Biblio
Distributed environments such as Internet of Things, have an increasing need of introducing access and usage control mechanisms, to manage the rights to perform specific operations and regulate the access to the plethora of information daily generated by these devices. Defining policies which are specific to these distributed environments could be a challenging and tedious task, mainly due to the large set of attributes that should be considered, hence the upcoming of unforeseen conflicts or unconsidered conditions. In this paper we propose a qualitative risk-based usage control model, aimed at enabling a framework where is possible to define and enforce policies at different levels of granularity. In particular, the proposed framework exploits the Analytic Hierarchy Process (AHP) to coalesce the risk value assigned to different attributes in relation to a specific operation, in a single risk value, to be used as unique attribute of usage control policies. Two sets of experiments that show the benefits both in policy definition and in performance, validate the proposed model, demonstrating the equivalence of enforcement among standard policies and the derived single-attributed policies.
Collaborative smart services provide functionalities which exploit data collected from different sources to provide benefits to a community of users. Such data, however, might be privacy sensitive and their disclosure has to be avoided. In this paper, we present a distributed multi-tier framework intended for smart-environment management, based on usage control for policy evaluation and enforcement on devices belonging to different collaborating entities. The proposed framework exploits secure multi-party computation to evaluate policy conditions without disclosing actual value of evaluated attributes, to preserve privacy. As reference example, a smart-grid use case is presented.
Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange of data between services across enterprises. Traditional access and usage control mechanisms are only able to determine if data may be used by a subject, but lack an understanding of how it may be used. The ability to control the way how data is processed is however crucial for enterprises to guarantee (and provide evidence of) compliant processing of critical data, as well as for users who need to control if their private data may be analyzed or linked with additional information - a major concern in IoT applications processing personal information. In this paper, we introduce LUCON, a data-centric security policy framework for distributed systems that considers data flows by controlling how messages may be routed across services and how they are combined and processed. LUCON policies prevent information leaks, bind data usage to obligations, and enforce data flows across services. Policy enforcement is based on a dynamic taint analysis at runtime and an upfront static verification of message routes against policies. We discuss the semantics of these two complementing enforcement models and illustrate how LUCON policies are compiled from a simple policy language into a first-order logic representation. We demonstrate the practical application of LUCON in a real-world IoT middleware and discuss its integration into Apache Camel. Finally, we evaluate the runtime impact of LUCON and discuss performance and scalability aspects.
Recent years have seen an exponential growth of the collection and processing of data from heterogeneous sources for a variety of purposes. Several methods and techniques have been proposed to transform and fuse data into "useful" information. However, the security aspects concerning the fusion of sensitive data are often overlooked. This paper investigates the problem of data fusion and derived data control. In particular, we identify the requirements for regulating the fusion process and eliciting restrictions on the access and usage of derived data. Based on these requirements, we propose an attribute-based policy framework to control the fusion of data from different information sources and under the control of different authorities. The framework comprises two types of policies: access control policies, which define the authorizations governing the resources used in the fusion process, and fusion policies, which define constraints on allowed fusion processes. We also discuss how such policies can be obtained for derived data.