SlideShare une entreprise Scribd logo

Semantic technologies for attribute based access: measurable security for the Internet of People, Things and Services

Josef Noll
Josef Noll

This presentation provides an intro into the need for "measurable security" when envisioning an Internet for each of us ("People"), powered by sensors and devices ("Things"), and providing Services tailored to your needs. It handles the challenge of information security, postulating that different applications need different security mechanisms: "To inform somebody about a train arrival time" requires less security than "controlling an industrial plant by automated processes, based on input from sensors".

Technologie
1  sur  35
Télécharger pour lire hors ligne
Center for Wireless Innovation Norway cwin.no CWINorway ISO 15926 and Semantic Technologies Sogndal, 5.-6.Sep2013 Attribute based access to industrial life-cycle data, the semantic dimension Josef Noll, Martin Follestad, Zahid Iqbal fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Outline l Industrial Lifecycle – Planning, Execution, Extension – Information analysis & information flow control l Security for industrial products l Measurable security – Application in the IoT – Access, Authentication,... for People, Things And Services (IoPTS) l Semantic Approach – Ontologies for security, system, component functionality – Metrics based assessment – Semantic attribute based access l Attribute-based access – context-aware security - for people, things and services l Experiences and Conclusions 2 fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Industrial Lifecycle l Planning – based on “hidden knowledge” l Execution – ongoing control of inventory l Extension – Information analysis – Information flow control l Semantic Approach – who has access? – Identity/Roles 3 Service provider Trust fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Security for industrial products l Designed for an application in mind – security considerations? l Novel application area – Used “somewhere else” l New attack scenario – Increased customer demands – New regulations l Retro-fit versus New Sensors – existing infrastructure – “remote operation” 4 [source: Living on purpose, telus.net] fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle The Semantic Dimension of the Internet of Things (IoT) 5 Source: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi: 10.1016/ j.comnet.2010.05.010 Text * security * privacy * dependability - context - content * personalised fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Information “truth” l Measurable Security l Retro-fit versus Cognitive Computing l Information handling 6 [source: Christopher Conradi, IBM] fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle IoT application in Oil and Gas 7 “License to share”? - 0/1 - true/false fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Measurable Security l Insecure <-> Secure – IETF better-than-nothing-security (btns) l Information distribution along 0/1 (false/true)? – “someone has stolen my identity” -> access granted – behaviour monitoring – change in partners/companies/hierarchies l Data integration and weighting – integration of heterogeneous data: seismic, drilling, transportation – used across systems, disciplines, and organisations l Automated processes – who contributes – value and impact of contribution – reasoning 8 fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Security areas in IoPTS 9 connection monitoring security control Abstraction and Virtualization fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Security areas in IoPTS 9 connection monitoring security control Abstraction and Virtualization fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Security challenges l heterogeneous infrastructures – sensors, devices – networks, cloud – services, app stores l BYOD - bring your own device ➡ you can’t control ➡ concentrate on the core values l Internet of People, Things and Service (IoPTS) – content aware: value to alarm – context aware: who has access - “we are not all friends” – attributes for security assessment ➡ Measure your values 10 fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Attribute-based protection l Demand – autonomy – context-/content- aware l Adaptation – business environment – trust relation(?) l Security, privacy – protect your core values – attribute-based access – monitor attack 11 core values attack security layers core values core values core values fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Sensor Network Architecture l Semantic dimension – Application – Services – Security, QoS, – Policies – mapping l System – sensor networks – gateway – base station 12 Source: Compton et al., A survey of semantic specification of sensors, 2009 fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Security assessment: Traditional approach 13 [source: http://securityontology.sba-research.org/] Vulnerability Threat Asset/ System Security attribute Control Organisation Control type Severity scale fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle The nSHIELD approach l JU Artemis nSHIELD project l focus on “measurable security” for embedded systems Core concept l Threat analysis l Goal definition l Semantic security description l Semantic system description l Security composability 14 Environment and threat analysis Security assessment Metrics Implementation Security Definition ontologies Overlay for security composability http://newSHIELD.eu fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle newSHIELD.eu approach l Security, here – security (S) – privacy (P) – dependability (D) l across the value chain – from sensors to services l measurable security 15 Intelligence Overlay Sensors, Embedded Systems Network Cloud services Is made by Could be can be composed System Components and functionalities SPD Components, SPD functionalities fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Limitations of the traditional approach l Scalability – Threats – System – Vulnerability l System of Systems – sensors – gateway – middleware – business processes 16 Vulnerability Threat Asset/ System Security attribute Control Organisation Control type Severity scale fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Limitations of the traditional approach l Scalability – Threats – System – Vulnerability l System of Systems – sensors – gateway – middleware – business processes 16 Vulnerability Threat Asset/ System Security attribute Control Organisation Control type Severity scale Recommendation: fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Limitations of the traditional approach l Scalability – Threats – System – Vulnerability l System of Systems – sensors – gateway – middleware – business processes 16 Vulnerability Threat Asset/ System Security attribute Control Organisation Control type Severity scale One ontology per aspect: - security - system - threats ... Recommendation: fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Security description 17 Security attributes availability confidentiality integrity safety reliability maintainability System components memory sensor network connection ... ... Security functionality authentication identity encryption error control ... fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Security description 17 Security attributes availability confidentiality integrity safety reliability maintainability System components memory sensor network connection ... ... Security functionality authentication identity encryption error control ... Recommendation: One ontology per aspect fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Goal description l Specific parameters for each application? – availability = 0.8 – confidentiality = 0.7 – reliability = 0.5 – ... l more specific l easier to understand(?) 18 l Common approach? – SPD = level 4 l universal approach – code “red” l based on application specific goal, e.g. high reliability this way? that way? fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Goal description l Specific parameters for each application? – availability = 0.8 – confidentiality = 0.7 – reliability = 0.5 – ... l more specific l easier to understand(?) 18 l Common approach? – SPD = level 4 l universal approach – code “red” l based on application specific goal, e.g. high reliability this way? that way? Open Issue - way on how to describe the security goal fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Base of knowledge Threat description through Metrics Factors to be considered •Elapsed Time •Expertise •Knowledge of functionality •Window of opportunity •Equipmentwith Essential to build Factor Value Elapsed Time <= one day 0 <= one week 1 <= one month 4 <= two months 7 <= three months 10 <= four months 13 <= five months 15 <= six months 17 > six months 19 Expertise Layman 0 Proficient 3*(1) Expert 6 Multiple experts 8 Knowledge of functionality Public 0 Restricted 3 Sensitive 7 Critical 11 Window of Unnecessary / unlimited access 0 Easy 1 Moderate 4 Difficult 10 Unfeasible 25**(2) Equipment Standard 0 Specialised 4(3) Bespoke 7 Multiple bespoke 9 where 19 System Functio nality SPD system Attack scenarios SPD level SPD attributes SPD threats Calculated attack potential Minimum attack potential value to exploit a vulnerability = SPD value SPD = security, privacy, dependability fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle From security assessment to Attribute-based access l Security assessment of the Internet of Things – Apply SHIELD methodology for SecPrivDep (SPD) – Describe functionalities in terms of security (ontologies) – Assess threats through Metrics – achieve a mean for SPD l Access to information – who, – what kind of information – from where l Attribute-based access – role (in project, company) – device, network – security tokens 20 fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Semantic attribute based (S-ABAC) l Access to information – Sensor, Person, Service l Attributes – roles – type of access – device – reputation – behaviour – ... 21 Oil and Gas knowledge drilling production transport market request price calculation fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Semantic attribute based (S-ABAC) l Access to information – Sensor, Person, Service l Attributes – roles – type of access – device – reputation – behaviour – ... 21 Oil and Gas knowledge drilling production transport market request price calculation finance fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Semantic attribute based (S-ABAC) l Access to information – Sensor, Person, Service l Attributes – roles – type of access – device – reputation – behaviour – ... 21 Oil and Gas knowledge drilling production transport market request price calculation finance production fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Bringing attributes to IoPTS 22 connection monitoring security control Abstraction and Virtualization l Ontology-representation of access l needs: “SPD access = 0.7” l based on attributes fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Example - Smart Energy Grid l who has control to what? 23 fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle ODATA - based ABAC l ODATA, – released Feb2009 – Entity Data Model (EDM) – Common Schema Definition Language (CSDL) – Entity Framework to infer the conceptual model – Query language LINQ – is a query language l Used by: StackOverflow, eBay, TechEd, Netflix,... l Microsoft’s approach for interworking 24 fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle S-ABAC based access l OWL & SWRL implementation l Rules inferring security tokens 25 canOwn(?person,?attributes) ∩ withHold(?token,?attributes) ∩ (Person(?person) -> SecurityTokenIssueTo(?token, ?person) fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Application - Smart-grid 26 l Access criteria – Security token – role – context l Policies – service requirements – service tokens – user tokens fredag 6. september 13
Sep 2013, Josef NollSecurity in Industrial LifeCycle Conclusions & Recommendations l Recommendations – one ontology per aspects – semantic attribute based access control l Open Issues – description of security goals – metrics description of threat – sensor description l Require “logic” in purchase process 27 Security functionality authentication identity encryption error control ... availability = 0.8, confidentiality=0.9, integrity=0.6 universal threat metrics? SenML SensorML Semantic Sensor Network (SSN) fredag 6. september 13
CWI May 2012, Josef Noll My special thanks to • JU Artemis and the Research Councils of the participating countries (IT, HE, PT, SL, NO, ES) • Andrea Fiaschetti for the semantic middleware and ideas • Inaki Eguia Elejabarrieta,Andrea Morgagni, Francesco Flammini, Renato Baldelli, Vincenzo Suraci for the Metrices • Przemyslaw Osocha for running the pSHIELD project • Cecilia Coveri (SelexElsag) for running the nSHIELD project • Sarfraz Alam (UNIK) and Geir Harald Ingvaldsen (JBV) for the train demo • Zahid Iqbal and Mushfiq Chowdhury for the semantics • Hans Christian Haugli and Juan Carlos Lopez Calvet for the Shepherd ® interfaces • and all those I have forgotten to mention 28 fredag 6. september 13

Recommandé

deceptionGUARD by GrayMatter
deceptionGUARD by GrayMatterdeceptionGUARD by GrayMatter
deceptionGUARD by GrayMatterGrayMatter
 
Free Internet Information Access - Activities and Pilots for the Human Right ...
Free Internet Information Access - Activities and Pilots for the Human Right ...Free Internet Information Access - Activities and Pilots for the Human Right ...
Free Internet Information Access - Activities and Pilots for the Human Right ...Josef Noll
 
Measurable Security in Mobile Systems
Measurable Security in Mobile SystemsMeasurable Security in Mobile Systems
Measurable Security in Mobile SystemsJosef Noll
 
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...Managing Role Explosion with Attribute-based Access Control - Webinar Series ...
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...NextLabs, Inc.
 
Generalized attribute centric access control
Generalized attribute centric access controlGeneralized attribute centric access control
Generalized attribute centric access controlarj_presenter
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Kingsley Uyi Idehen
 
Abac and the evolution of access control
Abac and the evolution of access controlAbac and the evolution of access control
Abac and the evolution of access controlAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access ControlChandra Sharma
 

Recommandé

deceptionGUARD by GrayMatter
deceptionGUARD by GrayMatterdeceptionGUARD by GrayMatter
deceptionGUARD by GrayMatterGrayMatter
 
Free Internet Information Access - Activities and Pilots for the Human Right ...
Free Internet Information Access - Activities and Pilots for the Human Right ...Free Internet Information Access - Activities and Pilots for the Human Right ...
Free Internet Information Access - Activities and Pilots for the Human Right ...Josef Noll
 
Measurable Security in Mobile Systems
Measurable Security in Mobile SystemsMeasurable Security in Mobile Systems
Measurable Security in Mobile SystemsJosef Noll
 
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...Managing Role Explosion with Attribute-based Access Control - Webinar Series ...
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...NextLabs, Inc.
 
Generalized attribute centric access control
Generalized attribute centric access controlGeneralized attribute centric access control
Generalized attribute centric access controlarj_presenter
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Kingsley Uyi Idehen
 
Abac and the evolution of access control
Abac and the evolution of access controlAbac and the evolution of access control
Abac and the evolution of access controlAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access ControlChandra Sharma
 
Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Community Protection Forum
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016Elsa Prieto
 
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...Mighty Guides, Inc.
 
Implications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricImplications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricMark Underwood
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
TAROT2013 Testing School - Antonia Bertolino presentation
TAROT2013 Testing School - Antonia Bertolino presentationTAROT2013 Testing School - Antonia Bertolino presentation
TAROT2013 Testing School - Antonia Bertolino presentationHenry Muccini
 
Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...Achim D. Brucker
 
Ci31560566
Ci31560566Ci31560566
Ci31560566IJERA Editor
 
Cloud ERP Security: Guidelines for evaluation
Cloud ERP Security: Guidelines for evaluationCloud ERP Security: Guidelines for evaluation
Cloud ERP Security: Guidelines for evaluationNazli Sahin
 
Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Daniel L. Cruz
 
Efficient Solutions For The Automotive & Parts Supplier Industries
Efficient Solutions For The Automotive & Parts Supplier IndustriesEfficient Solutions For The Automotive & Parts Supplier Industries
Efficient Solutions For The Automotive & Parts Supplier IndustriesThorne & Derrick UK
 
CaselliM_CV
CaselliM_CVCaselliM_CV
CaselliM_CVMarco Caselli
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
 
Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016OMNETRIC
 
Demystifying Industrial Security
Demystifying Industrial SecurityDemystifying Industrial Security
Demystifying Industrial Securityteam-WIBU
 
Segurity Empower Business
Segurity Empower BusinessSegurity Empower Business
Segurity Empower BusinessNextel S.A.
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocRene Aguero
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxSigfox
 
Masterthesis/Masteroppgaver at UNIK
Masterthesis/Masteroppgaver at UNIKMasterthesis/Masteroppgaver at UNIK
Masterthesis/Masteroppgaver at UNIKJosef Noll
 
Security, Privacy and Dependability in Mobile Networks
Security, Privacy and Dependability in Mobile NetworksSecurity, Privacy and Dependability in Mobile Networks
Security, Privacy and Dependability in Mobile NetworksJosef Noll
 

Contenu connexe

Similaire à Semantic technologies for attribute based access: measurable security for the Internet of People, Things and Services

Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Community Protection Forum
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016Elsa Prieto
 
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...Mighty Guides, Inc.
 
Implications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricImplications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricMark Underwood
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
TAROT2013 Testing School - Antonia Bertolino presentation
TAROT2013 Testing School - Antonia Bertolino presentationTAROT2013 Testing School - Antonia Bertolino presentation
TAROT2013 Testing School - Antonia Bertolino presentationHenry Muccini
 
Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...Achim D. Brucker
 
Cloud ERP Security: Guidelines for evaluation
Cloud ERP Security: Guidelines for evaluationCloud ERP Security: Guidelines for evaluation
Cloud ERP Security: Guidelines for evaluationNazli Sahin
 
Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Daniel L. Cruz
 
Efficient Solutions For The Automotive & Parts Supplier Industries
Efficient Solutions For The Automotive & Parts Supplier IndustriesEfficient Solutions For The Automotive & Parts Supplier Industries
Efficient Solutions For The Automotive & Parts Supplier IndustriesThorne & Derrick UK
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
 
Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016OMNETRIC
 
Demystifying Industrial Security
Demystifying Industrial SecurityDemystifying Industrial Security
Demystifying Industrial Securityteam-WIBU
 
Segurity Empower Business
Segurity Empower BusinessSegurity Empower Business
Segurity Empower BusinessNextel S.A.
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocRene Aguero
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxSigfox
 

Similaire à Semantic technologies for attribute based access: measurable security for the Internet of People, Things and Services (20)

Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016
 
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
 
Implications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricImplications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy Fabric
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your Organization
 
TAROT2013 Testing School - Antonia Bertolino presentation
TAROT2013 Testing School - Antonia Bertolino presentationTAROT2013 Testing School - Antonia Bertolino presentation
TAROT2013 Testing School - Antonia Bertolino presentation
 
Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...
 
Ci31560566
Ci31560566Ci31560566
Ci31560566
 
Cloud ERP Security: Guidelines for evaluation
Cloud ERP Security: Guidelines for evaluationCloud ERP Security: Guidelines for evaluation
Cloud ERP Security: Guidelines for evaluation
 
Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!
 
Efficient Solutions For The Automotive & Parts Supplier Industries
Efficient Solutions For The Automotive & Parts Supplier IndustriesEfficient Solutions For The Automotive & Parts Supplier Industries
Efficient Solutions For The Automotive & Parts Supplier Industries
 
CaselliM_CV
CaselliM_CVCaselliM_CV
CaselliM_CV
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 
Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016
 
Demystifying Industrial Security
Demystifying Industrial SecurityDemystifying Industrial Security
Demystifying Industrial Security
 
Segurity Empower Business
Segurity Empower BusinessSegurity Empower Business
Segurity Empower Business
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - Sigfox
 

Plus de Josef Noll

Masterthesis/Masteroppgaver at UNIK
Masterthesis/Masteroppgaver at UNIKMasterthesis/Masteroppgaver at UNIK
Masterthesis/Masteroppgaver at UNIKJosef Noll
 
Security, Privacy and Dependability in Mobile Networks
Security, Privacy and Dependability in Mobile NetworksSecurity, Privacy and Dependability in Mobile Networks
Security, Privacy and Dependability in Mobile NetworksJosef Noll
 
Internet of Things in Scandinavia - society and ecosystem for early adaptation
Internet of Things in Scandinavia - society and ecosystem for early adaptationInternet of Things in Scandinavia - society and ecosystem for early adaptation
Internet of Things in Scandinavia - society and ecosystem for early adaptationJosef Noll
 
The Future Network: Users will own the access in a collaborative radio enviro...
The Future Network: Users will own the access in a collaborative radio enviro...The Future Network: Users will own the access in a collaborative radio enviro...
The Future Network: Users will own the access in a collaborative radio enviro...Josef Noll
 
&quot;Potentials and Challenges for Mobile Commerce - a Nordic Perspective
&quot;Potentials and Challenges for Mobile Commerce - a Nordic Perspective&quot;Potentials and Challenges for Mobile Commerce - a Nordic Perspective
&quot;Potentials and Challenges for Mobile Commerce - a Nordic PerspectiveJosef Noll
 
Near field communication and RFID - opening for new business
Near field communication and RFID - opening for new businessNear field communication and RFID - opening for new business
Near field communication and RFID - opening for new businessJosef Noll
 
Towards Global Mobility
Towards Global MobilityTowards Global Mobility
Towards Global MobilityJosef Noll
 
What is Semantic Service provisioning
What is Semantic Service provisioningWhat is Semantic Service provisioning
What is Semantic Service provisioningJosef Noll
 
Semantic Service Creation for Mobile Users
Semantic Service Creation for Mobile UsersSemantic Service Creation for Mobile Users
Semantic Service Creation for Mobile UsersJosef Noll
 
Mobile based authentication and payment
Mobile based authentication and paymentMobile based authentication and payment
Mobile based authentication and paymentJosef Noll
 
Privacy issues in network environments
Privacy issues in network environmentsPrivacy issues in network environments
Privacy issues in network environmentsJosef Noll
 
Introduction to Personalisation
Introduction to PersonalisationIntroduction to Personalisation
Introduction to PersonalisationJosef Noll
 
Who ownes the SIM? a user-centric view on future networks
Who ownes the SIM? a user-centric view on future networksWho ownes the SIM? a user-centric view on future networks
Who ownes the SIM? a user-centric view on future networksJosef Noll
 

Plus de Josef Noll (13)

Masterthesis/Masteroppgaver at UNIK
Masterthesis/Masteroppgaver at UNIKMasterthesis/Masteroppgaver at UNIK
Masterthesis/Masteroppgaver at UNIK
 
Security, Privacy and Dependability in Mobile Networks
Security, Privacy and Dependability in Mobile NetworksSecurity, Privacy and Dependability in Mobile Networks
Security, Privacy and Dependability in Mobile Networks
 
Internet of Things in Scandinavia - society and ecosystem for early adaptation
Internet of Things in Scandinavia - society and ecosystem for early adaptationInternet of Things in Scandinavia - society and ecosystem for early adaptation
Internet of Things in Scandinavia - society and ecosystem for early adaptation
 
The Future Network: Users will own the access in a collaborative radio enviro...
The Future Network: Users will own the access in a collaborative radio enviro...The Future Network: Users will own the access in a collaborative radio enviro...
The Future Network: Users will own the access in a collaborative radio enviro...
 
&quot;Potentials and Challenges for Mobile Commerce - a Nordic Perspective
&quot;Potentials and Challenges for Mobile Commerce - a Nordic Perspective&quot;Potentials and Challenges for Mobile Commerce - a Nordic Perspective
&quot;Potentials and Challenges for Mobile Commerce - a Nordic Perspective
 
Near field communication and RFID - opening for new business
Near field communication and RFID - opening for new businessNear field communication and RFID - opening for new business
Near field communication and RFID - opening for new business
 
Towards Global Mobility
Towards Global MobilityTowards Global Mobility
Towards Global Mobility
 
What is Semantic Service provisioning
What is Semantic Service provisioningWhat is Semantic Service provisioning
What is Semantic Service provisioning
 
Semantic Service Creation for Mobile Users
Semantic Service Creation for Mobile UsersSemantic Service Creation for Mobile Users
Semantic Service Creation for Mobile Users
 
Mobile based authentication and payment
Mobile based authentication and paymentMobile based authentication and payment
Mobile based authentication and payment
 
Privacy issues in network environments
Privacy issues in network environmentsPrivacy issues in network environments
Privacy issues in network environments
 
Introduction to Personalisation
Introduction to PersonalisationIntroduction to Personalisation
Introduction to Personalisation
 
Who ownes the SIM? a user-centric view on future networks
Who ownes the SIM? a user-centric view on future networksWho ownes the SIM? a user-centric view on future networks
Who ownes the SIM? a user-centric view on future networks
 

Dernier

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Dernier (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Semantic technologies for attribute based access: measurable security for the Internet of People, Things and Services

  • 1. Center for Wireless Innovation Norway cwin.no CWINorway ISO 15926 and Semantic Technologies Sogndal, 5.-6.Sep2013 Attribute based access to industrial life-cycle data, the semantic dimension Josef Noll, Martin Follestad, Zahid Iqbal fredag 6. september 13
  • 2. Sep 2013, Josef NollSecurity in Industrial LifeCycle Outline l Industrial Lifecycle – Planning, Execution, Extension – Information analysis & information flow control l Security for industrial products l Measurable security – Application in the IoT – Access, Authentication,... for People, Things And Services (IoPTS) l Semantic Approach – Ontologies for security, system, component functionality – Metrics based assessment – Semantic attribute based access l Attribute-based access – context-aware security - for people, things and services l Experiences and Conclusions 2 fredag 6. september 13
  • 3. Sep 2013, Josef NollSecurity in Industrial LifeCycle Industrial Lifecycle l Planning – based on “hidden knowledge” l Execution – ongoing control of inventory l Extension – Information analysis – Information flow control l Semantic Approach – who has access? – Identity/Roles 3 Service provider Trust fredag 6. september 13
  • 4. Sep 2013, Josef NollSecurity in Industrial LifeCycle Security for industrial products l Designed for an application in mind – security considerations? l Novel application area – Used “somewhere else” l New attack scenario – Increased customer demands – New regulations l Retro-fit versus New Sensors – existing infrastructure – “remote operation” 4 [source: Living on purpose, telus.net] fredag 6. september 13
  • 5. Sep 2013, Josef NollSecurity in Industrial LifeCycle The Semantic Dimension of the Internet of Things (IoT) 5 Source: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi: 10.1016/ j.comnet.2010.05.010 Text * security * privacy * dependability - context - content * personalised fredag 6. september 13
  • 6. Sep 2013, Josef NollSecurity in Industrial LifeCycle Information “truth” l Measurable Security l Retro-fit versus Cognitive Computing l Information handling 6 [source: Christopher Conradi, IBM] fredag 6. september 13
  • 7. Sep 2013, Josef NollSecurity in Industrial LifeCycle IoT application in Oil and Gas 7 “License to share”? - 0/1 - true/false fredag 6. september 13
  • 8. Sep 2013, Josef NollSecurity in Industrial LifeCycle Measurable Security l Insecure <-> Secure – IETF better-than-nothing-security (btns) l Information distribution along 0/1 (false/true)? – “someone has stolen my identity” -> access granted – behaviour monitoring – change in partners/companies/hierarchies l Data integration and weighting – integration of heterogeneous data: seismic, drilling, transportation – used across systems, disciplines, and organisations l Automated processes – who contributes – value and impact of contribution – reasoning 8 fredag 6. september 13
  • 9. Sep 2013, Josef NollSecurity in Industrial LifeCycle Security areas in IoPTS 9 connection monitoring security control Abstraction and Virtualization fredag 6. september 13
  • 10. Sep 2013, Josef NollSecurity in Industrial LifeCycle Security areas in IoPTS 9 connection monitoring security control Abstraction and Virtualization fredag 6. september 13
  • 11. Sep 2013, Josef NollSecurity in Industrial LifeCycle Security challenges l heterogeneous infrastructures – sensors, devices – networks, cloud – services, app stores l BYOD - bring your own device ➡ you can’t control ➡ concentrate on the core values l Internet of People, Things and Service (IoPTS) – content aware: value to alarm – context aware: who has access - “we are not all friends” – attributes for security assessment ➡ Measure your values 10 fredag 6. september 13
  • 12. Sep 2013, Josef NollSecurity in Industrial LifeCycle Attribute-based protection l Demand – autonomy – context-/content- aware l Adaptation – business environment – trust relation(?) l Security, privacy – protect your core values – attribute-based access – monitor attack 11 core values attack security layers core values core values core values fredag 6. september 13
  • 13. Sep 2013, Josef NollSecurity in Industrial LifeCycle Sensor Network Architecture l Semantic dimension – Application – Services – Security, QoS, – Policies – mapping l System – sensor networks – gateway – base station 12 Source: Compton et al., A survey of semantic specification of sensors, 2009 fredag 6. september 13
  • 14. Sep 2013, Josef NollSecurity in Industrial LifeCycle Security assessment: Traditional approach 13 [source: http://securityontology.sba-research.org/] Vulnerability Threat Asset/ System Security attribute Control Organisation Control type Severity scale fredag 6. september 13
  • 15. Sep 2013, Josef NollSecurity in Industrial LifeCycle The nSHIELD approach l JU Artemis nSHIELD project l focus on “measurable security” for embedded systems Core concept l Threat analysis l Goal definition l Semantic security description l Semantic system description l Security composability 14 Environment and threat analysis Security assessment Metrics Implementation Security Definition ontologies Overlay for security composability http://newSHIELD.eu fredag 6. september 13
  • 16. Sep 2013, Josef NollSecurity in Industrial LifeCycle newSHIELD.eu approach l Security, here – security (S) – privacy (P) – dependability (D) l across the value chain – from sensors to services l measurable security 15 Intelligence Overlay Sensors, Embedded Systems Network Cloud services Is made by Could be can be composed System Components and functionalities SPD Components, SPD functionalities fredag 6. september 13
  • 17. Sep 2013, Josef NollSecurity in Industrial LifeCycle Limitations of the traditional approach l Scalability – Threats – System – Vulnerability l System of Systems – sensors – gateway – middleware – business processes 16 Vulnerability Threat Asset/ System Security attribute Control Organisation Control type Severity scale fredag 6. september 13
  • 18. Sep 2013, Josef NollSecurity in Industrial LifeCycle Limitations of the traditional approach l Scalability – Threats – System – Vulnerability l System of Systems – sensors – gateway – middleware – business processes 16 Vulnerability Threat Asset/ System Security attribute Control Organisation Control type Severity scale Recommendation: fredag 6. september 13
  • 19. Sep 2013, Josef NollSecurity in Industrial LifeCycle Limitations of the traditional approach l Scalability – Threats – System – Vulnerability l System of Systems – sensors – gateway – middleware – business processes 16 Vulnerability Threat Asset/ System Security attribute Control Organisation Control type Severity scale One ontology per aspect: - security - system - threats ... Recommendation: fredag 6. september 13
  • 20. Sep 2013, Josef NollSecurity in Industrial LifeCycle Security description 17 Security attributes availability confidentiality integrity safety reliability maintainability System components memory sensor network connection ... ... Security functionality authentication identity encryption error control ... fredag 6. september 13
  • 21. Sep 2013, Josef NollSecurity in Industrial LifeCycle Security description 17 Security attributes availability confidentiality integrity safety reliability maintainability System components memory sensor network connection ... ... Security functionality authentication identity encryption error control ... Recommendation: One ontology per aspect fredag 6. september 13
  • 22. Sep 2013, Josef NollSecurity in Industrial LifeCycle Goal description l Specific parameters for each application? – availability = 0.8 – confidentiality = 0.7 – reliability = 0.5 – ... l more specific l easier to understand(?) 18 l Common approach? – SPD = level 4 l universal approach – code “red” l based on application specific goal, e.g. high reliability this way? that way? fredag 6. september 13
  • 23. Sep 2013, Josef NollSecurity in Industrial LifeCycle Goal description l Specific parameters for each application? – availability = 0.8 – confidentiality = 0.7 – reliability = 0.5 – ... l more specific l easier to understand(?) 18 l Common approach? – SPD = level 4 l universal approach – code “red” l based on application specific goal, e.g. high reliability this way? that way? Open Issue - way on how to describe the security goal fredag 6. september 13
  • 24. Sep 2013, Josef NollSecurity in Industrial LifeCycle Base of knowledge Threat description through Metrics Factors to be considered •Elapsed Time •Expertise •Knowledge of functionality •Window of opportunity •Equipmentwith Essential to build Factor Value Elapsed Time <= one day 0 <= one week 1 <= one month 4 <= two months 7 <= three months 10 <= four months 13 <= five months 15 <= six months 17 > six months 19 Expertise Layman 0 Proficient 3*(1) Expert 6 Multiple experts 8 Knowledge of functionality Public 0 Restricted 3 Sensitive 7 Critical 11 Window of Unnecessary / unlimited access 0 Easy 1 Moderate 4 Difficult 10 Unfeasible 25**(2) Equipment Standard 0 Specialised 4(3) Bespoke 7 Multiple bespoke 9 where 19 System Functio nality SPD system Attack scenarios SPD level SPD attributes SPD threats Calculated attack potential Minimum attack potential value to exploit a vulnerability = SPD value SPD = security, privacy, dependability fredag 6. september 13
  • 25. Sep 2013, Josef NollSecurity in Industrial LifeCycle From security assessment to Attribute-based access l Security assessment of the Internet of Things – Apply SHIELD methodology for SecPrivDep (SPD) – Describe functionalities in terms of security (ontologies) – Assess threats through Metrics – achieve a mean for SPD l Access to information – who, – what kind of information – from where l Attribute-based access – role (in project, company) – device, network – security tokens 20 fredag 6. september 13
  • 26. Sep 2013, Josef NollSecurity in Industrial LifeCycle Semantic attribute based (S-ABAC) l Access to information – Sensor, Person, Service l Attributes – roles – type of access – device – reputation – behaviour – ... 21 Oil and Gas knowledge drilling production transport market request price calculation fredag 6. september 13
  • 27. Sep 2013, Josef NollSecurity in Industrial LifeCycle Semantic attribute based (S-ABAC) l Access to information – Sensor, Person, Service l Attributes – roles – type of access – device – reputation – behaviour – ... 21 Oil and Gas knowledge drilling production transport market request price calculation finance fredag 6. september 13
  • 28. Sep 2013, Josef NollSecurity in Industrial LifeCycle Semantic attribute based (S-ABAC) l Access to information – Sensor, Person, Service l Attributes – roles – type of access – device – reputation – behaviour – ... 21 Oil and Gas knowledge drilling production transport market request price calculation finance production fredag 6. september 13
  • 29. Sep 2013, Josef NollSecurity in Industrial LifeCycle Bringing attributes to IoPTS 22 connection monitoring security control Abstraction and Virtualization l Ontology-representation of access l needs: “SPD access = 0.7” l based on attributes fredag 6. september 13
  • 30. Sep 2013, Josef NollSecurity in Industrial LifeCycle Example - Smart Energy Grid l who has control to what? 23 fredag 6. september 13
  • 31. Sep 2013, Josef NollSecurity in Industrial LifeCycle ODATA - based ABAC l ODATA, – released Feb2009 – Entity Data Model (EDM) – Common Schema Definition Language (CSDL) – Entity Framework to infer the conceptual model – Query language LINQ – is a query language l Used by: StackOverflow, eBay, TechEd, Netflix,... l Microsoft’s approach for interworking 24 fredag 6. september 13
  • 32. Sep 2013, Josef NollSecurity in Industrial LifeCycle S-ABAC based access l OWL & SWRL implementation l Rules inferring security tokens 25 canOwn(?person,?attributes) ∩ withHold(?token,?attributes) ∩ (Person(?person) -> SecurityTokenIssueTo(?token, ?person) fredag 6. september 13
  • 33. Sep 2013, Josef NollSecurity in Industrial LifeCycle Application - Smart-grid 26 l Access criteria – Security token – role – context l Policies – service requirements – service tokens – user tokens fredag 6. september 13
  • 34. Sep 2013, Josef NollSecurity in Industrial LifeCycle Conclusions & Recommendations l Recommendations – one ontology per aspects – semantic attribute based access control l Open Issues – description of security goals – metrics description of threat – sensor description l Require “logic” in purchase process 27 Security functionality authentication identity encryption error control ... availability = 0.8, confidentiality=0.9, integrity=0.6 universal threat metrics? SenML SensorML Semantic Sensor Network (SSN) fredag 6. september 13
  • 35. CWI May 2012, Josef Noll My special thanks to • JU Artemis and the Research Councils of the participating countries (IT, HE, PT, SL, NO, ES) • Andrea Fiaschetti for the semantic middleware and ideas • Inaki Eguia Elejabarrieta,Andrea Morgagni, Francesco Flammini, Renato Baldelli, Vincenzo Suraci for the Metrices • Przemyslaw Osocha for running the pSHIELD project • Cecilia Coveri (SelexElsag) for running the nSHIELD project • Sarfraz Alam (UNIK) and Geir Harald Ingvaldsen (JBV) for the train demo • Zahid Iqbal and Mushfiq Chowdhury for the semantics • Hans Christian Haugli and Juan Carlos Lopez Calvet for the Shepherd ® interfaces • and all those I have forgotten to mention 28 fredag 6. september 13