Policies for Composed Emergencies in Support of Disaster Management

389 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
389
On SlideShare
0
From Embeds
0
Number of Embeds
54
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Policies for Composed Emergencies in Support of Disaster Management

  1. 1. University of Insubria Department of Theoretical and Applied Science Policies for Composed Emergencies in Support of Disaster Management Barbara Carminati, Elena Ferrari, Michele GuglielmiEuropean Office of Aerospace Research & Development
  2. 2. Emergency ManagementHurricane Katrina 9/11 Attack Fukushima Information Sharing
  3. 3. Traditional vs Emergency Access Control Traditional access control models are regulated by a proper set of pre-defined access control policies. An Emergency access control model should (during an emergency) bypass the regular access control policies and grant users access to resources not normally authorized. Downgrading of information security Temporary Controlled TimelyB. Carminati, E. Ferrari, and M. Guglielmi, Secure information sharing on support of emergency management. In proceeding of The Third IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT).
  4. 4. Emergency Access Control Model Temporary Emergency Emergency access control Detection Obligations policies Complex Event Emergency PolicyProcessing (CEP)
  5. 5. Access Control Model Emergency Temporary Access Descriptions Control Policies (init, end, timeout, priority) (sbj, obj, priv, obl)Explosion { SteamFilesPol { init: PS1 p1 PS1 = σ(pressure > 100)(PipeSensors); sbj: EPA Agents end: PS2 p2 obj: SteamFiles PS2 = σ(pressure ≤ 100)(PipeSensors); priv: read timeout: ∞; obl: null priority: high; }} Emergency Policy (emg, tacp, obl) ExplosionPol { emg: Explosion tacp: SteamFilesPol obl: FacilityEvacuation }
  6. 6. Composed EmergencyThere exist critical scenarios that cannot be handled byemergency policies: combination of different emergency situations that may give rise to a new and more critical emergency Composed Emergencies requiring a response plan different from those plans already in place for the atomic emergencies Composed Emergency PoliciesSometimes it is necessary to override the tacps and obligations that havebeen activated as response plans of sub-emergencies with the tacps/obligations of the composed Emergency Overriding Strategies
  7. 7. Reference Scenario Industrial Company Facility Scenario Fire Alarm Explosion Toxic Material Lossobl: obl: Facility obl: Warn EPA1. FireFightersCall Evacuation2. PoliceCallMapsFilesPol { SteamFilesPol { ChemicalFilesPol { sbj:FireFighters sbj:EPA Agents sbj:EPA Agents obj: MapsFiles obj: SteamFiles obj: ChemicalFiles priv: read priv: read priv: read} } }
  8. 8. Reference ScenarioFireAlarm Explosion ToxicMaterialLoss Ecological Disaster obl: Warn DHS AllFilesPol { sbj:DHS Agents obj: AllFiles priv: read }
  9. 9. Composed EmergencyA composed emergency ce is a pair(combination, pr), where pr ∈ {high,low} indicatesthe priority of the composed emergency, whereascombination: multiple occurrence Pattern a sequence a negation EcologicalDisaster = (Pattern,high) FireAlarm, Pattern = Explosion[FireAlarm,1h], ToxicMaterialLoss[Explosion,3h]
  10. 10. Emergency PolicyAn emergency policy is a tuple:(emg, tacps, obligations, overriding) where: emg: is an atomic or composed emergency tacps: is a set of pairs (tacp, exception) obligations: is a set of pairs (obl, exception) overriding: consist of (tacpOver, oblOver), whose values in {maintain, delete, block} denote the overriding strategies for tacps/ obligations, respectively. exception ∈{true,false} denotes the exception value.
  11. 11. Emergency Policy deleted maintained EcologicalDisasterEP -emg = EcologicalDisaster -tacps = (AllFilesPol, true) -obligations = (warnDHS, true) -overriding = (delete, delete) FireAlarm Explosion ToxicMaterialLoss-tacps = (FacilityMapsFilesPol, true) -tacps = (SteamFilesPol, true) -tacps = (ChemicalFilesPol, true)-obligations = (FireFigthersCall, true), -obligations = (FacilityEvacuation, true) -obligations = (warnEPA, true)(PoliceCall, false) -priority = high -priority = high-priority = low-
  12. 12. Composed EmergencyThe introduction of policies for composed emergenciesbrings new issues: when a composed emergency is triggered, its sub- emergencies have been already instantiated and their tacps and obligations have been already activated the time needed to instantiate the new emergency could be large since for each of the already inserted tacps/obligations it should be determined whether it has to be maintained, deleted or blocked Emergency Composition Tree
  13. 13. ECT NodeAn Emergency Composition Tree node has the followingattributes: tacps obligations prioity ∈{high,low} tacpOver ∈{maintain, delete, block} oblOver ∈{maintain, delete, block} tacpToDelete oblToDelete tacpToBlock oblToBlock
  14. 14. ECT Example EcologicalDisaster -tacps = (AllFilesPol, true) -obligations = (warnDHS, true) -priority = high -tacpOver = delete -oblOver = delete -tacpToDelete = { } -oblToDelete = { PoliceCall } FireAlarm Explosion ToxicMaterialLoss-tacps = (FacilityMapsFilesPol, true) -tacps = (SteamFilesPol, true) -tacps = (ChemicalFilesPol, true)-obligations = (FireFigthersCall, true), -obligations = (FacilityEvacuation, true) -obligations = (warnEPA, true)- (PoliceCall, false) -priority = high -priority = high-priority = low -tacpOver = delete -oblOver = block -tacpToDelete = { WaterFilesPol } -oblToBlock = { WaterMaintenanceCall } WaterContamination AirContamination -tacps = (WaterFilesPol, false) -tacps = (GasFilesPol, false) -obligations = (WaterMaintenanceCall, false) -obligations = (GasMaintenanceCall, false) -priority = low -priority = high
  15. 15. ECT EnforcementFor a policy associated with a composed emergency, theenforcement consists of the following steps: retrieval of the ECT node related to the emergency reading of the tacps and obligations attributes enforcement of the retrieved tacps/obligations reading of the overriding lists execution of the overriding operations
  16. 16. ECT Enforcement Example EcologicalDisaster -tacps = (AllFilesPol, true) -obligations = (warnDHS, true) -priority = high -tacpOver = delete -oblOver = delete -tacpToDelete = { } -oblToDelete = { PoliceCall } FireAlarm Explosion ToxicMaterialLoss-tacps = (FacilityMapsFilesPol, true) -tacps = (SteamFilesPol, true) -tacps = (ChemicalFilesPol, true)-obligations = (FireFigthersCall, true), -obligations = (FacilityEvacuation, true) -obligations = (warnEPA, true)- (PoliceCall, false) -priority = high -priority = high-priority = low -tacpOver = delete -oblOver = block -tacpToDelete = { WaterFilesPol } -oblToBlock = { WaterMaintenanceCall } WaterContamination AirContamination -tacps = (WaterFilesPol, false) -tacps = (GasFilesPol, false) -obligations = (WaterMaintenanceCall, false) -obligations = (GasMaintenanceCall, false) -priority = low -priority = high
  17. 17. Indexing Data StructureThe same emergency could be part of one or more composedemergencies, therefore to avoid storage of redundantinformation we make use of an indexing data structureThe position is encoded as index[emg] = (tj,lm,cn) where tj denotes an ECT lm and cn denote the position of the node related to emg in tj (i.e., its level lm and relative position cn in the level, from left to right).
  18. 18. Indexing Data Structure Suppose to have the following ECTs: nce1 nce4 nce2 nce3 nce5 nce6 nce2index[ce1] = (nce1,0,0) index[ce4] = (nce4,0,0)index[ce2] = (nce1,1,0) (nce4,1,2) index[ce5] = (nce4,1,0)index[ce3] = (nce1,1,1) index[ce6] = (nce4,1,1)
  19. 19. ECT Generation In order to generate all ECTs associated with composed emergencies, we have defined an algorithm: It receives as input the policy base containing policies for composed emergencies and returns the set of created ECTs and the associated indexing structure.m = the number of composed emergencymax(n) = the maximum number of sub-emergencies involved at any level in a composed emergencymax(nt) = the maximum number of tacps associated with policies of all sub-emergenciesmax(no) = the maximum number of obligations associated with policies of all sub-emergencies
  20. 20. Enforcement AnalysisThanks to ECTs and indexing data structure composedemergency enforcement is efficent retrieval of the ECT node related to the emergency reading of the tacps and obligations attributes enforcement of the retrieved tacps/obligations reading of the overriding lists execution of the overriding operations
  21. 21. PrototypeExtend the prototype with the support for composed emergencies Web Application Emergency User Manager php Web Server Access Control Emergency Repository Handler StreamBase Server
  22. 22. Conclusions Composed Emergency & Emergency Policies A suitable data structure for an efficient enforcementFuture Work Investigate more complex combination patterns. Incremental maintenance strategies of the ECT data structure Complement our system with new cloud computing techniques

×