Thesis Proposal

Facoltà di Scienze MM.FF.NN. di Varese

Università degli Studi dell’Insubria

Michele [email protected]

A Framework in Support of EmergencyManagement: from Flexible Access Control toCloud-based Information Sharing

Emergency Management

Information Sharing

Hurricane Katrina 9/11 Attack Fukushima

Traditional vs Emergency Access Control

Traditional access control models are regulated by a proper set of pre-defined access control policies.

An Emergency access control model should (during an emergency) bypass the regular access control policies and grant users access to resources not normally authorized.

Downgrading of information security

Temporary Controlled Timely

Flexible access control model

Information Sharing

Information Sharing

Single Organization

Multiple Organizations

Flexible Access Control Model Cloud-based Information Sharing

Our Model vs BtG (Break the Glass)

emergency policies are active only during emergencies

only the system can override a regular policy

system overrides immediately regular policies when an emergency is detected

a subject requests an access the system checks regular access control policies if the access request is denied, the system verifies whether

this decision can be overridden by a BtG policy the subject is notified and asked to confirm.

In our proposal, when an emergency is detected related emergency policies are activated. If an access is denied by a regular policy, the system checks if this decision can be overridden by a emergency policy and, in this case, the access is granted.

BtG policies are always activea user can decide when to use a BtG

policy to override a regular onea user can wait a while to respond

when the system prompts the BtG request

Information Sharing in the cloud

Untrusted Domain: cloud servers are usually managed by commercial providers which are outside of the trusted domain of the users.

Encrypt Data

Selective Encryption

Queries over encrypted

data

Proposal

• Emergency Detection• Flexible Access Control Model• Access Control Model Enforcement• Information Sharing through the cloud

The overall goal of this proposal is to define, implement and test an access control framework to enforce controlled information sharing in emergency situations.

Emergency Detection

Emergency Detection

Complex Event Processing

(CEP)

Complex Event Processing (CEP)

Data Stream Management System (DSMS)

process incoming data through a sequence of transformations based on common SQL operators to produce streams of new data as an output

see incoming data as events happened in the external world, which have to be filtered and combined to detect occurrences of particular patterns

Event Languages

The literature offers several languages for event pattern specification (e.g., Amit, XChangeEQ, SpaTec, TESLA and SASE+). Some languages have also been proposed by vendors (e.g., Streambase, Sybase, Oracle CEP). However, up to now, a standard event specification language has not yet emerged.

In the thesis a Core Event Specification Language (CESL)

will be used

B. Carminati, E. Ferrari, and M. Guglielmi, Secure information sharing on support of emergency management. In proceeding of The Third IEEE International Conference

on Information Privacy, Security, Risk and Trust (PASSAT).

Emergency

An emergency is modeled as a couple of events, defined in CESL, that signal the beginning and ending of the emergencysituation, respectively.

Example: Patients wear several monitoring devices that catch their health measures. All gathered measures are encoded as tuples in a data stream and sent to a CEP.

BradycariaEmergency { init: σ(heart_rate ≤ 60)(VitalSigns) end: σ(heart_rate > 60)(VitalSigns)}

Access Control Model

Access control model for emergency management should enforce flexible and controlled information sharing during emergencies.

• Temporary Access Control Policies (tacps): a tuple (sbj, obj, priv) where sbj identifies subjects authorized to exercise the privilege priv on the target object obj

• Emergency obligation: an action or a set of actions that must be fulfilled when an emergency is detected.

Example: (BradycariaEmergency, tacp1, call_ambulance)tacp1 { sbj: paramedics taking care of the patient at the time of the emergency; obj: Electronic Medical Record (EMR) of

the patient under emergency; priv: read;}

Access Control Enforcement

userObjects

CEP Server

Policy Repository

EmergencyHandler

Access Control Handler

User Profiles Repository

To implement the proposed access control model we exploit CEP systems. A possible architecture is the following.

regular access control policies, emergency descriptions, emergency policies, tacps and obligations

Develop a prototype implementing this architecture and carry out an extensive set of tests on the prototype

Access Control Model Extensions

• Emergency Policy Correctness

• Distribute the rights of create emergency policies

• Describe more critical scenarios

Validity Checks

Emergency Administrative PoliciesComposed Emergencies

Information Sharing on the Cloud

Enhance the presented architecture in order to enforce information sharing across different organizations that should cooperate for emergency management

• Interoperability • Timely response

• Dynamic virtualization for emergency management• Dynamic information sharing across multi-domain clouds

Given the increasing trend of moving organizational functionalities in the cloud, this proposal wants to offer several solutions so as to be able to design information sharing for emergency situations suitable for as many as possible organizations, based on their level of integration within the cloud infrastructure.

Dynamic virtualization for emergency management

Public Cloud

Policy Repository

CEP

Resource 1

Resource 2

Resource n

Organization 1

Organization n

Organization 2

User

EmergencyHandler

Resource n

Resource 2

Resource 1

Access ControlHandler

The cloud service provider (i.e., Public Cloud) manages a cloud to provide data storage service. Each Organization stores information to be shared in a local repository managed by the organization itself.

Encryption TechniquesCloud Services

Dynamic information sharing across multi-domain clouds

Policy Repository

CEP

Private CloudOrganization 1

Private CloudOrganization n

Private CloudOrganization 2

User

EmergencyHandler

Resource n

Resource 2

Resource 1

Access ControlHandler

PolicyRepository

PolicyRepository

PolicyRepository

Each organization has its data stored in aprivate cloud.

Policy Interchange Language

Interoperability problem

Research Schedule (Flexible Access Control)

Phase Main Task

Requirementanalysis

Understanding requirements of emergency management in terms of access control and information sharing

State of the art

Reading, researching, and evaluating sources about complex event processing and flexible access control models

Modelization Definition of a formal access control model tailored foremergency management

Enforcement and performance evaluation

Development of a prototype implementing the access control model. Prototype performance evaluation through an extensive set of tests -

Not yet performed, - Partially performed, Completed

Research Schedule (Cloud-based Information Sharing)

Phase Main Task

State of the art Reading, researching, and evaluating sources about cloud infrastructures and encryption techniques to store data in the cloud

-

Modelization Formal definition of architectures in support of information sharing through the cloud: dynamic virtualization for emergency management and dynamic information sharing across multi-domain clouds

-

Implementationand performance evaluation

Development of a framework implementing the cloud infrastructures in support of information sharing

Testing Testing the framework on a real case study thanks to the collaboration with Protezione Civile promoted during the workshop on maxi-emergency management organized by the Knowledge and Service Management for Business Applications research centre of the University of Insubria.

Not yet performed, - Partially performed, Completed