A Survey on Context Security Policies in the Cloud

A Survey on Context Security Policies in the
Cloud
Yiannis Verginadis, Gregoris Mentzas, Simeon Veloudis,
Iraklis Paraskakis
1st International Workshop on Cloud Security and Data
Privacy by Design (CloudSPD'15) Limassol, Cyprus,
December 10, 2015

Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
 Introduction
 Security-related context
 Related work on policy modeling
 PaaSword context-aware policy model
 Conclusions

What is Context?
“Any information that can be
used to characterize the
situation of an entity. An entity is
a person, place, or object that is
considered relevant to the
interaction between a user and
an application, including the
user and applications
themselves” (Abowd, et al.,
1999; Dey, 2001)
3

What is Context-Aware Security?
“Context-aware security is the use of supplemental information to
improve security decisions at the time they are made, resulting in
more accurate security decisions capable of supporting dynamic
business and IT environments” (Gartner)
4

The Adoption of Cloud Computing
 Many users have started relying on cloud services without realizing it
 Many companies have remained cautious due to security concerns
 Applications and storage volumes often reside next to potentially hostile
virtual environments, leaving sensitive information at risk to theft,
unauthorized exposure or malicious manipulation
 Governmental regulation presents an additional concern of significant
legal and financial consequences if data confidentiality is breached
Focused interest Experimentation Near ubiquitous use
CloudAdoption

Security Challenges in the Cloud
 Top four threats identified (CSA, 2013) are:
 data leakage
 data loss
 account hijacking
 insecure APIs
 The OWASP foundation has categorized the database-related
attacks as the most critical ones
 These attacks were responsible for 83% of the total records stolen
 The most critical part of a
modern cloud application is the
data persistency layer and the
database itself

Related Work
 Commonly used access control models (Ferrari 2010) are:
 Mandatory Access Control (MAC)
 Discretionary Access Control (DAC)
 Role-Based Access Control (RBAC)
 The Attribute Based Access Control (ABAC)

MAC and DAC Related Approaches
 Solutions that are based on MAC access control they
involve rigid and static methods (Jürjens, 2001)
 DAC models rely on access control matrices
 rows and columns correspond to subjects and objects
respectively
 their intersection points correspond to a set of allowed access
operations
 Access control lists (ACL)
 the controls are discretionary

Role-Based Access Control (RBAC)
 Role
 a grouping mechanism for categorizing individual users (called subjects) based
on various properties (e.g. job title, user functions, responsibilities etc.).
 Each subject has a role set, which consists of all the roles
that the subject has been authorized to use.
 It lacks support for expressing access control conditions that refer to
the state of a system
 e.g. the state of a protected resource, parameter values, date or time

Role-Based Access Control (RBAC)
 Extensions included
 Organization Role Base Access Control (ORBAC)
 authorization is given to users depending on their role in an organization in a
given context
 (Boustia & Mokhtari, 2008)
 Generalized RBAC (GRBAC)
 incorporates the concept of environment roles (Convington et al., 2001)
 Shortcomings
 proposes a domain specific environment role hierarchy, not easily extensible and manageable
in heterogeneous domains
 it doesn’t support the fine-grained modelling of different data objects
 Context-aware access control (CAAC)
 Shortcomings
 incorporate only specific types of contexts (Chandran & Joshi, 2005)
 lack of fine-grained data access control (Zhang & Parashar, 2004)
 inefficient inferring of context (Kayes et al., 2013)

ABAC Related Approaches
 Authorization to perform operations is determined by
 evaluating attributes associated with the subject, object,
requested operations, and environment conditions
 Key difference
 It can express a complex Boolean rule set that can evaluate
many different attributes
 e.g. OASIS eXtensible Access Control Markup Language (XACML)
 declarative access control policies encouraging the separation of the access
decision from the point of use
 Location-aware access control (LAAC)
 No support of additional pertinent contextual information (Cleeff et
al.,2010)
 OWL-based inefficient inferring of context
 Onto-ACM (Choi et al., 2014), CONON (Wang et al., 2004), (Costabello et
al., 2012)

Policy Modeling
 Provide a set of unambiguous rules
 which are interpreted by enforcement mechanisms and which
constrain the behaviour of the entities.
 There is lack of proper separation of concerns (Kourtesis
and Paraskakis, 2012)
 The policy definition and policy enforcement are entangled in the
implementation of a single software component, leading to the
lack of
 portability
 explicit representation of policy relationships

Policy Modeling
 Syntactic Policy Description
 promotes a declarative approach to policy expression,
 where access rules are encoded imperatively, as part of the same
software that checks for their compliance.
 RuleML, XACML, WS-Trust
 fail to capture the knowledge lurking behind policies
 any interoperability relies on the use of vocabularies that are shared
among all parties involved in an interaction.
 leads to ad-hoc reasoning about policy compliance
 limits the reusability and portability of policies
 precludes the identification of inter-policy relations
 limits the ability to perform policy governance

Policy Modeling
 Semantically-rich Policy Description
 employs ontologies in order to assign meaning to actors, actions
and resources
 ability to reason about policy compliance generically
 identification of inter-policy relations such as inconsistent policies, and
overlapping policies
 portability, visibility, and reusability of policies
 facilitates policy governance
 KAoS [Uszok et al., 2004], Rei [Kagal et al., 2003], [Hu et al.,
2011]

Context-aware Security Model
 A model for semantically describing associations
between types of access depending on the data objects
and circumstances under which this access should be
allowed
 These circumstances are determined based on contextual
information
 This model will constitute the background knowledge for
the DAO Annotations
 It will involve lightweight semantics for allowing efficient
inferencing
 It comprises of two dimensions related to
 dynamic security controls
 static security controls

Context-aware Security Model
SMM: Security model management
DLM: Design-Time Library Management
AF: Annotation-formation
DAO: Data access object
SPM: Security Policies Management

Ontologically Describing an Access Rule Template

Agenda
 Introduction
 Data Security Challenges in the Cloud
 PaaSword Framework
 Conclusions

Conclusions & Next Steps
 Future work involves the development of appropriate Context and
Policy models editors
 Implementation and validation of the proposed framework in 5
pilots:
 Encrypted persistency as a service in a PaaS provider
 Intergovernmental secure document and personal data exchange
 Secure sensors data fusion and analytics
 Protection of personal data in a multi-tenant CRM
 Protection of sensible enterprise information in multi-tenant ERP

Thank you for listening!
Acknowledgements:
This work is related to the PaaSword project and
has received funding from the European Union’s
Horizon 2020 research and innovation
programme under grant agreement No 644814

A Survey on Context Security Policies in the Cloud

More Related Content

What's hot

Viewers also liked

Similar to A Survey on Context Security Policies in the Cloud

More from PaaSword EU Project

Recently uploaded

A Survey on Context Security Policies in the Cloud