94 research outputs found

    Access Control Within MQTT-based IoT environments

    Get PDF
    IoT applications, which allow devices, companies, and users to join the IoT ecosystems, are growing in popularity since they increase our lifestyle quality day by day. However, due to the personal nature of the managed data, numerous IoT applications represent a potential threat to user privacy and data confidentiality. Insufficient security protection mechanisms in IoT applications can cause unauthorized users to access data. To solve this security issue, the access control systems, which guarantee only authorized entities to access the resources, are proposed in academic and industrial environments. The main purpose of access control systems is to determine who can access specific resources under which circumstances via the access control policies. An access control model encapsulates the defined set of access control policies. Access control models have been proposed also for IoT environments to protect resources from unauthorized users. Among the existing solutions, the proposals which are based on Attribute-Based Access Control (ABAC) model, have been widely adopted in the last years. In the ABAC model, authorizations are determined by evaluating attributes associated with the subject, object, and environmental properties. ABAC model provides outstanding flexibility and supports fine-grained, context-based access control policies. These characteristics perfectly fit the IoT environments. In this thesis, we employ ABAC to regulate the reception and the publishing of messages exchanged within MQTT-based IoT environments. MQTT is a standard application layer protocol that enables the communication of IoT devices. Even though the current access control systems tailored for IoT environments in the literature handle data sharing among the IoT devices by employing various access control models and mechanisms to address the challenges that have been faced in IoT environments, surprisingly two research challenges have still not been sufficiently examined. The first challenge that we want to address in this thesis is to regulate data sharing among interconnected IoT environments. In interconnected IoT environments, data exchange is carried out by devices connected to different environments. The majority of proposed access control frameworks in the literature aimed at regulating the access to data generated and exchanged within a single IoT environment by adopting centralized enforcement mechanisms. However, currently, most of the IoT applications rely on IoT devices and services distributed in multiple IoT environments to satisfy users’ demands and improve their functionalities. The second challenge that we want to address in this thesis is to regulate data sharing within an IoT environment under ordinary and emergency situations. Recent emergencies, such as the COVID-19 pandemic, have shown that proper emergency management should provide data sharing during an emergency situation to monitor and possibly mitigate the effect of the emergency situation. IoT technologies provide valid support to the development of efficient data sharing and analysis services and appear well suited for building emergency management applications. Additionally, IoT has magnified the possibility of acquiring data from different sensors and employing these data to detect and manage emergencies. An emergency management application in an IoT environment should be complemented with a proper access control approach to control data sharing against unauthorized access. In this thesis, we do a step to address two open research challenges related to data protection in IoT environments which are briefly introduced above. To address these challenges, we propose two access control frameworks rely on ABAC model: the first one regulates data sharing among interconnected MQTT-based IoT environments, whereas the second one regulates data sharing within MQTT-based IoT environment during ordinary and emergency situations.IoT applications, which allow devices, companies, and users to join the IoT ecosystems, are growing in popularity since they increase our lifestyle quality day by day. However, due to the personal nature of the managed data, numerous IoT applications represent a potential threat to user privacy and data confidentiality. Insufficient security protection mechanisms in IoT applications can cause unauthorized users to access data. To solve this security issue, the access control systems, which guarantee only authorized entities to access the resources, are proposed in academic and industrial environments. The main purpose of access control systems is to determine who can access specific resources under which circumstances via the access control policies. An access control model encapsulates the defined set of access control policies. Access control models have been proposed also for IoT environments to protect resources from unauthorized users. Among the existing solutions, the proposals which are based on Attribute-Based Access Control (ABAC) model, have been widely adopted in the last years. In the ABAC model, authorizations are determined by evaluating attributes associated with the subject, object, and environmental properties. ABAC model provides outstanding flexibility and supports fine-grained, context-based access control policies. These characteristics perfectly fit the IoT environments. In this thesis, we employ ABAC to regulate the reception and the publishing of messages exchanged within MQTT-based IoT environments. MQTT is a standard application layer protocol that enables the communication of IoT devices. Even though the current access control systems tailored for IoT environments in the literature handle data sharing among the IoT devices by employing various access control models and mechanisms to address the challenges that have been faced in IoT environments, surprisingly two research challenges have still not been sufficiently examined. The first challenge that we want to address in this thesis is to regulate data sharing among interconnected IoT environments. In interconnected IoT environments, data exchange is carried out by devices connected to different environments. The majority of proposed access control frameworks in the literature aimed at regulating the access to data generated and exchanged within a single IoT environment by adopting centralized enforcement mechanisms. However, currently, most of the IoT applications rely on IoT devices and services distributed in multiple IoT environments to satisfy users’ demands and improve their functionalities. The second challenge that we want to address in this thesis is to regulate data sharing within an IoT environment under ordinary and emergency situations. Recent emergencies, such as the COVID-19 pandemic, have shown that proper emergency management should provide data sharing during an emergency situation to monitor and possibly mitigate the effect of the emergency situation. IoT technologies provide valid support to the development of efficient data sharing and analysis services and appear well suited for building emergency management applications. Additionally, IoT has magnified the possibility of acquiring data from different sensors and employing these data to detect and manage emergencies. An emergency management application in an IoT environment should be complemented with a proper access control approach to control data sharing against unauthorized access. In this thesis, we do a step to address two open research challenges related to data protection in IoT environments which are briefly introduced above. To address these challenges, we propose two access control frameworks rely on ABAC model: the first one regulates data sharing among interconnected MQTT-based IoT environments, whereas the second one regulates data sharing within MQTT-based IoT environment during ordinary and emergency situations

    dynSMAUG: A Dynamic Security Management Framework Driven by Situations

    Get PDF
    We present a dynamic security management framework where security policies are specified according to situations. A situation allows to logically group dynamic constraints and make policies closer to business. Situations are specified and calculated by using complex events processing techniques and security policies are written in XACMLv3. Finally, the framework is supported by a modular event based deployment infrastructure. The whole framework has been implemented and its performance is evaluated

    Steps towards adaptive situation and context-aware access: a contribution to the extension of access control mechanisms within pervasive information systems

    Get PDF
    L'Ă©volution des systĂšmes pervasives a ouvert de nouveaux horizons aux systĂšmes d'information classiques qui ont intĂ©grĂ© des nouvelles technologies et des services qui assurent la transparence d'accĂšs aux resources d'information Ă  n'importe quand, n'importe oĂč et n'importe comment. En mĂȘme temps, cette Ă©volution a relevĂ© des nouveaux dĂ©fis Ă  la sĂ©curitĂ© de donnĂ©es et Ă  la modĂ©lisation du contrĂŽle d'accĂšs. Afin de confronter ces challenges, differents travaux de recherche se sont dirigĂ©s vers l'extension des modĂšles de contrĂŽles d'accĂšs (en particulier le modĂšle RBAC) afin de prendre en compte la sensibilitĂ© au contexte dans le processus de prise de dĂ©cision. Mais la liaison d'une dĂ©cision d'accĂšs aux contraintes contextuelles dynamiques d'un utilisateur mobile va non seulement ajouter plus de complexitĂ© au processus de prise de dĂ©cision mais pourra aussi augmenter les possibilitĂ©s de refus d'accĂšs. Sachant que l'accessibilitĂ© est un Ă©lĂ©ment clĂ© dans les systĂšmes pervasifs et prenant en compte l'importance d'assurer l'accĂ©ssibilitĂ© en situations du temps rĂ©el, nombreux travaux de recherche ont proposĂ© d'appliquer des mĂ©canismes flexibles de contrĂŽle d'accĂšs avec des solutions parfois extrĂȘmes qui depassent les frontiĂšres de sĂ©curitĂ© telle que l'option de "Bris-de-Glace". Dans cette thĂšse, nous introduisons une solution modĂ©rĂ©e qui se positionne entre la rigiditĂ© des modĂšles de contrĂŽle d'accĂšs et la flexibilitĂ© qui expose des risques appliquĂ©es pendant des situations du temps rĂ©el. Notre contribution comprend deux volets : au niveau de conception, nous proposons PS-RBAC - un modĂšle RBAC sensible au contexte et Ă  la situation. Le modĂšle rĂ©alise des attributions des permissions adaptatives et de solution de rechange Ă  base de prise de dĂ©cision basĂ©e sur la similaritĂ© face Ă  une situation importanteÀ la phase d'exĂ©cution, nous introduisons PSQRS - un systĂšme de rĂ©Ă©criture des requĂȘtes sensible au contexte et Ă  la situation et qui confronte les refus d'accĂšs en reformulant la requĂȘte XACML de l'utilisateur et en lui proposant une liste des resources alternatives similaires qu'il peut accĂ©der. L'objectif est de fournir un niveau de sĂ©curitĂ© adaptative qui rĂ©pond aux besoins de l'utilisateur tout en prenant en compte son rĂŽle, ses contraintes contextuelles (localisation, rĂ©seau, dispositif, etc.) et sa situation. Notre proposition a Ă©tĂ© validĂ© dans trois domaines d'application qui sont riches des contextes pervasifs et des scĂ©narii du temps rĂ©el: (i) les Équipes Mobiles GĂ©riatriques, (ii) les systĂšmes avioniques et (iii) les systĂšmes de vidĂ©o surveillance.The evolution of pervasive computing has opened new horizons to classical information systems by integrating new technologies and services that enable seamless access to information sources at anytime, anyhow and anywhere. Meanwhile this evolution has opened new threats to information security and new challenges to access control modeling. In order to meet these challenges, many research works went towards extending traditional access control models (especially the RBAC model) in order to add context awareness within the decision-making process. Meanwhile, tying access decisions to the dynamic contextual constraints of mobile users would not only add more complexity to decision-making but could also increase the possibilities of access denial. Knowing that accessibility is a key feature for pervasive systems and taking into account the importance of providing access within real-time situations, many research works have proposed applying flexible access control mechanisms with sometimes extreme solutions that depass security boundaries such as the Break-Glass option. In this thesis, we introduce a moderate solution that stands between the rigidity of access control models and the riskful flexibility applied during real-time situations. Our contribution is twofold: on the design phase, we propose PS-RBAC - a Pervasive Situation-aware RBAC model that realizes adaptive permission assignments and alternative-based decision-making based on similarity when facing an important situation. On the implementation phase, we introduce PSQRS - a Pervasive Situation-aware Query Rewriting System architecture that confronts access denials by reformulating the user's XACML access request and proposing to him a list of alternative similar solutions that he can access. The objective is to provide a level of adaptive security that would meet the user needs while taking into consideration his role, contextual constraints (location, network, device, etc.) and his situation. Our proposal has been validated in three application domains that are rich in pervasive contexts and real-time scenarios: (i) Mobile Geriatric Teams, (ii) Avionic Systems and (iii) Video Surveillance Systems

    Authorization schema for electronic health-care records: for Uganda

    Get PDF
    This thesis discusses how to design an authorization schema focused on ensuring each patient's data privacy within a hospital information system

    Enforcement of entailment constraints in distributed service-based business processes

    Get PDF
    Abstract Context: A distributed business process is executed in a distributed computing environment. The service-oriented architecture (SOA) paradigm is a popular option for the integration of software services and execution of distributed business processes. Entailment constraints, such as mutual exclusion and binding constraints, are important means to control process execution. Mutually exclusive tasks result from the division of powerful rights and responsibilities to prevent fraud and abuse. In contrast, binding constraints define that a subject who performed one task must also perform the corresponding bound task(s). Objective: We aim to provide a model-driven approach for the specification and enforcement of task-based entailment constraints in distributed servicebased business processes. Method: Based on a generic metamodel, we define a domain-specific language (DSL) that maps the different modeling-level artifacts to the implementation-level. The DSL integrates elements from role-based access control (RBAC) with the tasks that are performed in a business process. Process definitions are annotated using the DSL, and our software platform uses automated model transformations to produce executable WS-BPEL specifications which enforce the entailment constraints. We evaluate the impact of constraint enforcement on runtime performance for five selected service-based processes from existing literature. Results: Our evaluation demonstrates that the approach correctly enforces task-based entailment constraints at runtime. The performance experiments illustrate that the runtime enforcement operates with an overhead that scales well up to the order of several ten thousand logged invocations. Using our DSL annotations, the user-defined process definition remains declarative and clean of security enforcement code. Conclusion: Our approach decouples the concerns of (non-technical) domain experts from technical details of entailment constraint enforcement. The developed framework integrates seamlessly with WS-BPEL and the Web services technology stack. Our prototype implementation shows the feasibility of the approach, and the evaluation points to future work and further performance optimizations

    Gestion unifiée et dynamique de la sécurité : un cadriciel dirigé par les situations

    Get PDF
    Les systĂšmes de gestion de la sĂ©curitĂ© (SGS) font le lien entre les exigences de sĂ©curitĂ© et le domaine d'application technique. D'un cĂŽtĂ©, le SGS doit permettre Ă  l'administrateur sĂ©curitĂ© de traduire les exigences de sĂ©curitĂ© en configurations de sĂ©curitĂ© (appelĂ© ici le processus de dĂ©ploiement). De l'autre, il doit lui fournir des mĂ©canismes de supervision (tels que des SIEM, IDS, fichiers de logs, etc.) afin de vĂ©rifier que l'Ă©tat courant du systĂšme est toujours conforme aux exigences de sĂ©curitĂ© (appelĂ© ici processus de supervision). Aujourd'hui, garantir que les exigences de sĂ©curitĂ© sont respectĂ©es nĂ©cessite une intervention humaine. En effet, les processus de dĂ©ploiement et de supervision ne sont pas reliĂ©s entre eux. Ainsi, les SGS ne peuvent garantir que les exigences de sĂ©curitĂ© sont toujours respectĂ©es lorsque le comportement du systĂšme change. Dans le cadre du projet europĂ©en PREDYKOT, nous avons tentĂ© de boucler la boucle de gestion en intĂ©grant les informations sur le changement de comportement du systĂšme et en les injectant dans le processus de dĂ©ploiement. Cela permet de faire appliquer des mesures de sĂ©curitĂ© dynamiques en fonction des changements de comportement du systĂšme. Toutefois, il existe diverses approches pour exprimer et mettre en Ɠuvre des politiques de sĂ©curitĂ©. Chaque solution de gestion est dĂ©diĂ©e Ă  des problĂ©matiques de gestion des autorisations ou Ă  celles des configurations de sĂ©curitĂ©. Chaque solution fournit son propre langage de politique, son propre modĂšle architectural et son propre protocole de gestion. Or, il est nĂ©cessaire de gĂ©rer Ă  la fois les autorisations et les configurations de sĂ©curitĂ© de maniĂšre unifiĂ©e. Notre contribution porte principalement sur trois points : Le retour d'information de supervision : Le processus de supervision capture le comportement dynamique du systĂšme au travers d'Ă©vĂšnements. Chaque Ă©vĂšnement transporte peu de sens. Nous proposons de considĂ©rer non pas les Ă©vĂšnements individuellement mais de les agrĂ©ger pour former des situations afin d'amener plus de sĂ©mantique sur l'Ă©tat du systĂšme. Nous utilisons ce concept pour relier les exigences de sĂ©curitĂ©, les changements dans le systĂšme et les politiques de sĂ©curitĂ© Ă  appliquer. Un nouvel agent, appelĂ© gestionnaire de situations, est responsable de la gestion du cycle de vie des situations (dĂ©but et fin de situation, etc.) Nous avons implantĂ© cet agent grĂące Ă  la technologie de traitement des Ă©vĂšnements complexes. Expression de la politique : Nous proposons d'utiliser le concept de situation comme Ă©lĂ©ment central pour exprimer des politiques de sĂ©curitĂ© dynamiques. Les dĂ©cisions de sĂ©curitĂ© peuvent ĂȘtre alors automatiquement dirigĂ©es par les situations sans avoir besoin de changer la rĂšgle courante. Nous appliquons l'approche de contrĂŽle d'accĂšs Ă  base d'attributs pour spĂ©cifier nos politiques. Cette approche orientĂ©e par les situations facilite l'Ă©criture des rĂšgles de sĂ©curitĂ© mais aussi leur comprĂ©hension. De plus, ces politiques Ă©tant moins techniques, elles sont plus proches des besoins mĂ©tiers. L'architecture de gestion : Nous prĂ©sentons une architecture de gestion orientĂ©e Ă©vĂ©nement qui supporte la mise en Ɠuvre de politiques de sĂ©curitĂ© dirigĂ©es par les situations. ConsidĂ©rer les messages de gestion en terme d'Ă©vĂšnements, nous permet d'ĂȘtre indĂ©pendant de tout protocole de gestion. En consĂ©quence, notre architecture couvre de maniĂšre unifiĂ©e les approches de gestion des autorisations comme des configurations (obligations) selon les modĂšles de contrĂŽle de politiques en externalisation comme en approvisionnement. De plus, les agents de gestion sont adaptables et peuvent ĂȘtre dynamiquement amĂ©liorĂ©s avec de nouvelles fonctionnalitĂ©s de gestion si besoin. Notre cadriciel a Ă©tĂ© complĂštement implantĂ© et est conforme au standard XACMLv3 d'OASIS. Enfin, nous avons Ă©valuĂ© la gĂ©nĂ©ricitĂ© de notre approche Ă  travers quatre scĂ©narii.A Security Management System (SMS) connects security requirements to the technical application domain. On the one hand, an SMS must allow the security administrator/officer to translate the security requirements into security configurations that is known as the enforcement process. On the other hand, it must supply the administrator/officer with monitoring features (SIEM, IDS, log files, etc.) to verify that the environments' changes do not affect the compliance to the predefined security requirements known as the monitoring process. Nowadays, guarantying security objectives requires a human intervention. Therefore, the SMS enforcement process is disconnected from the monitoring process. Thus, an SMS cannot dynamically guarantee that security requirements are still satisfied when environment behavior changings are observed. As part of the European project PREDYKOT, we have worked on closing the management loop by establishing a feedback on the dynamic behavior, captured from the environment, to impact the enforcement process. As a result, expressing and applying a dynamic security policy will be possible. However, many policy expression and enforcement approaches exist currently. Each security management solution is dedicated to some specific issues related to authorization or to system/network management. Each solution provides a specific policy language, an architectural model and a management protocol. Nevertheless, closing the management loop implies managing both authorizations and system/network configurations in a unified framework. Our contribution tackles the following three main issues: Feedback: The monitoring process captures the highly dynamics of the behavior through events. However, each event is not semantically associated with other events. We propose to get more semantics about behavior's changings thus introducing the concept of "situation" to be dealt with in security management applications. This concept aggregates events and links relevant security requirements, relevant behavior changes, and relevant policy rules. A new management agent, called the situation manager, has been added. The latter is responsible for the management process of the situations lifecycle (situation beginning and ending, etc.). We implement this software module using the complex event processing technology. Policy Expression: We propose to specify dynamic security policies oriented by situations. By doing so, the expression of the security policy rules becomes simpler to understand, easier to write and closer to the business and security needs. Hence, each relevant situation orients automatically the policy evaluation process towards a new dynamic decision that doesn't require updating the policy rules. We apply the attribute-based expression approach because of its ability to represent everything through attribute terms, which is a flexible way to express our dynamic policy rules. Enforcement Architecture: we propose a unified and adaptive architecture that supports situations-oriented policies enforcement. We choose to build an event-driven architecture. Exchanging management messages in terms of events allows our architecture to be independent from the management protocols. Thus, it covers in a unified way authorizations as well as configurations management approaches considering both provisioning and outsourcing policy control models. In addition, management agents are adaptable and can be upgraded dynamically with new management functionalities. Our framework has been implemented and is compliant with the OASIS XACMLv3 standard. Finally, we evaluated our contributed according to four different scenarios to prove its generic nature

    Obstructions in Security-Aware Business Processes

    Get PDF
    This Open Access book explores the dilemma-like stalemate between security and regulatory compliance in business processes on the one hand and business continuity and governance on the other. The growing number of regulations, e.g., on information security, data protection, or privacy, implemented in increasingly digitized businesses can have an obstructive effect on the automated execution of business processes. Such security-related obstructions can particularly occur when an access control-based implementation of regulations blocks the execution of business processes. By handling obstructions, security in business processes is supposed to be improved. For this, the book presents a framework that allows the comprehensive analysis, detection, and handling of obstructions in a security-sensitive way. Thereby, methods based on common organizational security policies, process models, and logs are proposed. The Petri net-based modeling and related semantic and language-based research, as well as the analysis of event data and machine learning methods finally lead to the development of algorithms and experiments that can detect and resolve obstructions and are reproducible with the provided software

    Context-Based Access for Infrequent Requests in Tanzania\u27s Health Care System

    Get PDF
    Access control is an important aspect of any information system. It is a way of ensuring that users can only access what they are authorised to and no more. This can be achieved by granting users access to resources based on pre-defined organisational and legislative rules. Although access control has been extensively studied, and as a result, a wide range of access control models, mechanisms and systems have been proposed, specific access control requirements for healthcare systems that needs to support the continuity of care in an accountable manner have not been addressed. This results in a gap between what is required by the application domain and what is actually practised, and thus access control solutions implemented for the domain become too restrictive. The continuity of care is defined as the delivery of seamless health care services to patients through integration, coordination and sharing of information between providers. This thesis, therefore, designs a context-based access control model that allows healthcare professionals to bypass access rules in an accountable manner in case of an infrequent access request involving an emergency situation. This research uses the Tanzania\u27s healthcare system as a case study domain

    My private cloud--granting federated access to cloud resources

    Get PDF
    We describe the research undertaken in the six month JISC/EPSRC funded My Private Cloud project, in which we built a demonstration cloud file storage service that allows users to login to it, by using their existing credentials from a configured trusted identity provider. Once authenticated, users are shown a set of accounts that they are the owners of, based on their identity attributes. Once users open one of their accounts, they can upload and download files to it. Not only that, but they can then grant access to their file resources to anyone else in the federated system, regardless of whether their chosen delegate has used the cloud service before or not. The system uses standard identity management protocols, attribute based access controls, and a delegation service. A set of APIs have been defined for the authentication, authorisation and delegation processes, and the software has been released as open source to the community. A public demonstration of the system is available online
    • 

    corecore