Transcript
Facoltà di Scienze MM.FF.NN. di Varese
Università degli Studi dell’Insubria
Michele Guglielmimichele.guglielmi@uninsubria.it
A Framework in Support of EmergencyManagement: from Flexible Access Control toCloud-based Information Sharing
Emergency Management
Information Sharing
Hurricane Katrina 9/11 Attack Fukushima
Traditional vs Emergency Access Control
Traditional access control models are regulated by a proper set of pre-defined access control policies.
An Emergency access control model should (during an emergency) bypass the regular access control policies and grant users access to resources not normally authorized.
Downgrading of information security
Temporary Controlled Timely
Flexible access control model
Information Sharing
Information Sharing
Single Organization
Multiple Organizations
Flexible Access Control Model Cloud-based Information Sharing
Our Model vs BtG (Break the Glass)
emergency policies are active only during emergencies
only the system can override a regular policy
system overrides immediately regular policies when an emergency is detected
a subject requests an access the system checks regular access control policies if the access request is denied, the system verifies whether
this decision can be overridden by a BtG policy the subject is notified and asked to confirm.
In our proposal, when an emergency is detected related emergency policies are activated. If an access is denied by a regular policy, the system checks if this decision can be overridden by a emergency policy and, in this case, the access is granted.
BtG policies are always activea user can decide when to use a BtG
policy to override a regular onea user can wait a while to respond
when the system prompts the BtG request
Information Sharing in the cloud
Untrusted Domain: cloud servers are usually managed by commercial providers which are outside of the trusted domain of the users.
Encrypt Data
Selective Encryption
Queries over encrypted
data
Proposal
• Emergency Detection• Flexible Access Control Model• Access Control Model Enforcement• Information Sharing through the cloud
The overall goal of this proposal is to define, implement and test an access control framework to enforce controlled information sharing in emergency situations.
Emergency Detection
Emergency Detection
Complex Event Processing
(CEP)
Complex Event Processing (CEP)
Data Stream Management System (DSMS)
process incoming data through a sequence of transformations based on common SQL operators to produce streams of new data as an output
see incoming data as events happened in the external world, which have to be filtered and combined to detect occurrences of particular patterns
Event Languages
The literature offers several languages for event pattern specification (e.g., Amit, XChangeEQ, SpaTec, TESLA and SASE+). Some languages have also been proposed by vendors (e.g., Streambase, Sybase, Oracle CEP). However, up to now, a standard event specification language has not yet emerged.
In the thesis a Core Event Specification Language (CESL)
will be used
B. Carminati, E. Ferrari, and M. Guglielmi, Secure information sharing on support of emergency management. In proceeding of The Third IEEE International Conference
on Information Privacy, Security, Risk and Trust (PASSAT).
Emergency
An emergency is modeled as a couple of events, defined in CESL, that signal the beginning and ending of the emergencysituation, respectively.
Example: Patients wear several monitoring devices that catch their health measures. All gathered measures are encoded as tuples in a data stream and sent to a CEP.
BradycariaEmergency { init: σ(heart_rate ≤ 60)(VitalSigns) end: σ(heart_rate > 60)(VitalSigns)}
Access Control Model
Access control model for emergency management should enforce flexible and controlled information sharing during emergencies.
• Temporary Access Control Policies (tacps): a tuple (sbj, obj, priv) where sbj identifies subjects authorized to exercise the privilege priv on the target object obj
• Emergency obligation: an action or a set of actions that must be fulfilled when an emergency is detected.
Example: (BradycariaEmergency, tacp1, call_ambulance)tacp1 { sbj: paramedics taking care of the patient at the time of the emergency; obj: Electronic Medical Record (EMR) of
the patient under emergency; priv: read;}
Access Control Enforcement
userObjects
CEP Server
Policy Repository
EmergencyHandler
Access Control Handler
User Profiles Repository
To implement the proposed access control model we exploit CEP systems. A possible architecture is the following.
regular access control policies, emergency descriptions, emergency policies, tacps and obligations
Develop a prototype implementing this architecture and carry out an extensive set of tests on the prototype
Access Control Model Extensions
• Emergency Policy Correctness
• Distribute the rights of create emergency policies
• Describe more critical scenarios
Validity Checks
Emergency Administrative PoliciesComposed Emergencies
Information Sharing on the Cloud
Enhance the presented architecture in order to enforce information sharing across different organizations that should cooperate for emergency management
• Interoperability • Timely response
• Dynamic virtualization for emergency management• Dynamic information sharing across multi-domain clouds
Given the increasing trend of moving organizational functionalities in the cloud, this proposal wants to offer several solutions so as to be able to design information sharing for emergency situations suitable for as many as possible organizations, based on their level of integration within the cloud infrastructure.
Dynamic virtualization for emergency management
Public Cloud
Policy Repository
CEP
Resource 1
Resource 2
Resource n
Organization 1
Organization n
Organization 2
User
EmergencyHandler
Resource n
Resource 2
Resource 1
Access ControlHandler
The cloud service provider (i.e., Public Cloud) manages a cloud to provide data storage service. Each Organization stores information to be shared in a local repository managed by the organization itself.
Encryption TechniquesCloud Services
Dynamic information sharing across multi-domain clouds
Policy Repository
CEP
Private CloudOrganization 1
Private CloudOrganization n
Private CloudOrganization 2
User
EmergencyHandler
Resource n
Resource 2
Resource 1
Access ControlHandler
PolicyRepository
PolicyRepository
PolicyRepository
Each organization has its data stored in aprivate cloud.
Policy Interchange Language
Interoperability problem
Research Schedule (Flexible Access Control)
Phase Main Task
Requirementanalysis
Understanding requirements of emergency management in terms of access control and information sharing
State of the art
Reading, researching, and evaluating sources about complex event processing and flexible access control models
Modelization Definition of a formal access control model tailored foremergency management
Enforcement and performance evaluation
Development of a prototype implementing the access control model. Prototype performance evaluation through an extensive set of tests -
Not yet performed, - Partially performed, Completed
Research Schedule (Cloud-based Information Sharing)
Phase Main Task
State of the art Reading, researching, and evaluating sources about cloud infrastructures and encryption techniques to store data in the cloud
-
Modelization Formal definition of architectures in support of information sharing through the cloud: dynamic virtualization for emergency management and dynamic information sharing across multi-domain clouds
-
Implementationand performance evaluation
Development of a framework implementing the cloud infrastructures in support of information sharing
Testing Testing the framework on a real case study thanks to the collaboration with Protezione Civile promoted during the workshop on maxi-emergency management organized by the Knowledge and Service Management for Business Applications research centre of the University of Insubria.
Not yet performed, - Partially performed, Completed
top related