Post on 15-Jan-2015
description
transcript
Context-enhaced Authorization
Using XACML to implement context-enhanced authorizations Martijn Oostdijk, Novay ISSE 2012, Brussels
2
Research & advisory organization
Multi-disciplinary, ~50 researchers/advisors
Innovation projects (gov, financial, health)
Formerly known as: Telematica Instituut
Senior Advisor Identity, Privacy, Trust
PhD comp. sci. Eindhoven Univ. Tech.
CV: Radboud Univ., Riscure, Novay
Martijn Oostdijk
3
centralization authz
authz for the cloud
nomadic working
extended enterprise
mobile/context
(insider) attacks
+ + + + +
Context- enhanced
Authorization XACML standard
+ Research project with
IBM and Rabobank
Context-enhanced authz
• XACML PoC at a large Dutch bank • Context = location and more • DYNAMIC!! Policies • Usefulness through use cases +
feasibility study through demonstrator • Scope: employees
Context-enhanced Authorization 4
This presentation is NOT:
• Introduction to Attribute based AC • Introduction to XACML standard So that there’s more time for: • Context-enhanced authorization • Use case + demonstrator • Lessons learned
Context-enhanced Authorization 6
Authorization & Context?
Context-enhanced Authorization 7
(Attribute Based Access Control) PoC
• Use cases
• Demonstrator
Environment
- weather -air pollution
Activities
- working - travelling - meeting - sleeping
Social
- people nearby - behaviour
- friends - Twitter activities
Location
- long/lat - proximity
- country/city - @home/@work
Network
- IP-address - VPN - LAN
- WiFi or 3G
Mental
- happy - scared
- sad - stressed
Physiological
- heart rate - skin
- voice
Device
- type - ownership
(BYO) - OS and apps -patch status
Time
-office hours - lunch time
- between points in time
Context-enhanced Authorization 10
Domain Type Source 1. Environment Weather Buienradar
Air polution Weeronline.nl
Security incidents SIEM
2. Physiological Heart rate ECG sensor, Camera
Respiratory rate Camera
Blood pressure BP meter (cuff)
3. Social People nearby Bluetooth, Google Lattitude, Outlook Calendar
SN Friends LinkedIn, Facebook
Activity Twitter
4. Location Long/Lat GPS, GSM Cell-Id
City GPS, Geo-IP
Proximity Bluetooth, RFID/NFC
Context-enhanced Authorization 11
Domain Type Source 5. Time Office hours System time
Lunch time Outlook Calendar
6. Mental Happy/sad Sound sensor
Scared Galvanic skin responses
Stressed
7. Network VPN or localnet Network access gateway
Wireless or Wired IP address
8. Device Type Device mngmt system
Ownership Device mngmt system
Context-enhanced Authorization 12
Domain Type Source 9. Activity Travelling GPS, accelerometer
Meeting Calendar, Proximity sources
Sleeping Heart sensor, ECG, sound
Some observations: • Inter-dependencies between domains/types • Some inference is needed in some types • Most domains/types can benefit from multiple measurements
over time • What characteristics determine which domains / types /
sources are most suitable in a given scenario?
Use-cases – a high level …
• Finer grained access to application with “hit-n-run” functionality
• Data loss prevention when traveling • More flexible authentication Simple context sources
Context-enhanced Authorization 13
Demonstrator
Context-enhanced Authorization 14
Context server
Application
Google Calendar
NFC reader
Proximity dongle
Policies
Policies incl. context variables
Outlook
Google Latitude
Context client
Policy Engine
User
Device Mgmt
Context-enhanced Authorization 17
Context-enhanced Authorization 18
Context-enhanced Authorization 19
Context-enhanced Authorization 20
Context-enhanced Authorization 21
Context-enhanced Authorization 22
Context
• Location, location, location • Stuff derived from location • Type of device (BYOD, enterprise mobility etc.) • Type of network (VPN/local, AP, browser, OS) • Time-of-day • And, of course, normal usage patterns • Please note: context is just another attribute for
XACML, but then dynamic
Context-enhanced Authorization 23
Authenticity of context • Can we trust the source?
• Depends on the precise scenario • and on technology • and on who controls the source • Some sources are more trustworthy than other
• Why not just fuse with more context sources? • Multi-factor context, harder to fake for attacker • But also harder to understand and base policies on
• How to react to incidents?
Context-enhanced Authorization 24
Trust me!
Authenticity of context
Context-enhanced Authorization 25
Needed trust in authenticity of context
CeA vs TM (SIEM, …):
Quality of context
• Sources might provide incorrect data (with certain probability)
• Sources have limited accuracy (resolution, precision, granularity)
• Sources deliver data with certain delay • Data will have a temporal relevancy • Some sensors require user to carry (and not
forget) mobile device …
Context-enhanced Authorization 26
Adoption in applications
• XACML-izing applications • SOA oriented applications easy • Making apps ready for externalization of authz
• (Stable versions of) XACML have been around since before 2006
• “Move to cloud” as driver? • Alternatives: provision authz attributes,
proprietary authorization APIs
Context-enhanced Authorization 27
Privacy consequences
• Acceptance • Trade-off between privacy and usability (or
security?)
• Measure only relevant context • Relevant for (what?) purpose • Degrade information (latency, accuracy) • User control (and transparancy), sensors are
in mobile • Assumes (some) trust in CM system
Context-enhanced Authorization 28
Complexity of policies
• Policies with many different context variables
• Express policies with respect to “raw” context (e.g. long/lat) versus more abstract notions (e.g. @home, @work)
Context-enhanced Authorization 29
Scalability & performance
Context-enhanced Authorization 30
Key take-aways
Yes it’s useful, yes it’s feasible
But w.r.t. context: authenticity, quality & privacy
But w.r.t. dyn attributes / XACML: complexity of policies & scalability
Context is mostly location, KIS
More Information
http://www.novay.nl/digital-identity martijn.oostdijk@novay.nl http://linkedin.com/in/martijno
32 Context-enhanced Authorization
This presentation was supported by the Dutch national program COMMIT (project P7 SWELL)