3. centralization authz
+
nomadic working
+
authz for the cloud
+ Context-
extended enterprise enhanced
+
XACML standard
Authorization
+
(insider) attacks Research project with
IBM and Rabobank
+
mobile/context
3
4. Context-enhanced authz
• XACML PoC at a large Dutch bank
• Context = location and more
• DYNAMIC!! Policies
• Usefulness through use cases +
feasibility study through demonstrator
• Scope: employees
4 Context-enhanced Authorization
5. CEA – the movie
• 2:40
5 Context-enhanced Authorization
6. This presentation is NOT:
• Introduction to Attribute based AC
• Introduction to XACML standard
So that there’s more time for:
• Context-enhanced authorization
• Use case + demonstrator
• Lessons learned
6 Context-enhanced Authorization
7. Authorization & Context?
(Attribute Based
PoC
Access Control)
• Use cases
• Demonstrator
7 Context-enhanced Authorization
8. Social
Physiological
Environment
- people nearby
- heart rate
- weather - behaviour
- skin
-air pollution - friends
- voice
- Twitter activities
Location Time Mental
- long/lat -office hours - happy
- proximity - lunch time - scared
- country/city - between points - sad
- @home/@work in time - stressed
Device
Network Activities
- type
- IP-address - working
- ownership
- VPN - travelling
(BYO)
- LAN - meeting
- OS and apps
- WiFi or 3G - sleeping
-patch status
9. Domain Type Source
1. Environment Weather Buienradar
Air polution Weeronline.nl
Security incidents SIEM
2. Physiological Heart rate ECG sensor, Camera
Respiratory rate Camera
Blood pressure BP meter (cuff)
3. Social People nearby Bluetooth, Google
Lattitude, Outlook
Calendar
SN Friends LinkedIn, Facebook
Activity Twitter
4. Location Long/Lat GPS, GSM Cell-Id
City GPS, Geo-IP
Proximity Bluetooth, RFID/NFC
10 Context-enhanced Authorization
10. Domain Type Source
5. Time Office hours System time
Lunch time Outlook Calendar
6. Mental Happy/sad Sound sensor
Scared Galvanic skin
responses
Stressed
7. Network VPN or localnet Network access
gateway
Wireless or Wired IP address
8. Device Type Device mngmt system
Ownership Device mngmt system
11 Context-enhanced Authorization
11. Domain Type Source
9. Activity Travelling GPS, accelerometer
Meeting Calendar, Proximity
sources
Sleeping Heart sensor, ECG,
sound
Some observations:
• Inter-dependencies between domains/types
• Some inference is needed in some types
• Most domains/types can benefit from multiple measurements
over time
• What characteristics determine which domains / types /
sources are most suitable in a given scenario?
12 Context-enhanced Authorization
12. Use-cases – a high level …
• Finer grained access to application
with “hit-n-run” functionality
• Data loss prevention when traveling
• More flexible authentication
Simple context sources
13 Context-enhanced Authorization
13. Demonstrator
Proximity
dongle User Application
NFC reader
Context client
Google
Latitude
Policies
Outlook Policy
Engine
Google
Calendar Policies incl.
context variables
Context
Device Mgmt server
14 Context-enhanced Authorization
20. Context
• Location, location, location
• Stuff derived from location
• Type of device (BYOD, enterprise mobility etc.)
• Type of network (VPN/local, AP, browser, OS)
• Time-of-day
• And, of course, normal usage patterns
• Please note: context is just another attribute for
XACML, but then dynamic
23 Context-enhanced Authorization
21. Authenticity of context
• Can we trust the source? Trust me!
• Depends on the precise scenario
• and on technology
• and on who controls the source
• Some sources are more trustworthy than other
• Why not just fuse with more context sources?
• Multi-factor context, harder to fake for attacker
• But also harder to understand and base policies on
• How to react to incidents?
24 Context-enhanced Authorization
22. Authenticity of context
CeA vs TM (SIEM, …):
Needed
trust in
authenticity
of context
25 Context-enhanced Authorization
23. Quality of context
• Sources might provide incorrect data (with
certain probability)
• Sources have limited accuracy (resolution,
precision, granularity)
• Sources deliver data with certain delay
• Data will have a temporal relevancy
• Some sensors require user to carry (and not
forget) mobile device
…
26 Context-enhanced Authorization
24. Adoption in applications
• XACML-izing applications
• SOA oriented applications easy
• Making apps ready for externalization of authz
• (Stable versions of) XACML have
been around since before 2006
• “Move to cloud” as driver?
• Alternatives: provision authz attributes,
proprietary authorization APIs
27 Context-enhanced Authorization
25. Privacy consequences
• Acceptance
• Trade-off between privacy and usability (or
security?)
• Measure only relevant context
• Relevant for (what?) purpose
• Degrade information (latency, accuracy)
• User control (and transparancy), sensors are
in mobile
• Assumes (some) trust in CM system
28 Context-enhanced Authorization
26. Complexity of policies
• Policies with many different
context variables
• Express policies with respect to “raw” context
(e.g. long/lat) versus more abstract notions
(e.g. @home, @work)
29 Context-enhanced Authorization
28. Key take-aways
Yes it’s useful, yes it’s feasible
Context is mostly location, KIS
But w.r.t. context:
authenticity, quality & privacy
But w.r.t. dyn attributes / XACML:
complexity of policies & scalability
29. More Information
http://www.novay.nl/digital-identity
martijn.oostdijk@novay.nl
http://linkedin.com/in/martijno
This presentation was supported by the Dutch national
program COMMIT (project P7 SWELL)
32 Context-enhanced Authorization