This is a paper presentation held by Dr. Yiannis Verginadis at the 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD'15) in Limassol, Cyprus.
A Survey on Context Security Policies in the Cloud
1. A Survey on Context Security Policies in the
Cloud
Yiannis Verginadis, Gregoris Mentzas, Simeon Veloudis,
Iraklis Paraskakis
1st International Workshop on Cloud Security and Data
Privacy by Design (CloudSPD'15) Limassol, Cyprus,
December 10, 2015
2. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
Introduction
Security-related context
Related work on policy modeling
PaaSword context-aware policy model
Conclusions
3. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
What is Context?
“Any information that can be
used to characterize the
situation of an entity. An entity is
a person, place, or object that is
considered relevant to the
interaction between a user and
an application, including the
user and applications
themselves” (Abowd, et al.,
1999; Dey, 2001)
3
4. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
What is Context-Aware Security?
“Context-aware security is the use of supplemental information to
improve security decisions at the time they are made, resulting in
more accurate security decisions capable of supporting dynamic
business and IT environments” (Gartner)
4
5. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
The Adoption of Cloud Computing
Many users have started relying on cloud services without realizing it
Many companies have remained cautious due to security concerns
Applications and storage volumes often reside next to potentially hostile
virtual environments, leaving sensitive information at risk to theft,
unauthorized exposure or malicious manipulation
Governmental regulation presents an additional concern of significant
legal and financial consequences if data confidentiality is breached
Focused interest Experimentation Near ubiquitous use
CloudAdoption
6. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Security Challenges in the Cloud
Top four threats identified (CSA, 2013) are:
data leakage
data loss
account hijacking
insecure APIs
The OWASP foundation has categorized the database-related
attacks as the most critical ones
These attacks were responsible for 83% of the total records stolen
The most critical part of a
modern cloud application is the
data persistency layer and the
database itself
7. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
Introduction
Security-related context
Related work on policy modeling
PaaSword context-aware policy model
Conclusions
8. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Related Work
Commonly used access control models (Ferrari 2010) are:
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role-Based Access Control (RBAC)
The Attribute Based Access Control (ABAC)
9. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
MAC and DAC Related Approaches
Solutions that are based on MAC access control they
involve rigid and static methods (Jürjens, 2001)
DAC models rely on access control matrices
rows and columns correspond to subjects and objects
respectively
their intersection points correspond to a set of allowed access
operations
Access control lists (ACL)
the controls are discretionary
10. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Role-Based Access Control (RBAC)
Role
a grouping mechanism for categorizing individual users (called subjects) based
on various properties (e.g. job title, user functions, responsibilities etc.).
Each subject has a role set, which consists of all the roles
that the subject has been authorized to use.
It lacks support for expressing access control conditions that refer to
the state of a system
e.g. the state of a protected resource, parameter values, date or time
11. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Role-Based Access Control (RBAC)
Extensions included
Organization Role Base Access Control (ORBAC)
authorization is given to users depending on their role in an organization in a
given context
(Boustia & Mokhtari, 2008)
Generalized RBAC (GRBAC)
incorporates the concept of environment roles (Convington et al., 2001)
Shortcomings
proposes a domain specific environment role hierarchy, not easily extensible and manageable
in heterogeneous domains
it doesn’t support the fine-grained modelling of different data objects
Context-aware access control (CAAC)
Shortcomings
incorporate only specific types of contexts (Chandran & Joshi, 2005)
lack of fine-grained data access control (Zhang & Parashar, 2004)
inefficient inferring of context (Kayes et al., 2013)
12. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
ABAC Related Approaches
Authorization to perform operations is determined by
evaluating attributes associated with the subject, object,
requested operations, and environment conditions
Key difference
It can express a complex Boolean rule set that can evaluate
many different attributes
e.g. OASIS eXtensible Access Control Markup Language (XACML)
declarative access control policies encouraging the separation of the access
decision from the point of use
Location-aware access control (LAAC)
No support of additional pertinent contextual information (Cleeff et
al.,2010)
OWL-based inefficient inferring of context
Onto-ACM (Choi et al., 2014), CONON (Wang et al., 2004), (Costabello et
al., 2012)
13. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
Introduction
Security-related context
Related work on policy modeling
PaaSword context-aware policy model
Conclusions
14. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Policy Modeling
Provide a set of unambiguous rules
which are interpreted by enforcement mechanisms and which
constrain the behaviour of the entities.
There is lack of proper separation of concerns (Kourtesis
and Paraskakis, 2012)
The policy definition and policy enforcement are entangled in the
implementation of a single software component, leading to the
lack of
portability
explicit representation of policy relationships
15. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Policy Modeling
Syntactic Policy Description
promotes a declarative approach to policy expression,
where access rules are encoded imperatively, as part of the same
software that checks for their compliance.
RuleML, XACML, WS-Trust
fail to capture the knowledge lurking behind policies
any interoperability relies on the use of vocabularies that are shared
among all parties involved in an interaction.
leads to ad-hoc reasoning about policy compliance
limits the reusability and portability of policies
precludes the identification of inter-policy relations
limits the ability to perform policy governance
16. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Policy Modeling
Semantically-rich Policy Description
employs ontologies in order to assign meaning to actors, actions
and resources
ability to reason about policy compliance generically
identification of inter-policy relations such as inconsistent policies, and
overlapping policies
portability, visibility, and reusability of policies
facilitates policy governance
KAoS [Uszok et al., 2004], Rei [Kagal et al., 2003], [Hu et al.,
2011]
17. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
Introduction
Security-related context
Related work on policy modeling
PaaSword context-aware policy model
Conclusions
18. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Context-aware Security Model
A model for semantically describing associations
between types of access depending on the data objects
and circumstances under which this access should be
allowed
These circumstances are determined based on contextual
information
This model will constitute the background knowledge for
the DAO Annotations
It will involve lightweight semantics for allowing efficient
inferencing
It comprises of two dimensions related to
dynamic security controls
static security controls
19. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Context-aware Security Model
SMM: Security model management
DLM: Design-Time Library Management
AF: Annotation-formation
DAO: Data access object
SPM: Security Policies Management
21. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
Introduction
Data Security Challenges in the Cloud
PaaSword Framework
Conclusions
22. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Conclusions & Next Steps
Future work involves the development of appropriate Context and
Policy models editors
Implementation and validation of the proposed framework in 5
pilots:
Encrypted persistency as a service in a PaaS provider
Intergovernmental secure document and personal data exchange
Secure sensors data fusion and analytics
Protection of personal data in a multi-tenant CRM
Protection of sensible enterprise information in multi-tenant ERP
23. Thank you for listening!
Acknowledgements:
This work is related to the PaaSword project and
has received funding from the European Union’s
Horizon 2020 research and innovation
programme under grant agreement No 644814