ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Thesis Proposal

•Download as PPTX, PDF•
•
Michele Guglielmi
Michele Guglielmi

This document proposes a framework to enable flexible access control and cloud-based information sharing during emergency situations. The framework uses complex event processing to detect emergencies and then activates temporary access control policies and obligations to allow authorized users controlled access to resources needed for emergency response. It also explores using encryption and dynamic virtualization techniques to securely share information across multiple organizations' private clouds during emergencies.

1 of 18
Università degli Studi dell’Insubria Facoltà di Scienze MM.FF.NN. di Varese A Framework in Support of Emergency Management: from Flexible Access Control to Cloud-based Information Sharing Michele Guglielmi michele.guglielmi@uninsubria.it
Emergency Management Hurricane Katrina 9/11 Attack Fukushima Information Sharing
Traditional vs Emergency Access Control Traditional access control models are regulated by a proper set of pre-defined access control policies. An Emergency access control model should (during an emergency) bypass the regular access control policies and grant users access to resources not normally authorized. Downgrading of information security Temporary Controlled Timely Flexible access control model
Information Sharing Information Sharing Single Multiple Organization Organizations Flexible Access Control Model Cloud-based Information Sharing
Our Model vs BtG (Break the Glass) ï‚— a subject requests an access ï‚— the system checks regular access control policies ï‚— if the access request is denied, the system verifies whether this decision can be overridden by a BtG policy ï‚— the subject is notified and asked to confirm. In our proposal, when an emergency is detected related emergency policies are activated. If an access is denied by a regular policy, the system checks if this decision can be overridden by a emergency policy and, in this case, the access is granted. ï‚— BtG policies are always active ï‚— emergency policies are active only ï‚— a user can decide when to use a BtG during emergencies policy to override a regular one ï‚— only the system can override a ï‚— a user can wait a while to respond regular policy when the system prompts the BtG ï‚— system overrides immediately request regular policies when an emergency is detected
Information Sharing in the cloud Untrusted Domain: cloud servers are usually managed by commercial providers which are outside of the trusted domain of the users. Encrypt Data Selective Queries over Encryption encrypted data
Proposal The overall goal of this proposal is to define, implement and test an access control framework to enforce controlled information sharing in emergency situations. • Emergency Detection • Flexible Access Control Model • Access Control Model Enforcement • Information Sharing through the cloud
Emergency Detection Complex Event Emergency Processing Detection (CEP) process incoming data through a Data Stream Management sequence of transformations based on System (DSMS) common SQL operators to produce streams of new data as an output see incoming data as events happened in Complex Event Processing the external world, which have to be (CEP) filtered and combined to detect occurrences of particular patterns
Event Languages The literature offers several languages for event pattern specification (e.g., Amit, XChangeEQ, SpaTec, TESLA and SASE+). Some languages have also been proposed by vendors (e.g., Streambase, Sybase, Oracle CEP). However, up to now, a standard event specification language has not yet emerged. In the thesis a Core Event Specification Language (CESL) will be used B. Carminati, E. Ferrari, and M. Guglielmi, Secure information sharing on support of emergency management. In proceeding of The Third IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT).
Emergency An emergency is modeled as a couple of events, defined in CESL, that signal the beginning and ending of the emergency situation, respectively. Example: Patients wear several monitoring devices that catch their health measures. All gathered measures are encoded as tuples in a data stream and sent to a CEP. BradycariaEmergency { init: σ(heart_rate ≤ 60)(VitalSigns) end: σ(heart_rate > 60)(VitalSigns) }
Access Control Model Access control model for emergency management should enforce flexible and controlled information sharing during emergencies. • Temporary Access Control Policies (tacps): a tuple (sbj, obj, priv) where sbj identifies subjects authorized to exercise the privilege priv on the target object obj • Emergency obligation: an action or a set of actions that must be fulfilled when an emergency is detected. Example: (BradycariaEmergency, tacp1, call_ambulance) tacp1 { sbj: paramedics taking care of the patient at the time of the emergency; obj: Electronic Medical Record (EMR) of the patient under emergency; priv: read;}
Access Control Enforcement To implement the proposed access control model we exploit CEP systems. A possible architecture is the following. User Profiles Repository Access Control Handler Objects user Emergency regular access control Handler policies, emergency Policy descriptions, emergency Repository policies, tacps and CEP Server obligations Develop a prototype implementing this architecture and carry out an extensive set of tests on the prototype
Access Control Model Extensions • Emergency Policy Validity Checks Correctness • Distribute the rights of Emergency create emergency policies Administrative Policies • Describe more critical Composed scenarios Emergencies
Information Sharing on the Cloud Enhance the presented architecture in order to enforce information sharing across different organizations that should cooperate for emergency management • Interoperability • Timely response Given the increasing trend of moving organizational functionalities in the cloud, this proposal wants to offer several solutions so as to be able to design information sharing for emergency situations suitable for as many as possible organizations, based on their level of integration within the cloud infrastructure. • Dynamic virtualization for emergency management • Dynamic information sharing across multi-domain clouds
Dynamic virtualization for emergency management Public Cloud The cloud service provider Organization 1 (i.e., Public Cloud) manages a cloud Resource 1 to provide data storage service. Resource 1 Each Organization stores information to be shared in a local Policy Organization 2 repository managed by the Repository organization itself. Emergency Resource 2 Encryption Techniques Handler Resource 2 CEP Access Control Handler Organization n Resource n Cloud Services Resource n User
Dynamic information sharing across multi-domain clouds Each organization has its data stored in a private cloud. Private Cloud Organization 1 Policy Repository Resource 1 Interoperability problem Policy Private Cloud Repository Organization 2 Policy Repository Resource 2 Emergency Handler CEP Access Control Handler Private Cloud Policy Interchange Policy Organization n Language Repository Resource n User
Research Schedule (Flexible Access Control) Phase Main Task Requirement Understanding requirements of emergency management in terms of  analysis access control and information sharing State of the Reading, researching, and evaluating sources about complex event  art processing and flexible access control models Modelization Definition of a formal access control model tailored for  emergency management Enforcement Development of a prototype implementing the access control model. and Prototype performance evaluation through an extensive set of tests - performance evaluation  Not yet performed, - Partially performed,  Completed
Research Schedule (Cloud- based Information Sharing) Phase Main Task State of the art Reading, researching, and evaluating sources about cloud infrastructures - and encryption techniques to store data in the cloud Modelization Formal definition of architectures in support of information sharing through - the cloud: dynamic virtualization for emergency management and dynamic information sharing across multi-domain clouds Implementation Development of a framework implementing the cloud infrastructures in  and performance support of information sharing evaluation Testing Testing the framework on a real case study thanks to the collaboration with  Protezione Civile promoted during the workshop on maxi-emergency management organized by the Knowledge and Service Management for Business Applications research centre of the University of Insubria.  Not yet performed, - Partially performed,  Completed

More Related Content

Thesis Proposal

  • 1. Università degli Studi dell’Insubria Facoltà di Scienze MM.FF.NN. di Varese A Framework in Support of Emergency Management: from Flexible Access Control to Cloud-based Information Sharing Michele Guglielmi michele.guglielmi@uninsubria.it
  • 2. Emergency Management Hurricane Katrina 9/11 Attack Fukushima Information Sharing
  • 3. Traditional vs Emergency Access Control Traditional access control models are regulated by a proper set of pre-defined access control policies. An Emergency access control model should (during an emergency) bypass the regular access control policies and grant users access to resources not normally authorized. Downgrading of information security Temporary Controlled Timely Flexible access control model
  • 4. Information Sharing Information Sharing Single Multiple Organization Organizations Flexible Access Control Model Cloud-based Information Sharing
  • 5. Our Model vs BtG (Break the Glass) ï‚— a subject requests an access ï‚— the system checks regular access control policies ï‚— if the access request is denied, the system verifies whether this decision can be overridden by a BtG policy ï‚— the subject is notified and asked to confirm. In our proposal, when an emergency is detected related emergency policies are activated. If an access is denied by a regular policy, the system checks if this decision can be overridden by a emergency policy and, in this case, the access is granted. ï‚— BtG policies are always active ï‚— emergency policies are active only ï‚— a user can decide when to use a BtG during emergencies policy to override a regular one ï‚— only the system can override a ï‚— a user can wait a while to respond regular policy when the system prompts the BtG ï‚— system overrides immediately request regular policies when an emergency is detected
  • 6. Information Sharing in the cloud Untrusted Domain: cloud servers are usually managed by commercial providers which are outside of the trusted domain of the users. Encrypt Data Selective Queries over Encryption encrypted data
  • 7. Proposal The overall goal of this proposal is to define, implement and test an access control framework to enforce controlled information sharing in emergency situations. • Emergency Detection • Flexible Access Control Model • Access Control Model Enforcement • Information Sharing through the cloud
  • 8. Emergency Detection Complex Event Emergency Processing Detection (CEP) process incoming data through a Data Stream Management sequence of transformations based on System (DSMS) common SQL operators to produce streams of new data as an output see incoming data as events happened in Complex Event Processing the external world, which have to be (CEP) filtered and combined to detect occurrences of particular patterns
  • 9. Event Languages The literature offers several languages for event pattern specification (e.g., Amit, XChangeEQ, SpaTec, TESLA and SASE+). Some languages have also been proposed by vendors (e.g., Streambase, Sybase, Oracle CEP). However, up to now, a standard event specification language has not yet emerged. In the thesis a Core Event Specification Language (CESL) will be used B. Carminati, E. Ferrari, and M. Guglielmi, Secure information sharing on support of emergency management. In proceeding of The Third IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT).
  • 10. Emergency An emergency is modeled as a couple of events, defined in CESL, that signal the beginning and ending of the emergency situation, respectively. Example: Patients wear several monitoring devices that catch their health measures. All gathered measures are encoded as tuples in a data stream and sent to a CEP. BradycariaEmergency { init: σ(heart_rate ≤ 60)(VitalSigns) end: σ(heart_rate > 60)(VitalSigns) }
  • 11. Access Control Model Access control model for emergency management should enforce flexible and controlled information sharing during emergencies. • Temporary Access Control Policies (tacps): a tuple (sbj, obj, priv) where sbj identifies subjects authorized to exercise the privilege priv on the target object obj • Emergency obligation: an action or a set of actions that must be fulfilled when an emergency is detected. Example: (BradycariaEmergency, tacp1, call_ambulance) tacp1 { sbj: paramedics taking care of the patient at the time of the emergency; obj: Electronic Medical Record (EMR) of the patient under emergency; priv: read;}
  • 12. Access Control Enforcement To implement the proposed access control model we exploit CEP systems. A possible architecture is the following. User Profiles Repository Access Control Handler Objects user Emergency regular access control Handler policies, emergency Policy descriptions, emergency Repository policies, tacps and CEP Server obligations Develop a prototype implementing this architecture and carry out an extensive set of tests on the prototype
  • 13. Access Control Model Extensions • Emergency Policy Validity Checks Correctness • Distribute the rights of Emergency create emergency policies Administrative Policies • Describe more critical Composed scenarios Emergencies
  • 14. Information Sharing on the Cloud Enhance the presented architecture in order to enforce information sharing across different organizations that should cooperate for emergency management • Interoperability • Timely response Given the increasing trend of moving organizational functionalities in the cloud, this proposal wants to offer several solutions so as to be able to design information sharing for emergency situations suitable for as many as possible organizations, based on their level of integration within the cloud infrastructure. • Dynamic virtualization for emergency management • Dynamic information sharing across multi-domain clouds
  • 15. Dynamic virtualization for emergency management Public Cloud The cloud service provider Organization 1 (i.e., Public Cloud) manages a cloud Resource 1 to provide data storage service. Resource 1 Each Organization stores information to be shared in a local Policy Organization 2 repository managed by the Repository organization itself. Emergency Resource 2 Encryption Techniques Handler Resource 2 CEP Access Control Handler Organization n Resource n Cloud Services Resource n User
  • 16. Dynamic information sharing across multi-domain clouds Each organization has its data stored in a private cloud. Private Cloud Organization 1 Policy Repository Resource 1 Interoperability problem Policy Private Cloud Repository Organization 2 Policy Repository Resource 2 Emergency Handler CEP Access Control Handler Private Cloud Policy Interchange Policy Organization n Language Repository Resource n User
  • 17. Research Schedule (Flexible Access Control) Phase Main Task Requirement Understanding requirements of emergency management in terms of  analysis access control and information sharing State of the Reading, researching, and evaluating sources about complex event  art processing and flexible access control models Modelization Definition of a formal access control model tailored for  emergency management Enforcement Development of a prototype implementing the access control model. and Prototype performance evaluation through an extensive set of tests - performance evaluation  Not yet performed, - Partially performed,  Completed
  • 18. Research Schedule (Cloud- based Information Sharing) Phase Main Task State of the art Reading, researching, and evaluating sources about cloud infrastructures - and encryption techniques to store data in the cloud Modelization Formal definition of architectures in support of information sharing through - the cloud: dynamic virtualization for emergency management and dynamic information sharing across multi-domain clouds Implementation Development of a framework implementing the cloud infrastructures in  and performance support of information sharing evaluation Testing Testing the framework on a real case study thanks to the collaboration with  Protezione Civile promoted during the workshop on maxi-emergency management organized by the Knowledge and Service Management for Business Applications research centre of the University of Insubria.  Not yet performed, - Partially performed,  Completed