1 / 31

LBAC SCENARIOS CLASSIFICATION AND MODELING

LBAC SCENARIOS CLASSIFICATION AND MODELING. By Alvaro Escobar January 13 th , 2005. Overview. Scenarios Initial Classifications More Scenarios & Classifications UML Models Future Plan. Scenarios. People Location System (Carnegie Mellon University). Scenarios.

jcondit
Download Presentation

LBAC SCENARIOS CLASSIFICATION AND MODELING

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LBAC SCENARIOS CLASSIFICATION AND MODELING By Alvaro Escobar January 13th, 2005 LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  2. Overview • Scenarios • Initial Classifications • More Scenarios & Classifications • UML Models • Future Plan LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  3. Scenarios • People Location System (Carnegie Mellon University). LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  4. Scenarios • People Location System (Carnegie Mellon University). • Location Policies • Granularity: • Locations: • Time intervals: • policy maker can vary: • Object interested in protecting his/her location. • Institution or group administrator to where the Object belongs. • Delegation of Trust. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  5. Scenarios • Pervasive Access Control (PAC) System (MIT): LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  6. Scenarios • Pervasive Access Control (PAC) System (MIT): • Location Policies • constrained by grouping together beacons into location groups • Subject belongs to a location group as long as he can listen to one of the beacons in that group. • LID Authority is the policy maker (mappings between location groups and beacons). • Trust issues not addressed. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  7. Overview • Scenarios • Initial Classifications • More Scenarios & Classifications • UML Models • Future Plan LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  8. Initial Classifications • Access to people’s location (Type 1). • Authentication token is something: • you know • you have • you are. • Privacy enforced thru Policies. • Use location to access resources (Type 2). • Authentication token is location itself. • Privacy enforced automatically. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  9. UML Models UML Model for LBAC Type 1 v.1.0 LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  10. UML Models UML Model for LBAC Type 1 v.2.0 Subject Object Access Right Location information Fig. 1. UML model of access to an object’s location information LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  11. UML Models UML Model for LBAC Type 1 v.3.0 queries registers Subject Locator Object {GRANTED: If O.Location is within AR.Location} Access Right Location Location Fig. 1. UML model of access to an object’s location information LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  12. UML Models UML Model for LBAC Type 2 v.1.0 LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  13. Subject Object Access Right s.loc at ar.loc Location Location Fig. 3. UML model of access based on subject’s absolute position. UML Models UML Model for LBAC Type 2 v.2.0 LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  14. UML Models UML Model for LBAC Type 2 v.3.0 queries registers Subject Locator Object {GRANTED: If S.Location is within AR.Location} Location Access Right Location Fig. 1. UML model where subject’s location is used to get access to the object’s resource or data LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  15. Overview • Scenarios • Initial Classifications • More Scenarios & Classifications • UML Models • Future Plan LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  16. More Scenarios • Type 1 • A box or container holding merchandise in a warehouse or dock needs to be found by a robot or someone in charge of handling it. • A person, who is recently involved in an accident, needs help. Rescuers and paramedics need to know the person’s geographic location to rescue and/or possibly give first aid. • The Sales Director needs to geographically locate his/her salesman team, during working hours. • An absent-minded person needs to find the exact location of his/her car in a big parking lot, yet wants to keep his anonymity. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  17. More Scenarios • Type 2 • An employee can only login to a server from her office computer – the subject’s location is determined by the IP address assigned to her computer. • A museum website allows access to the tour guide application only to visitors inside the building [Mac04]. • A visitor is allowed access only to the directory of offices on the same floor he is in. • SunPass customer is allowed to enter/exit highway when passing by gate entrance/exit. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  18. More Scenarios • Type 3 • A doctor’s proximity to a patient in a hospital room (and to a computer monitor) determines the doctor’s access to the patient’s medical records. • A visitor’s proximity to a painting in a museum determines the visitor’s access to narration or description of that piece, using a rented device [Van02]. • A guard’s proximity to a door determines his access to the secure room behind the door. • A person’s proximity to a street intersection determines his access to a listing of attractions and restaurants in the area. • A fireman’s proximity to a building determines his access to a list of occupants, and/or hazardous chemicals in the building LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  19. Object Subject Access Right s.loc near o.loc Location Location Proximity Fig. 2. UML model of access based on subject’s proximity to object. UML Models UML Model for LBAC Type 3 v.1.0 LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  20. UML Models UML Model for LBAC Type 3 v.2.0 queries registers Subject Locator Object {GRANTED: If |S.Location - O.Location| < AR.Proximity} Location Access Right Location Proximity Fig. 2. UML model of access based on subject’s proximity to object. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  21. More Scenarios • Type 4 • A person is sentenced to confinement within a house or prison. The police needs to know when this person leaves the premises. • An employee cannot leave the company premises with his location device on. The security office needs to know when the employee leaves the premises with his location device on. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  22. Object Subject Access Right not(o.loc at ar.loc) Location Location Fig. 6. UML model of access triggered by an object outside a prescribed location. UML Models UML Model for LBAC Type 4 v.1.0 LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  23. UML Models UML Model for LBAC Type 4 v.2.0 informs updates Subject Locator Object {GRANTED: If O.Location not within AR.Location} Access Right Location Location Fig. 6. UML model of access triggered by an object outside a prescribed location. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  24. More Scenarios • Type 5 • A doctor’s proximity to a patient in the hospital, and to a computer monitor, determines the doctor’s access to the patient’s medical records. However, in this scenario, the doctor must also be wearing an authenticating badge to gain access. The badge may detect its proximity to the doctor (and vouch for her identity) through biometric sensing. • If we remove the “not” condition, we can model a scenario where spatial information is used to give transit police access to information about geographic assets and liabilities in an area of interest. [Che04]. • A device that is attached to a car can talk to other devices that are attached to that same car. • A doctor can only access a cabinet with controlled substances when the doctor is wearing an access-granting device, and is in close proximity to the cabinet. This is a most realistic of the doctor scenarios since only the device being worn needs to detect and authenticate the proximity of the doctor. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  25. e.loc near s.loc e.loc near o.loc Access Right Object Subject Location Location Location Proximity Proximity Entity UML Models UML Model for LBAC Type 5 v.1.0 Fig. 9. UML model of access based on mutual proximity to a third entity. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  26. UML Models UML Model for LBAC Type 5 v.2.0 Subject queries Locator registers Object {GRANTED: If |S.Location - O.Location| < AR.Proximity && f(E.Location)} Location Access Right Location Proximity Entity Location Fig. 9. UML model of access based on mutual proximity to a third entity. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  27. Overview • Scenarios • Initial Classifications • More Scenarios • More Classifications • UML Models • Future Plan LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  28. Future Plan • Access Control Policy specification. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  29. References • [Amm92] P. E. Amman, R. S. Sandhu “Implementing Transaction Control Expressions by Checking for Absence of Access Rights”, in proceedings of IEEE Annual Computer Security Applications Conference (ACSAC), St. Anthony's Hotel, San Antonio, Texas, 1992. • [Boo98] G. Booch, J. Rumbaugh, I. Jacobson “The Unified Modeling Language User Guide”, Addison-Wesley Pub Co; 1st edition (September 30, 1998). • [Che04] A. Chen, “Location, location, location”, E-week Magazine, e-Week Labs, Ziff Davis, July 12, 2004, Pages 55-56 • [Des02] N. Deshpande, G. Borriello, “Location-Aware Computing: Creating Innovative Applications and Services”, INTEL Developer UPDATE Magazine, December 2002. Pages 1-6. • [DeC03] S. DeCapitani di Vimercati, S. Paraboschi, P. Samarati “Access control: principles and solutions”, ACM Software—Practice & Experience, John Wiley & Sons, 33 (5):397-421, April 2003. • [Fer95] D.F. Ferraiolo, J. Cugini, “Role Based Access Control: Features and Motivations”, Computer Security Applications Conference (1995). • [Gor04] A. Gorlach, A, Heinemann, and W.W.Terpstra, "Survey on location privacy in pervasive computing", Procs. 1st Workshop on Sec. and Privacy at the Conf. on Pervasive Computing (SPPC), Vienna, April 2004. http://www.ito.tu-darmstadt.de/publs/index_en_html LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  30. References • [Hen04] U. Hengartner, P. Steenkiste. “Implementing Access Control to People Location Information”, ACM Symposium on Access Control Models and Technologies (SACMAT’04); IBM Thomas J Watson Research Center, Yorktown Heights, USA. June 2-4, 2004. • [Cor04] A. Corradi, R. Montanari, D. Tibaldi, “Context-Based Access Control Management in Ubiquitous Environments”, Network Computing and Applications, Third IEEE International Symposium on (NCA'04) , August 30 - September 01, 2004, Boston, MA. • [Hau02] C. Hauser, “Privacy and Security in Location-Based Systems with Spatial Models”, Pioneering Advanced Mobile Privacy and Security, PAMPAS '02 - Royal Holloway, University of London: September 16/17, 2002 • [LaP73] L. J. LaPadula, D. E. Bell, “Secure Computer Systems: Mathematical Foundations and Model”, The MITRE Corp. (1973). • [Leo98] U. Leonhardt and J. Magee, "Security considerations for a distributed location service", Journal of Network and Systems Management, vol. 6, No 1, 1998, 51-70. LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

  31. References • [Mam03] M. Mamei, F. Zambonelli, V. Allegri, R. Emilia, “Location-based and Content-based Information Access in Mobile Peer-to-Peer Computing: the TOTA Approach”, Third International Workshop on Agents and Peer-to-Peer Computing, (AP2PC 2004), New York City, USA. July 19-20, 2004, Columbia University. • [Mac04] N. Machalakis, “Location Aware Access Control for Pervasive Computing”, MIT, Cambridge MA, February 2003 • [Ruz76] M. H. Harrison, W. L. Ruzzo, “Protection in Operating Systems”, Communications of the ACM; (August, 1976), 19(8). • [San96] R. Sandhu, E. Coyne, H. Feinstein, C. Youman "Role-Based Access Control models", IEEE Computer , 29(2):38-47, February 1996. • [Sas03] N. Sastry, U. Shankar, D. Wagner, "Secure verification of location claims", in proceedings of the 2003 ACM workshop on Wireless security WiSE’03, San Diego, CA. September 19, 2003. • [San94] R. Sandhu, P. Samarati, “Access Control: Principles and Practice”, IEEE Communications Magazine (1994, 40-48). LBAC MODELS : A GENERALIZED ARCHITECTURE by Alvaro E. Escobar

More Related