras, check points, wearable devices, and etc. • The environment includes both open and closed areas in which different sensors and monitoring devices are available. • The airport Security Staff intervene in case of emergencies, the Security Manager, is the subject in charge in case of an emergency with the highest clearance, and the Surveillance Personnel are in charge of monitoring the environment and can only intervene in minor security problems.
Polo Territoriale di Como Security Modeling for Risk Management • The security model is based on ABAC including the following components: Subjects: this abstracts a user, an application, or a process wanting to perform an operation on a resource/object. A subject can hold many attributes in these three categories: General Attributes, Geo Attributes, Security Attributes. Objects: abstract resources that a subject can access or act on. Objects hold three groups of attributes: General Attributes, Geo Attributes, Security Attributes. Environment: this component models the environment (i.e., the airport) with its dynamic conditions, which affect the security decisions.
Polo Territoriale di Como Security Modeling for Risk Management Actions and Activities: these are operations that can be executed by subjects on objects in a given context including Simple operations (actions)(e.g. read, write, etc.) and complex operations, called activities, which combine simple actions to model a task, a processor or a physical action. (e.g. “Redirect the airplane to another runway”). Contexts: this component indicates a set of security rules, which are valid in a certain situation based on dynamic changes in the environment, including occurrence of risks.
Polo Territoriale di Como Security Modeling for Risk Management Risk and Emergency: The monitored environment conditions, which change dynamically, can cause the occurrence of some risks/emergencies. A risky situation is recognized based on parameters such as: type, level, and location determining how to adapt security rules to handle it. Events: Changes in the environment monitored conditions, trigger events that in turn activate/deactivate contexts that modify the security rules. Or cause changes in the subject/object attributes.
Polo Territoriale di Como Security Modeling for Risk Management
Polo Territoriale di Como Adaptivity
Polo Territoriale di Como Adaptivity
Polo Territoriale di Como Adaptivity ECA (Event-Condition-Action):
Polo Territoriale di Como The Adaptive Security Model
Polo Territoriale di Como Conclusions • Here we introduced design principles for dynamic security modeling considering the environment risks. • We make extensions on ABAC paradigm to make the security model adaptive to handle risk situations. • To facilitate this adaptivity we employed the concept of contexts to dynamically change the security rules
Polo Territoriale di Como Future Works • As future work, we intend to focus on the topics of: • binding environmental and spatial information, • on the dynamics of assigning authoritative roles to administrators, • and on ways to handle conflicting Context switching. • We are working towards inclusion of this security model in the Risk Management Tool simulator developed for risk management and described in [3], based on Matlab and on a web application deployment environment. [3] M. Fugini, C. Raibulet and L. Ubezio, "Risk assessment in work environments: modeling and simulation.," Concurrency and computation: Practice and experience, vol. 24, no. 18, pp. 2381-2403, 2012.
Polo Territoriale di Como Thank You

Recommended

Mini-course at VFU - Architecting modern digital systems - 3
Mini-course at VFU - Architecting modern digital systems - 3Mini-course at VFU - Architecting modern digital systems - 3
Mini-course at VFU - Architecting modern digital systems - 3Alexander SAMARIN
 
Secure
SecureSecure
SecureDhani Ahmad
 
60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1UDCNTT
 
Risk management i
Risk management iRisk management i
Risk management iDhani Ahmad
 
Smart city project's Information Security challenges
Smart city project's Information Security challenges Smart city project's Information Security challenges
Smart city project's Information Security challenges Behak Kangarloo
 
E1804012536
E1804012536E1804012536
E1804012536IOSR Journals
 
IoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityIoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityDATA SECURITY SOLUTIONS
 
Perth Airport - The Community and Industry. Is it prepared?
Perth Airport - The Community and Industry. Is it prepared?Perth Airport - The Community and Industry. Is it prepared?
Perth Airport - The Community and Industry. Is it prepared?Engineers Australia
 

Recommended

Mini-course at VFU - Architecting modern digital systems - 3
Mini-course at VFU - Architecting modern digital systems - 3Mini-course at VFU - Architecting modern digital systems - 3
Mini-course at VFU - Architecting modern digital systems - 3Alexander SAMARIN
 
Secure
SecureSecure
SecureDhani Ahmad
 
60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1UDCNTT
 
Risk management i
Risk management iRisk management i
Risk management iDhani Ahmad
 
Smart city project's Information Security challenges
Smart city project's Information Security challenges Smart city project's Information Security challenges
Smart city project's Information Security challenges Behak Kangarloo
 
E1804012536
E1804012536E1804012536
E1804012536IOSR Journals
 
IoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityIoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityDATA SECURITY SOLUTIONS
 
Perth Airport - The Community and Industry. Is it prepared?
Perth Airport - The Community and Industry. Is it prepared?Perth Airport - The Community and Industry. Is it prepared?
Perth Airport - The Community and Industry. Is it prepared?Engineers Australia
 
Adaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataAdaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataMahsa Teimourikia
 
Risks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsRisks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsMahsa Teimourikia
 
Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasMahsa Teimourikia
 
Risk and Safety in Work Environments
Risk and Safety in Work EnvironmentsRisk and Safety in Work Environments
Risk and Safety in Work EnvironmentsMahsa Teimourikia
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management FraDustiBuckner14
 
Future internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraFuture internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraarnit1
 
future internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxfuture internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxgilbertkpeters11344
 
Ch2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdfCh2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdfmominabotayea1997
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docxmoggdede
 
Report on Information Security
Report on Information SecurityReport on Information Security
Report on Information SecurityUraz Pokharel
 
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACESSAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACESVincenzo De Florio
 
Gg
GgGg
GgVincenzo De Florio
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxjenkinsmandie
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Luxembourg Institute of Science and Technology
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1securityAnne Starr
 
Privacy and Security in Multi-modal User Interface Modeling for Social Media
Privacy and Security in Multi-modal User Interface Modeling for Social MediaPrivacy and Security in Multi-modal User Interface Modeling for Social Media
Privacy and Security in Multi-modal User Interface Modeling for Social Mediamsm2011socialcom
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1Anne Starr
 
)k
)k)k
)kAnne Starr
 
Integrating Threat Modeling in Secure Agent-Oriented Software Development
Integrating Threat Modeling in Secure Agent-Oriented Software DevelopmentIntegrating Threat Modeling in Secure Agent-Oriented Software Development
Integrating Threat Modeling in Secure Agent-Oriented Software DevelopmentWaqas Tariq
 

More Related Content

Similar to Dynamic Security Modeling in Risk Management Using Environmental Knowledge

Adaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataAdaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataMahsa Teimourikia
 
Risks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsRisks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsMahsa Teimourikia
 
Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasMahsa Teimourikia
 
Risk and Safety in Work Environments
Risk and Safety in Work EnvironmentsRisk and Safety in Work Environments
Risk and Safety in Work EnvironmentsMahsa Teimourikia
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management FraDustiBuckner14
 
Future internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraFuture internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraarnit1
 
future internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxfuture internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxgilbertkpeters11344
 
Ch2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdfCh2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdfmominabotayea1997
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docxmoggdede
 
Report on Information Security
Report on Information SecurityReport on Information Security
Report on Information SecurityUraz Pokharel
 
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACESSAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACESVincenzo De Florio
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxjenkinsmandie
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1securityAnne Starr
 
Privacy and Security in Multi-modal User Interface Modeling for Social Media
Privacy and Security in Multi-modal User Interface Modeling for Social MediaPrivacy and Security in Multi-modal User Interface Modeling for Social Media
Privacy and Security in Multi-modal User Interface Modeling for Social Mediamsm2011socialcom
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1Anne Starr
 
Integrating Threat Modeling in Secure Agent-Oriented Software Development
Integrating Threat Modeling in Secure Agent-Oriented Software DevelopmentIntegrating Threat Modeling in Secure Agent-Oriented Software Development
Integrating Threat Modeling in Secure Agent-Oriented Software DevelopmentWaqas Tariq
 

Similar to Dynamic Security Modeling in Risk Management Using Environmental Knowledge (20)

Adaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataAdaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial Data
 
Risks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsRisks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access Controls
 
Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk Areas
 
Risk and Safety in Work Environments
Risk and Safety in Work EnvironmentsRisk and Safety in Work Environments
Risk and Safety in Work Environments
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Fra
 
Future internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraFuture internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fra
 
future internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxfuture internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docx
 
Ch2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdfCh2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdf
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx
 
Report on Information Security
Report on Information SecurityReport on Information Security
Report on Information Security
 
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACESSAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
 
Gg
GgGg
Gg
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docx
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1security
 
Privacy and Security in Multi-modal User Interface Modeling for Social Media
Privacy and Security in Multi-modal User Interface Modeling for Social MediaPrivacy and Security in Multi-modal User Interface Modeling for Social Media
Privacy and Security in Multi-modal User Interface Modeling for Social Media
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1
 
)k
)k)k
)k
 
Integrating Threat Modeling in Secure Agent-Oriented Software Development
Integrating Threat Modeling in Secure Agent-Oriented Software DevelopmentIntegrating Threat Modeling in Secure Agent-Oriented Software Development
Integrating Threat Modeling in Secure Agent-Oriented Software Development
 

Dynamic Security Modeling in Risk Management Using Environmental Knowledge

  • 1. Dynamic Security Modeling in Risk Management Using Environmental Knowledge Mariagrazia Fugini1 , George Hadjichristofi2, ,and Mahsa Teimourikia3 1,3 Politecnico di Milano, 2 Frederick University 1 mariagrazia.fugini@polimi.it, 2 com.hg@frederick.ac.cy, 3 mahsa.teimourikia@polimi.it June 2014
  • 2. Polo Territoriale di Como Motivations 2 [1] K. Smith, Environmental hazards: assessing risk and reducing disaster, Routledge, 2013. [2] R. H. Weber, " Internet of Things–New security and privacy challenges," Computer Law & Security Review, vol. 26, no. 1, pp. 23-30, 2010. • In environmental risk management, providing security for people and various devices dynamically, according what happens in the environment is an open issue [1]. • The characteristics of a highly distributed and resource- constrained systems, make the application of conventional access control models a challenging issue. • With the emergence of smart environments and Internet of things (IoT), security issues considering both conceptual and physical security should be properly addressed [2].
  • 3. Polo Territoriale di Como Objectives • To design a security model, which is flexible enough to accommodate varying security rules according to changes in the environment conditions. • Elements of the security model are described based on the Attribute-Based Access Control (ABAC). • The model aims at dynamically authorize subjects to access diverse data and physical objects employing the adaptive activation and deactivation of security rules and changes in the subject and object attributes.
  • 4. Polo Territoriale di Como A Scenario • Considering an smart environment (i.e. an airport), in which the objects, people and the environment itself are monitored using sensors, and monitoring devices such as surveillance cameras, check points, wearable devices, and etc. • The environment includes both open and closed areas in which different sensors and monitoring devices are available. • The airport Security Staff intervene in case of emergencies, the Security Manager, is the subject in charge in case of an emergency with the highest clearance, and the Surveillance Personnel are in charge of monitoring the environment and can only intervene in minor security problems.
  • 5. Polo Territoriale di Como Security Modeling for Risk Management • The security model is based on ABAC including the following components: Subjects: this abstracts a user, an application, or a process wanting to perform an operation on a resource/object. A subject can hold many attributes in these three categories: General Attributes, Geo Attributes, Security Attributes. Objects: abstract resources that a subject can access or act on. Objects hold three groups of attributes: General Attributes, Geo Attributes, Security Attributes. Environment: this component models the environment (i.e., the airport) with its dynamic conditions, which affect the security decisions.
  • 6. Polo Territoriale di Como Security Modeling for Risk Management Actions and Activities: these are operations that can be executed by subjects on objects in a given context including Simple operations (actions)(e.g. read, write, etc.) and complex operations, called activities, which combine simple actions to model a task, a processor or a physical action. (e.g. “Redirect the airplane to another runway”). Contexts: this component indicates a set of security rules, which are valid in a certain situation based on dynamic changes in the environment, including occurrence of risks.
  • 7. Polo Territoriale di Como Security Modeling for Risk Management Risk and Emergency: The monitored environment conditions, which change dynamically, can cause the occurrence of some risks/emergencies. A risky situation is recognized based on parameters such as: type, level, and location determining how to adapt security rules to handle it. Events: Changes in the environment monitored conditions, trigger events that in turn activate/deactivate contexts that modify the security rules. Or cause changes in the subject/object attributes.
  • 8. Polo Territoriale di Como Security Modeling for Risk Management
  • 9. Polo Territoriale di Como Adaptivity
  • 10. Polo Territoriale di Como Adaptivity
  • 11. Polo Territoriale di Como Adaptivity ECA (Event-Condition-Action):
  • 12. Polo Territoriale di Como The Adaptive Security Model
  • 13. Polo Territoriale di Como Conclusions • Here we introduced design principles for dynamic security modeling considering the environment risks. • We make extensions on ABAC paradigm to make the security model adaptive to handle risk situations. • To facilitate this adaptivity we employed the concept of contexts to dynamically change the security rules
  • 14. Polo Territoriale di Como Future Works • As future work, we intend to focus on the topics of: • binding environmental and spatial information, • on the dynamics of assigning authoritative roles to administrators, • and on ways to handle conflicting Context switching. • We are working towards inclusion of this security model in the Risk Management Tool simulator developed for risk management and described in [3], based on Matlab and on a web application deployment environment. [3] M. Fugini, C. Raibulet and L. Ubezio, "Risk assessment in work environments: modeling and simulation.," Concurrency and computation: Practice and experience, vol. 24, no. 18, pp. 2381-2403, 2012.
  • 15. Polo Territoriale di Como Thank You