ISSE 2012 Context-enhanced Authorization

Context-enhaced Authorization

Using XACML to implement context-enhanced authorizations Martijn Oostdijk, Novay ISSE 2012, Brussels

2

Research & advisory organization

Multi-disciplinary, ~50 researchers/advisors

Innovation projects (gov, financial, health)

Formerly known as: Telematica Instituut

Senior Advisor Identity, Privacy, Trust

PhD comp. sci. Eindhoven Univ. Tech.

CV: Radboud Univ., Riscure, Novay

Martijn Oostdijk

3

centralization authz

authz for the cloud

nomadic working

extended enterprise

mobile/context

(insider) attacks

+ + + + +

Context- enhanced

Authorization XACML standard

+ Research project with

IBM and Rabobank

Context-enhanced authz

• XACML PoC at a large Dutch bank • Context = location and more • DYNAMIC!! Policies • Usefulness through use cases +

feasibility study through demonstrator • Scope: employees

Context-enhanced Authorization 4

CEA – the movie

• 2:40


http://youtu.be/lGUprbxJNvE�

This presentation is NOT:

• Introduction to Attribute based AC • Introduction to XACML standard So that there’s more time for: • Context-enhanced authorization • Use case + demonstrator • Lessons learned


Authorization & Context?


(Attribute Based Access Control) PoC

• Use cases

• Demonstrator

Environment

- weather -air pollution

Activities

- working - travelling - meeting - sleeping

Social

- people nearby - behaviour

- friends - Twitter activities

Location

- long/lat - proximity

- country/city - @home/@work

Network

- IP-address - VPN - LAN

- WiFi or 3G

Mental

- happy - scared

- sad - stressed

Physiological

- heart rate - skin

- voice

Device

- type - ownership

(BYO) - OS and apps -patch status

Time

-office hours - lunch time

- between points in time


Domain Type Source 1. Environment Weather Buienradar

Air polution Weeronline.nl

Security incidents SIEM

2. Physiological Heart rate ECG sensor, Camera

Respiratory rate Camera

Blood pressure BP meter (cuff)

3. Social People nearby Bluetooth, Google Lattitude, Outlook Calendar

SN Friends LinkedIn, Facebook

Activity Twitter

4. Location Long/Lat GPS, GSM Cell-Id

City GPS, Geo-IP

Proximity Bluetooth, RFID/NFC


Domain Type Source 5. Time Office hours System time

Lunch time Outlook Calendar

6. Mental Happy/sad Sound sensor

Scared Galvanic skin responses

Stressed

7. Network VPN or localnet Network access gateway

Wireless or Wired IP address

8. Device Type Device mngmt system

Ownership Device mngmt system


Domain Type Source 9. Activity Travelling GPS, accelerometer

Meeting Calendar, Proximity sources

Sleeping Heart sensor, ECG, sound

Some observations: • Inter-dependencies between domains/types • Some inference is needed in some types • Most domains/types can benefit from multiple measurements

over time • What characteristics determine which domains / types /

sources are most suitable in a given scenario?

Use-cases – a high level …

• Finer grained access to application with “hit-n-run” functionality

• Data loss prevention when traveling • More flexible authentication Simple context sources


Demonstrator


Context server

Application

Google Calendar

NFC reader

Proximity dongle

Policies

Policies incl. context variables

Outlook

Google Latitude

Context client

Policy Engine

User

Device Mgmt







Context

• Location, location, location • Stuff derived from location • Type of device (BYOD, enterprise mobility etc.) • Type of network (VPN/local, AP, browser, OS) • Time-of-day • And, of course, normal usage patterns • Please note: context is just another attribute for

XACML, but then dynamic


Authenticity of context • Can we trust the source?

• Depends on the precise scenario • and on technology • and on who controls the source • Some sources are more trustworthy than other

• Why not just fuse with more context sources? • Multi-factor context, harder to fake for attacker • But also harder to understand and base policies on

• How to react to incidents?


Trust me!

Authenticity of context


Needed trust in authenticity of context

CeA vs TM (SIEM, …):

Quality of context

• Sources might provide incorrect data (with certain probability)

• Sources have limited accuracy (resolution, precision, granularity)

• Sources deliver data with certain delay • Data will have a temporal relevancy • Some sensors require user to carry (and not

forget) mobile device …


Adoption in applications

• XACML-izing applications • SOA oriented applications easy • Making apps ready for externalization of authz

• (Stable versions of) XACML have been around since before 2006

• “Move to cloud” as driver? • Alternatives: provision authz attributes,

proprietary authorization APIs


Privacy consequences

• Acceptance • Trade-off between privacy and usability (or

security?)

• Measure only relevant context • Relevant for (what?) purpose • Degrade information (latency, accuracy) • User control (and transparancy), sensors are

in mobile • Assumes (some) trust in CM system


Complexity of policies

• Policies with many different context variables

• Express policies with respect to “raw” context (e.g. long/lat) versus more abstract notions (e.g. @home, @work)


Scalability & performance


Key take-aways

Yes it’s useful, yes it’s feasible

But w.r.t. context: authenticity, quality & privacy

But w.r.t. dyn attributes / XACML: complexity of policies & scalability

Context is mostly location, KIS

More Information

http://www.novay.nl/digital-identity [email protected] http://linkedin.com/in/martijno

32 Context-enhanced Authorization

This presentation was supported by the Dutch national program COMMIT (project P7 SWELL)

http://www.novay.nl/digital-identity�

mailto:[email protected]�

http://linkedin.com/in/martijno�

Technology

ISSE 2012 Context-enhanced Authorization