govcert2011 - context-enhanced authorization
DESCRIPTION
Context-enhanced Authorization overview for GOVCERT.NL symposium in Rotterdam.TRANSCRIPT
Context-enhanced Authorization GOVCERT symposium16 november 2011
Martijn Oostdijk
Authorization & Context?Problem:
• Authorization important
• Authorization not
dynamic enough
Context-enhanced Authorization2
Solution• Context• ABAC
Drivers:• GRC• Insider
fraud• Nomadic
working (“HNW”)
Drivers:
• Mobile
• Cloud
(Attribute BasedAccess Control)
Context-enhanced Authz
• Research project within SII TOP programme• Goal: assess feasibility of context-enhanced
authorization w/ focus on employees• Method: through desktop research, use cases,
and a demonstrator• Novay, together with a big Dutch bank, and
IBM
Context-enhanced Authorization3
Context
Context-enhanced Authorization4
Context
Context-enhanced Authorization5
Solution• Context• ABAC
For example:
- Time of day
- Location (Geo IP, office network)
- Location (GPS)
- Proximity
- Device (PC vs mobile, BYOD)
- Relation to other users (social?)
- Authentication level
- …
Environment
- weather-air pollution
Activities
- working- travelling- meeting- sleeping
Social
- people nearby- behaviour
- friends- Twitter activities
Location
- long/lat- proximity
- country/city- @home/@work
Network
- IP-address- VPN- LAN
- WiFi or 3G
Mental
- happy- scared
- sad- stressed
Physiological
- heart rate- skin
- voice
Device
- type- ownership
(BYO) - OS and apps-patch status
Time
-office hours- lunch time
- between points in time
Context-enhanced Authorization7
Domain Type Source1. Environment Weather Buienradar
Air polution Weeronline.nl
2. Physiological Heart rate ECG sensor
3. Social People nearby Bluetooth, Google Lattitude, Outlook Calendar
SN Friends LinkedIn, Facebook
Activity Twitter
4. Location Long/Lat GPS, GSM Cell-Id
City GPS, Geo-IP
Proximity Bluetooth, RFID/NFC
Context-enhanced Authorization8
Domain Type Source5. Time Office hours System time
Lunch time Outlook Calendar
6. Mental Happy/sad Sound sensor
Scared Galvanic skin responses
Stressed
7. Network VPN or localnet Network access gateway
Wireless or Wired IP address
8. Device Type Device mngmt system
Ownership Device mngmt system
Context-enhanced Authorization9
Domain Type Source9. Activity Travelling GPS, accelerometer
Meeting Calendar, Proximity sources
Sleeping Heart sensor, ECG, sound
Some observations:• Inter-dependencies between domains/types• Some inference is needed in some types• Most domains/types can benefit from multiple measurements
over time• What characteristics determine which domains / types /
sources are most suitable in a given scenario?
Authorization
Context-enhanced Authorization10
Authorization 101
• Authentication: who is this user?• Authorization: is this user supposed to be doing that?
Context-enhanced Authorization11
Subject ObjectAction
Permit or Deny
RBACMAC
DAC
Bell-LapadulaMulti-Level
ACLABAC
Attribute BasedAccess Control
AP
App
ABAC
Context-enhanced Authorization12
Solution• Context• ABAC
Defacto standard:
XACML 2.0
PDP Policies
PEP
PAPPIP
App PEP
APPolicy Decision PointPolicy Enforcement PointPolicy Information PointPolicy Administration Point
PIP
AP
BankingService
ABAC
Context-enhanced Authorization13
Solution• Context• ABAC
Defacto standard:
XACML 2.0
Policies
PEP
PAPPIP
App PEP
Policy Decision PointPolicy Enforcement PointPolicy Information PointPolicy Administration Point
IBMTSPMPDP
ContextServer
PIP
GUI
GUI
PAP (in TIP)
Context-enhanced Authorization14
Context-enhanced Authorization15
Context-enhanced Authorization16
Context-enhanced Authorization17
Context-enhanced Authorization18
Context – AuthZ levels
• All
• @office, proximity, IT-dept. mngd laptop
• A lot
• @home, proximity, IT-dept. mngd laptop, time in 6.00-23.00
• Some
• @office, user mngd (but registered) iPad, agenda, time in 6.00-
23.00
• IT-dept. mngd laptop, proximity, agenda, time in 6.00-23.00
• A little
• Proximity, registered device
• Nothing
Context-enhanced Authorization19
Use-cases
• Finer grained access to application with “hit-n-run”functionality
• Data loss prevention when traveling
• More flexible authentication
Context-enhanced Authorization20
Challenges
• Adoption in applications• Architectural choices• Authenticity of context• Complexity of policies• Lack of standards for context management• Linking context to user identities• Privacy consequences• Quality of context• Scalability and performance• …
Context-enhanced Authorization21
Authenticity of context
• Can we trust the source?• Depends on the precise scenario• and on technology• and on who controls the source• Some sources are more trustworthy than other
• Just fuse with more context sources?• Multi-factor context, harder to fake for attacker• But also harder to understand
Context-enhanced Authorization22
Authenticity of context
Context-enhanced Authorization23
Con
text
-enh
ance
dAu
thor
izat
ion
Tran
sact
ion
mon
itorin
g
Neededtrust inauthenticityof context
CeA
+ s
tep
upAu
then
ticat
ion
CeA
+ E
xpla
in
CeA vs TM (SIEM, …):
Scalability & performance
Context-enhanced Authorization24
(Preliminary) conclusions
• Using context-information in authz policies
• Some use-cases• Challenges in selecting the right types of
context, in adoptation, in how to deal with quality of context (incl. authenticity)
• Demonstrator under construction, due the next couple of weeks
Context-enhanced Authorization25
Context-enhanced Authorization26