Trusted emergency management

The ability for emergency first responders to access sensitive information for which they have not been pre-vetted can save lives and property. We describe a trusted emergency management solution for ensuring that sensitive information is protected from unauthorized access, while allowing for extraordinary access to be authorized under the duress of an emergency. Our solution comprises an emergency access control policy, an operational model and a scalable system security architecture. The operational model involves endusers who are on call as first responders, providers of critical information, and a coordinating authority. Extraordinary access to information is allowed to occur only during emergencies, and only in a confined emergency partition, which is unavailable before the emergency and can be completely purged after the emergency. As all information remains within its assigned partition, after the emergency the system can meaningfully enforce its pre-emergency access control policy. A major component of the architecture is the end-user device, and we describe mechanisms on the device for secure storage of data, and for management of emergency state, to indicate feasibility.Grant numbers: CNS-0430566 and CNS-0430598.Approved for public release; distribution is unlimited

BYOD NETWORK: Enhancing Security through Trust–Aided Access Control Mechanisms

The growth of mobile devices both in variety and in computational abilities have given birth to a concept in the corporate world known as Bring Your Own Device (BYOD). Under this concept, Employees are allowed to bring personally owned mobile devices for official work. Though relatively new, it has gained up to 53% patronage among organisations, and it is expected to hit 88% in the near future. Its popularity is driven by significant advantages ranging from reduced cost, employee satisfaction to improved productivity. However, the concept also introduces new security challenges; for instance, the organisation looses the ownership of devices used for official work, to the employees. Implying that the employees own and manage the devices they use to work, including seeing to the security needs of such devices. With this development, protecting the corporate network becomes pertinent and even more challenging with an audacious need for outwittingconventional access control mechanisms, giving the highly dynamic nature of mobile devices. Considering the fact that BYOD is also a type of pervasive/dynamic environment, this work studies similar dynamic environments, relating to how their security challenges are addressed, and from such bases a Trust-Aided Dynamic Access Control Approach is proposed for enhancing the security of BYOD devices. Through computational analysis, this scheme has been seen to be security-compliant and could significantly improving the overall security of BYOD networks

Access control to support security-minded sharing of information

In an increasingly interconnected and automated world, we are dependent on the flow of information between people, organisations, and systems. An appropriate and proportionate control of access to information is essential for the safety and security of individuals, society, and nation states. Significant harm can arise from unauthorised access to, or modification of, information, and in some cases the inability to obtain access when required. The paper reviews current access control models and identifies shortcomings in respect of an increased need for information sharing. It considers the concept of entitlement to information, and the role of rights and obligations. Management of access to information in complex sharing situations is also discussed. The paper identifies several areas where further work is required to facilitate development of more sophisticated access control mechanisms that could better support current and future needs

Erfassung und Behandlung von Positionsfehlern in standortbasierter Autorisierung

Durch die immer größeren technischen Möglichkeiten mobiler Endgeräte sind die Voraussetzungen erfüllt, um diese zum mobilen Arbeiten oder zur Steuerung von industriellen Fertigungsprozessen einzusetzen. Aus Gründen der Informations- und Betriebssicherheit, sowie zur Umsetzung funktionaler Anforderungen, ist es aber vielfach erforderlich, die Verfügbarkeit von entsprechenden Zugriffsrechten auf Nutzer innerhalb autorisierter Zonen zu begrenzen. So kann z.B. das Auslesen kritischer Daten auf individuelle Büros oder die mobile Steuerung von Maschinen auf passende Orte innerhalb einer Fabrikhalle beschränkt werden. Dazu muss die Position des Nutzers ermittelt werden. Im realen Einsatz können Positionsschätzungen jedoch mit Fehlern in der Größe von autorisierten Zonen auftreten. Derzeit existieren noch keine Lösungen, welche diese Fehler in Autorisierungsentscheidungen berücksichtigen, um einhergehenden Schaden aus Falschentscheidungen zu minimieren. Ferner existieren derzeit keine Verfahren, um die Güteeigenschaften solcher Ortsbeschränkungen vor deren Ausbringung zu analysieren und zu entscheiden, ob ein gegebenes Positionierungssystem aufgrund der Größe seiner Positionsfehler geeignet ist. In der vorliegenden Arbeit werden deshalb Lösungen zur Erfassung und Behandlung solcher Positionsfehler im Umfeld der standortbasierten Autorisierung vorgestellt. Hierzu wird zunächst ein Schätzverfahren für Positionsfehler in musterbasierten Positionierungsverfahren eingeführt, das aus den Charakteristika der durchgeführten Messungen eine Verteilung für den Standort des Nutzers ableitet. Um hieraus effizient die Aufenthaltswahrscheinlichkeit innerhalb einer autorisierten Zone zu bestimmen, wird ein Algorithmus vorgestellt, der basierend auf Vorberechnungen eine erhebliche Verbesserung der Laufzeit gegenüber der direkten Berechnung erlaubt. Erstmals wird eine umfassende Gegenüberstellung von existierenden standortbasierten Autorisierungsstrategien auf Basis der Entscheidungstheorie vorgestellt. Mit der risikobasierten Autorisierungsstrategie wird eine neue, aus entscheidungstheoretischer Sicht optimale Methodik eingeführt. Es werden Ansätze zur Erweiterung klassischer Zugriffskontrollmodelle durch Ortsbeschränkungen vorgestellt, welche bei ihrer Durchsetzung die Möglichkeit von Positionsfehlern und die Konsequenzen von Falschentscheidungen berücksichtigen. Zur Spezifikation autorisierter Zonen werden Eigenschaftsmodelle eingeführt, die, im Gegensatz zu herkömmlichen Polygonen, für jeden Ort die Wahrscheinlichkeit modellieren, dort eine geforderte Eigenschaft zu beobachten. Es werden ferner Methoden vorgestellt, um den Einfluss von Messausreißern auf Autorisierungsentscheidungen zu reduzieren. Ferner werden Analyseverfahren eingeführt, die für ein gegebenes Szenario eine qualitative und quantitative Bewertung der Eignung von Positionierungssystemen erlauben. Die quantitative Bewertung basiert auf dem entwickelten Konzept der Autorisierungsmodelle. Diese geben für jeden Standort die Wahrscheinlichkeit an, dort eine Positionsschätzung zu erhalten, die zur Autorisierung führt. Die qualitative Bewertung bietet erstmals ein binäres Kriterium, um für ein gegebenes Szenario eine konkrete Aussage bzgl. der Eignung eines Positionierungssystems treffen zu können. Die Einsetzbarkeit dieses Analyseverfahrens wird an einer Fallstudie verdeutlicht und zeigt die Notwendigkeit einer solchen Analyse bereits vor der Ausbringung von standortbasierter Autorisierung. Es wird gezeigt, dass für typische Positionierungssysteme durch die entwickelten risikobasierten Verfahren eine erhebliche Reduktion von Schaden aus Falschentscheidungen möglich ist und die Einsetzbarkeit der standortbasierten Autorisierung somit verbessert werden kann.The increasing technical capabilities of mobile devices allow a broad range of new applications. For example, employees are allowed to work mobile or industrial production processes can be remotely controlled via the mobile. For reasons of information security and operational safety, as well as for implementing functional requirements, often the availability of according access rights needs to be restricted to users within an authorized zone. Thus, access to sensitive data can be bound to users within particular offices, or the remote control of industrial machines can be restricted to safe regions within the factory building. For that purpose, the position of the user needs to be determined. Unfortunately, positioning errors in the size of authorized zones can arise during operation. Up to now, there are no approaches that handle those positioning errors when access rights are derived in a way, that minimizes negative consequences of possibly false authorization decisions. Furthermore, there are no methods to analyze the quality of such location constraints in the forefront of their deployment with a specific positioning system. Thus, it is left unclear, if its positioning errors are acceptable in the according scenario. In order to solve these problems, this thesis presents approaches to comprehend and handle positioning errors in the field of location-based access control. First of all, an error estimator for pattern-based positioning systems is introduced that employes characteristics of conducted position measurements. A probability density function (pdf) is derived in order to model the user's real position. This pdf can be used to derive the probability that a user is within the authorized zone. An algorithm is presented that employes precomputations to derive this probability. It allows for highly increased performance compared to the direct computation. For the first time, a detailed comparison of existing strategies for location-based access control is presented based on decision theory. The risk-based strategy is introduced, which is a novel method that is optimal from decision theory's point of view. Several approaches are presented that allow the assignment of location constraints to access control policies. When enforced, those constraints respect risk stemming from uncertain position measurements and possible damage of false authorization decisions. Feature models are introduced as a generalization of polygons for the specification of location constraints. For each geographic point, those models describe the probability that a required feature can be observed. Furthermore, a method is presented that allows to reduce the impact of measurement outliers on authorization decisions. At last, methods are presented that allow for a qualitative and quantitative rating of positioning systems for a given scenario. The quantitative rating is based on the novel concept of authorization models. Those models describe the probabiltiy for each geographic point, that a user at this point gets a position estimate that leads to an authorization. The qualitative rating represents a binary criteria to judge the suitability of a positioning system in a given scenario. The applicability of this method is demonstrated by a case study. This case study also brings up the necessity of such an analysis already before location-based access control is deployed. It is shown that for typical positioning systems the damage caused by false authorization decisions can be highly reduced by using the developed risk-based strategy. Finally, this improves the applicability of location-based access control, when positioning errors are non-negligible