SlideShare a Scribd company logo

Risks in Smart Environments and Adaptive Access Controls

Download as PPT, PDF
Mahsa Teimourikia
Mahsa Teimourikia

In monitored environments, where risks can be prevented via sensors and spatial data technologies, security rules, in particular access control rules, should be made adaptive to the situation at hand at run time. The paper presents adaptive access controls suitable for “smart environments”, based on the Attribute-based Access Control paradigm. Risks are notified by monitoring devices and managed by a Risk Management System, which is illustrated. To adapt the access control decisions to risk mitigation needs, security policies are defined to dynamically activate or deactivate access rules according to the operations required to manage the risks.

Technology
1 of 19
Risks in Smart Environments and Adaptive Access Controls Mariagrazia Fugini1 , and Mahsa Teimourikia2 Politecnico di Milano 1 mariagrazia.fugini@polimi.it, 2 mahsa.teimourikia@polimi.it August 2014
Polo Territoriale di Como Outlines 2 • Motivation and Objectives • Definitions • Methodology: • Risk Management System • Components of the Security Model • Adaptivity of the Security Model due to risks • Conclusion and Future Work
Polo Territoriale di Como Motivations 1 [1] K. Smith, Environmental hazards: assessing risk and reducing disaster, Routledge, 2013. • In environmental risk management, providing security for people and various resources dynamically, according what happens in the environment is an open issue [1]. • In monitored environments, where risks can be acknowledged via sensors and spatial data technologies, security rules, in particular access control rules, should be made adaptive to the situation at hand at run time.
Polo Territoriale di Como Objective • To design a security model, which is flexible enough to accommodate varying security rules according to fine-grained changes in the environment conditions. 3
Polo Territoriale di Como The Definition of Risk 4 • Risk: hazards and abnormalities recognized in an environment that indicate a threat to the infrastructures and/or the civilians (e.g., If sensors indicate gas leak, there is a risk of fire and explosion.). Risks can be avoided via preventive strategies (e.g. closing the gas flow). Risks contain attributes like Type, IntensityLevel, and Location. • Emergency: When the Risk intensity is higher than a threshold, it is considered as an emergency that needs immediate interventions and corrective strategies. (e.g. if the gas leak is very heavy it can indicate an emergency situation where an explosion is going to happen (or have already happened).
Polo Territoriale di Como A Scenario • Considering an smart environment (i.e. an airport), in which the objects, people and the environment itself are monitored using sensors, and monitoring devices such as surveillance cameras, check points, wearable devices, and etc. • The airport Security Staff intervene in case of emergencies, • the Security Manager, is the subject in charge in case of an emergency with the highest clearance, • and the Surveillance Personnel are in charge of monitoring the environment and can only intervene in minor security problems. 5
Polo Territoriale di Como The Risk Management System (RMS) [2] • The RMS receives the inputs from sensors and monitoring devices, recognizes the risks and emergencies in the environment and produces a Risk Map and preventive or corrective Strategies accordingly. [2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation," Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012. 6
Polo Territoriale di Como Security Model: Environment The security model is based on ABAC including the following components: Environment: The Environment (EN) includes a set of sections that can be monitored for risks and is modeled using a graph. 7
Polo Territoriale di Como Security Model: Subjects Subjects: Subject s S∈ is considered in three different categories: • Administrative Subjects: Their main responsibility is to assign the Subject, Object, and Environment Attributes • In Domain Subjects: are active subjects that need permissions to access different kind of resources, and are in charge in the organization, with some kind of an organizational role. (e.g. Security Staff, etc.) • Out Domain Subjects: are the Subjects that are outside the organizational hierarchy. In our scenario, they are passive subjects in the Environment, such as the travelers in an airport area. 8
Polo Territoriale di Como Security Model: Subjects (Continued) In Domain Subjects: These subjects can hold many attributes (Subject Attributes –SA) grouped as follows: The subject’s PRL is calculated by the RMS as follows: 9
Polo Territoriale di Como Security Model: Objects Objects: Object o O∈ abstracts resources that a Subject can access or act on. These resources can be Physical objects or the data. We consider the following attributes (OA) for objects: 10
Polo Territoriale di Como Security Model: Privileges & Request • Privileges: Privilege p ∈ P is the operations that a Subject requests to perform on an Object. The privileges can be permissions such as read, write, update, and execute, privileges on physical objects, such as trigger (for alarms), close (for doors and gas pipes), zoom in (for a camera), enter (for a section of the Environment) and so on. • Request: A request is defined as the result of the application of an evaluate function as follows: The results of this evaluation can be Permit, Deny and Not applicable. 11
Polo Territoriale di Como Adaptivity of the Security Model To dynamically adapt the access control model to risk situations, two different methods are considered: •Activating/Deactivating Access Control Rules: this is done by considering set of access rules as an access control domain (acd ∈ ACD). Access control domains are statically defined by Administrative Subjects, but are activated and deactivated at run-time to adapt the access control model to risk situations. • Dynamically Changing Subject/Object/Environment Attributes: Necessary changes are made in the attributes of Subjects, Objects, and the Environment to allow the successful execution of the RMS strategies. 12
Polo Territoriale di Como Adaptivity: Activating/Deactivating AC Rules Activating/Deactivating Access Control Rules: This is done by considering acd activation rules using the Event-Condition-Action (ECA) paradigm: If a risk is notified (Event) and a condition holds (Condition), then some acd ActiveACD∈ might be deactivated and some acd ACD∈ that are not in the ActiveACD set should be activated (Action). •To avoid conflicts between rules, we adopt XACML policy language. Considering single access rules as XACML <Rule>, acd as <Policy> that is a set of rules, and the set of activated acds (ActiveACD) as <PolicySet>. Example: 13
Polo Territoriale di Como Adaptivity: Changing the Attributes Dynamically Changing Subject/Object/Environment Attributes: To let the rescue and security teams intervene, and also execute some of the strategies recommended by the RMS to handle risks, it is necessary to modify the attributes of Subjects, or/and Objects, or/and the Environment segments. Example 1: Changing an Environment Segments attribute to allow safe evacuation. 14
Polo Territoriale di Como Adaptivity: Changing the Attributes (Continued) Example 2: Changing an Subject’s attribute to allow rescue teams to localize them. Example 3: Changing an Object’s attribute to allow required access permissions. 15
Polo Territoriale di Como Conclusions • Considering risks as recognized by a Risk Management System based on monitoring data about the environment, this paper has presented an access control model, which is adaptive to risks. • To facilitate the adaptivity we employed the concept of ECA to dynamically change the security rules and make changes in attributes of the security model components. 16
Polo Territoriale di Como Future Works • As future work, we are working towards formalizing this model using Event Calculus and Impalement it as an addition to out RMS tool [2]. [2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation," Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012. 17
Polo Territoriale di Como Thank You

Recommended

Adaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataAdaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial Data
Mahsa Teimourikia
 
Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk Areas
Mahsa Teimourikia
 
Pervasive computing and its Security Issues
Pervasive computing and its Security IssuesPervasive computing and its Security Issues
Pervasive computing and its Security Issues
Phearin Sok
 
Dynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeDynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental Knowledge
Mahsa Teimourikia
 
Concrete Applications of Interdependency Management
Concrete Applications of Interdependency ManagementConcrete Applications of Interdependency Management
Concrete Applications of Interdependency Management
Community Protection Forum
 
Aviation Operations Safety Management System
Aviation Operations Safety Management SystemAviation Operations Safety Management System
Aviation Operations Safety Management System
pghclearningsolution
 
Aviation Training, Safety Management System
Aviation Training, Safety Management SystemAviation Training, Safety Management System
Aviation Training, Safety Management System
pghclearingsolutions
 
Safety System Modularity
Safety System ModularitySafety System Modularity
Safety System Modularity
Fasiul Alam
 

Recommended

Adaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial DataAdaptive Security for Risk Management Using Spatial Data
Adaptive Security for Risk Management Using Spatial Data
Mahsa Teimourikia
 
Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk Areas
Mahsa Teimourikia
 
Pervasive computing and its Security Issues
Pervasive computing and its Security IssuesPervasive computing and its Security Issues
Pervasive computing and its Security Issues
Phearin Sok
 
Dynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeDynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental Knowledge
Mahsa Teimourikia
 
Concrete Applications of Interdependency Management
Concrete Applications of Interdependency ManagementConcrete Applications of Interdependency Management
Concrete Applications of Interdependency Management
Community Protection Forum
 
Aviation Operations Safety Management System
Aviation Operations Safety Management SystemAviation Operations Safety Management System
Aviation Operations Safety Management System
pghclearningsolution
 
Aviation Training, Safety Management System
Aviation Training, Safety Management SystemAviation Training, Safety Management System
Aviation Training, Safety Management System
pghclearingsolutions
 
Safety System Modularity
Safety System ModularitySafety System Modularity
Safety System Modularity
Fasiul Alam
 
Risk and Safety in Work Environments
Risk and Safety in Work EnvironmentsRisk and Safety in Work Environments
Risk and Safety in Work Environments
Mahsa Teimourikia
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
CloudHesive
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Fra
DustiBuckner14
 
Future internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraFuture internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fra
arnit1
 
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk AnalysisSession B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
Project Controls Expo
 
future internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxfuture internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docx
gilbertkpeters11344
 
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdfCybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
ssuser7b150d
 
OR 14 15-unit_1
OR 14 15-unit_1OR 14 15-unit_1
OR 14 15-unit_1
Nageswara Rao Thots
 
Effectiveness Measurement Framework for Field-Based Experiments Focused on An...
Effectiveness Measurement Framework for Field-Based Experiments Focused on An...Effectiveness Measurement Framework for Field-Based Experiments Focused on An...
Effectiveness Measurement Framework for Field-Based Experiments Focused on An...
Ivan Pretel
 
Business governance based policy regulation for security incident response
Business governance based policy regulation for security incident responseBusiness governance based policy regulation for security incident response
Business governance based policy regulation for security incident response
Luxembourg Institute of Science and Technology
 
RAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with SecurityRAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with Security
Mahsa Teimourikia
 
Gg
GgGg
Gg
Vincenzo De Florio
 
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACESSAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
Vincenzo De Florio
 
Functional Safety in ML-based Cyber-Physical Systems
Functional Safety in ML-based Cyber-Physical SystemsFunctional Safety in ML-based Cyber-Physical Systems
Functional Safety in ML-based Cyber-Physical Systems
Lionel Briand
 
PRMG195 - Rsik Management Case Study.pdf
PRMG195 - Rsik Management Case Study.pdfPRMG195 - Rsik Management Case Study.pdf
PRMG195 - Rsik Management Case Study.pdf
mohamed Ismail
 
Solution managment and monitoring services.docx
Solution managment and monitoring services.docxSolution managment and monitoring services.docx
Solution managment and monitoring services.docx
saadatali65
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
sadique_ghitm
 
On designing automatic reaction strategy for critical infrastructure scada sy...
On designing automatic reaction strategy for critical infrastructure scada sy...On designing automatic reaction strategy for critical infrastructure scada sy...
On designing automatic reaction strategy for critical infrastructure scada sy...
Luxembourg Institute of Science and Technology
 
Product assurance
Product assurance Product assurance
Product assurance
PriyankaKg4
 
Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...
Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...
Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...
Comit Projects Ltd
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 

More Related Content

Similar to Risks in Smart Environments and Adaptive Access Controls

Risk and Safety in Work Environments
Risk and Safety in Work EnvironmentsRisk and Safety in Work Environments
Risk and Safety in Work Environments
Mahsa Teimourikia
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
CloudHesive
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Fra
DustiBuckner14
 
Future internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraFuture internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fra
arnit1
 
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk AnalysisSession B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
Project Controls Expo
 
future internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxfuture internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docx
gilbertkpeters11344
 
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdfCybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
ssuser7b150d
 
OR 14 15-unit_1
OR 14 15-unit_1OR 14 15-unit_1
OR 14 15-unit_1
Nageswara Rao Thots
 
Effectiveness Measurement Framework for Field-Based Experiments Focused on An...
Effectiveness Measurement Framework for Field-Based Experiments Focused on An...Effectiveness Measurement Framework for Field-Based Experiments Focused on An...
Effectiveness Measurement Framework for Field-Based Experiments Focused on An...
Ivan Pretel
 
Business governance based policy regulation for security incident response
Business governance based policy regulation for security incident responseBusiness governance based policy regulation for security incident response
Business governance based policy regulation for security incident response
Luxembourg Institute of Science and Technology
 
RAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with SecurityRAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with Security
Mahsa Teimourikia
 
Gg
GgGg
Gg
Vincenzo De Florio
 
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACESSAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
Vincenzo De Florio
 
Functional Safety in ML-based Cyber-Physical Systems
Functional Safety in ML-based Cyber-Physical SystemsFunctional Safety in ML-based Cyber-Physical Systems
Functional Safety in ML-based Cyber-Physical Systems
Lionel Briand
 
PRMG195 - Rsik Management Case Study.pdf
PRMG195 - Rsik Management Case Study.pdfPRMG195 - Rsik Management Case Study.pdf
PRMG195 - Rsik Management Case Study.pdf
mohamed Ismail
 
Solution managment and monitoring services.docx
Solution managment and monitoring services.docxSolution managment and monitoring services.docx
Solution managment and monitoring services.docx
saadatali65
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
sadique_ghitm
 
On designing automatic reaction strategy for critical infrastructure scada sy...
On designing automatic reaction strategy for critical infrastructure scada sy...On designing automatic reaction strategy for critical infrastructure scada sy...
On designing automatic reaction strategy for critical infrastructure scada sy...
Luxembourg Institute of Science and Technology
 
Product assurance
Product assurance Product assurance
Product assurance
PriyankaKg4
 
Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...
Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...
Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...
Comit Projects Ltd
 

Similar to Risks in Smart Environments and Adaptive Access Controls (20)

Risk and Safety in Work Environments
Risk and Safety in Work EnvironmentsRisk and Safety in Work Environments
Risk and Safety in Work Environments
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Fra
 
Future internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraFuture internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fra
 
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk AnalysisSession B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
 
future internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxfuture internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docx
 
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdfCybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
 
OR 14 15-unit_1
OR 14 15-unit_1OR 14 15-unit_1
OR 14 15-unit_1
 
Effectiveness Measurement Framework for Field-Based Experiments Focused on An...
Effectiveness Measurement Framework for Field-Based Experiments Focused on An...Effectiveness Measurement Framework for Field-Based Experiments Focused on An...
Effectiveness Measurement Framework for Field-Based Experiments Focused on An...
 
Business governance based policy regulation for security incident response
Business governance based policy regulation for security incident responseBusiness governance based policy regulation for security incident response
Business governance based policy regulation for security incident response
 
RAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with SecurityRAMIRES: Risk Adaptive Management In Resilient Environments with Security
RAMIRES: Risk Adaptive Management In Resilient Environments with Security
 
Gg
GgGg
Gg
 
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACESSAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
SAFETY ENHANCEMENT THROUGH SITUATION-AWARE USER INTERFACES
 
Functional Safety in ML-based Cyber-Physical Systems
Functional Safety in ML-based Cyber-Physical SystemsFunctional Safety in ML-based Cyber-Physical Systems
Functional Safety in ML-based Cyber-Physical Systems
 
PRMG195 - Rsik Management Case Study.pdf
PRMG195 - Rsik Management Case Study.pdfPRMG195 - Rsik Management Case Study.pdf
PRMG195 - Rsik Management Case Study.pdf
 
Solution managment and monitoring services.docx
Solution managment and monitoring services.docxSolution managment and monitoring services.docx
Solution managment and monitoring services.docx
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
 
On designing automatic reaction strategy for critical infrastructure scada sy...
On designing automatic reaction strategy for critical infrastructure scada sy...On designing automatic reaction strategy for critical infrastructure scada sy...
On designing automatic reaction strategy for critical infrastructure scada sy...
 
Product assurance
Product assurance Product assurance
Product assurance
 
Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...
Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...
Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...
 

Recently uploaded

How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 

Recently uploaded (20)

How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 

Risks in Smart Environments and Adaptive Access Controls

  • 1. Risks in Smart Environments and Adaptive Access Controls Mariagrazia Fugini1 , and Mahsa Teimourikia2 Politecnico di Milano 1 mariagrazia.fugini@polimi.it, 2 mahsa.teimourikia@polimi.it August 2014
  • 2. Polo Territoriale di Como Outlines 2 • Motivation and Objectives • Definitions • Methodology: • Risk Management System • Components of the Security Model • Adaptivity of the Security Model due to risks • Conclusion and Future Work
  • 3. Polo Territoriale di Como Motivations 1 [1] K. Smith, Environmental hazards: assessing risk and reducing disaster, Routledge, 2013. • In environmental risk management, providing security for people and various resources dynamically, according what happens in the environment is an open issue [1]. • In monitored environments, where risks can be acknowledged via sensors and spatial data technologies, security rules, in particular access control rules, should be made adaptive to the situation at hand at run time.
  • 4. Polo Territoriale di Como Objective • To design a security model, which is flexible enough to accommodate varying security rules according to fine-grained changes in the environment conditions. 3
  • 5. Polo Territoriale di Como The Definition of Risk 4 • Risk: hazards and abnormalities recognized in an environment that indicate a threat to the infrastructures and/or the civilians (e.g., If sensors indicate gas leak, there is a risk of fire and explosion.). Risks can be avoided via preventive strategies (e.g. closing the gas flow). Risks contain attributes like Type, IntensityLevel, and Location. • Emergency: When the Risk intensity is higher than a threshold, it is considered as an emergency that needs immediate interventions and corrective strategies. (e.g. if the gas leak is very heavy it can indicate an emergency situation where an explosion is going to happen (or have already happened).
  • 6. Polo Territoriale di Como A Scenario • Considering an smart environment (i.e. an airport), in which the objects, people and the environment itself are monitored using sensors, and monitoring devices such as surveillance cameras, check points, wearable devices, and etc. • The airport Security Staff intervene in case of emergencies, • the Security Manager, is the subject in charge in case of an emergency with the highest clearance, • and the Surveillance Personnel are in charge of monitoring the environment and can only intervene in minor security problems. 5
  • 7. Polo Territoriale di Como The Risk Management System (RMS) [2] • The RMS receives the inputs from sensors and monitoring devices, recognizes the risks and emergencies in the environment and produces a Risk Map and preventive or corrective Strategies accordingly. [2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation," Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012. 6
  • 8. Polo Territoriale di Como Security Model: Environment The security model is based on ABAC including the following components: Environment: The Environment (EN) includes a set of sections that can be monitored for risks and is modeled using a graph. 7
  • 9. Polo Territoriale di Como Security Model: Subjects Subjects: Subject s S∈ is considered in three different categories: • Administrative Subjects: Their main responsibility is to assign the Subject, Object, and Environment Attributes • In Domain Subjects: are active subjects that need permissions to access different kind of resources, and are in charge in the organization, with some kind of an organizational role. (e.g. Security Staff, etc.) • Out Domain Subjects: are the Subjects that are outside the organizational hierarchy. In our scenario, they are passive subjects in the Environment, such as the travelers in an airport area. 8
  • 10. Polo Territoriale di Como Security Model: Subjects (Continued) In Domain Subjects: These subjects can hold many attributes (Subject Attributes –SA) grouped as follows: The subject’s PRL is calculated by the RMS as follows: 9
  • 11. Polo Territoriale di Como Security Model: Objects Objects: Object o O∈ abstracts resources that a Subject can access or act on. These resources can be Physical objects or the data. We consider the following attributes (OA) for objects: 10
  • 12. Polo Territoriale di Como Security Model: Privileges & Request • Privileges: Privilege p ∈ P is the operations that a Subject requests to perform on an Object. The privileges can be permissions such as read, write, update, and execute, privileges on physical objects, such as trigger (for alarms), close (for doors and gas pipes), zoom in (for a camera), enter (for a section of the Environment) and so on. • Request: A request is defined as the result of the application of an evaluate function as follows: The results of this evaluation can be Permit, Deny and Not applicable. 11
  • 13. Polo Territoriale di Como Adaptivity of the Security Model To dynamically adapt the access control model to risk situations, two different methods are considered: •Activating/Deactivating Access Control Rules: this is done by considering set of access rules as an access control domain (acd ∈ ACD). Access control domains are statically defined by Administrative Subjects, but are activated and deactivated at run-time to adapt the access control model to risk situations. • Dynamically Changing Subject/Object/Environment Attributes: Necessary changes are made in the attributes of Subjects, Objects, and the Environment to allow the successful execution of the RMS strategies. 12
  • 14. Polo Territoriale di Como Adaptivity: Activating/Deactivating AC Rules Activating/Deactivating Access Control Rules: This is done by considering acd activation rules using the Event-Condition-Action (ECA) paradigm: If a risk is notified (Event) and a condition holds (Condition), then some acd ActiveACD∈ might be deactivated and some acd ACD∈ that are not in the ActiveACD set should be activated (Action). •To avoid conflicts between rules, we adopt XACML policy language. Considering single access rules as XACML <Rule>, acd as <Policy> that is a set of rules, and the set of activated acds (ActiveACD) as <PolicySet>. Example: 13
  • 15. Polo Territoriale di Como Adaptivity: Changing the Attributes Dynamically Changing Subject/Object/Environment Attributes: To let the rescue and security teams intervene, and also execute some of the strategies recommended by the RMS to handle risks, it is necessary to modify the attributes of Subjects, or/and Objects, or/and the Environment segments. Example 1: Changing an Environment Segments attribute to allow safe evacuation. 14
  • 16. Polo Territoriale di Como Adaptivity: Changing the Attributes (Continued) Example 2: Changing an Subject’s attribute to allow rescue teams to localize them. Example 3: Changing an Object’s attribute to allow required access permissions. 15
  • 17. Polo Territoriale di Como Conclusions • Considering risks as recognized by a Risk Management System based on monitoring data about the environment, this paper has presented an access control model, which is adaptive to risks. • To facilitate the adaptivity we employed the concept of ECA to dynamically change the security rules and make changes in attributes of the security model components. 16
  • 18. Polo Territoriale di Como Future Works • As future work, we are working towards formalizing this model using Event Calculus and Impalement it as an addition to out RMS tool [2]. [2] M. Fugini, C. Raibulet, and L. Ubezio, "Risk assessment in work environments: modeling and simulation," Concurrency and Computation: Practice and Experience, vol. 24, no. 18, pp. 2381-2403, 2012. 17
  • 19. Polo Territoriale di Como Thank You