Context-enhanced Authorization GOVCERT symposium16 november 2011

Martijn Oostdijk

Authorization & Context?Problem:

• Authorization important

• Authorization not

dynamic enough

Context-enhanced Authorization2

Solution• Context• ABAC

Drivers:• GRC• Insider

fraud• Nomadic

working (“HNW”)

Drivers:

• Mobile

• Cloud

(Attribute BasedAccess Control)

Context-enhanced Authz

• Research project within SII TOP programme• Goal: assess feasibility of context-enhanced

authorization w/ focus on employees• Method: through desktop research, use cases,

and a demonstrator• Novay, together with a big Dutch bank, and

IBM

Context-enhanced Authorization3

Context

Context-enhanced Authorization4

Context

Context-enhanced Authorization5

Solution• Context• ABAC

For example:

- Time of day

- Location (Geo IP, office network)

- Location (GPS)

- Proximity

- Device (PC vs mobile, BYOD)

- Relation to other users (social?)

- Authentication level

- …

Environment

- weather-air pollution

Activities

- working- travelling- meeting- sleeping

Social

- people nearby- behaviour

- friends- Twitter activities

Location

- long/lat- proximity

- country/city- @home/@work

Network

- IP-address- VPN- LAN

- WiFi or 3G

Mental

- happy- scared

- sad- stressed

Physiological

- heart rate- skin

- voice

Device

- type- ownership

(BYO) - OS and apps-patch status

Time

-office hours- lunch time

- between points in time

Context-enhanced Authorization7

Domain Type Source1. Environment Weather Buienradar

Air polution Weeronline.nl

2. Physiological Heart rate ECG sensor

3. Social People nearby Bluetooth, Google Lattitude, Outlook Calendar

SN Friends LinkedIn, Facebook

Activity Twitter

4. Location Long/Lat GPS, GSM Cell-Id

City GPS, Geo-IP

Proximity Bluetooth, RFID/NFC

Context-enhanced Authorization8

Domain Type Source5. Time Office hours System time

Lunch time Outlook Calendar

6. Mental Happy/sad Sound sensor

Scared Galvanic skin responses

Stressed

7. Network VPN or localnet Network access gateway

Wireless or Wired IP address

8. Device Type Device mngmt system

Ownership Device mngmt system

Context-enhanced Authorization9

Domain Type Source9. Activity Travelling GPS, accelerometer

Meeting Calendar, Proximity sources

Sleeping Heart sensor, ECG, sound

Some observations:• Inter-dependencies between domains/types• Some inference is needed in some types• Most domains/types can benefit from multiple measurements

over time• What characteristics determine which domains / types /

sources are most suitable in a given scenario?

Authorization

Context-enhanced Authorization10

Authorization 101

• Authentication: who is this user?• Authorization: is this user supposed to be doing that?

Context-enhanced Authorization11

Subject ObjectAction

Permit or Deny

RBACMAC

DAC

Bell-LapadulaMulti-Level

ACLABAC

Attribute BasedAccess Control

AP

App

ABAC

Context-enhanced Authorization12

Solution• Context• ABAC

Defacto standard:

XACML 2.0

PDP Policies

PEP

PAPPIP

App PEP

APPolicy Decision PointPolicy Enforcement PointPolicy Information PointPolicy Administration Point

PIP

AP

BankingService

ABAC

Context-enhanced Authorization13

Solution• Context• ABAC

Defacto standard:

XACML 2.0

Policies

PEP

PAPPIP

App PEP

Policy Decision PointPolicy Enforcement PointPolicy Information PointPolicy Administration Point

IBMTSPMPDP

ContextServer

PIP

GUI

GUI

PAP (in TIP)

Context-enhanced Authorization14

Context-enhanced Authorization15

Context-enhanced Authorization16

Context-enhanced Authorization17

Context-enhanced Authorization18

Context – AuthZ levels

• All

• @office, proximity, IT-dept. mngd laptop

• A lot

• @home, proximity, IT-dept. mngd laptop, time in 6.00-23.00

• Some

• @office, user mngd (but registered) iPad, agenda, time in 6.00-

23.00

• IT-dept. mngd laptop, proximity, agenda, time in 6.00-23.00

• A little

• Proximity, registered device

• Nothing

Context-enhanced Authorization19

Use-cases

• Finer grained access to application with “hit-n-run”functionality

• Data loss prevention when traveling

• More flexible authentication

Context-enhanced Authorization20

Challenges

• Adoption in applications• Architectural choices• Authenticity of context• Complexity of policies• Lack of standards for context management• Linking context to user identities• Privacy consequences• Quality of context• Scalability and performance• …

Context-enhanced Authorization21

Authenticity of context

• Can we trust the source?• Depends on the precise scenario• and on technology• and on who controls the source• Some sources are more trustworthy than other

• Just fuse with more context sources?• Multi-factor context, harder to fake for attacker• But also harder to understand

Context-enhanced Authorization22

Authenticity of context

Context-enhanced Authorization23

Con

text

-enh

ance

dAu

thor

izat

ion

Tran

sact

ion

mon

itorin

g

Neededtrust inauthenticityof context

CeA

+ s

tep

upAu

then

ticat

ion

CeA

+ E

xpla

in

CeA vs TM (SIEM, …):

Scalability & performance

Context-enhanced Authorization24

(Preliminary) conclusions

• Using context-information in authz policies

• Some use-cases• Challenges in selecting the right types of

context, in adoptation, in how to deal with quality of context (incl. authenticity)

• Demonstrator under construction, due the next couple of weeks

Context-enhanced Authorization25

Context-enhanced Authorization26