s.3.4 security and privacy

ww

w.

su

ns

hi

ne

pr

oj

ec

t.

eu

SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)

D6.4 S3.4

Security and Privacy

http://ec.europa.eu/ict_psp

ww

w.s

un

shin

ep

roje

ct.

eu


Highlights

• Publication of D1.3 now being updated from T1.6

Following on from T1.6 we’re re-viewing and revising D1.3 throughout the project

Focus on what we’re doing and ensuring it works with SUNSHINE to counter risk, maximise privacy protection, comply to standards including the development of new standards and best practices

• Architecture based on XACML/SAML with federated IdM• Result is rule based access control in a number of flavours:

• Role Based Access Control• Attribute Based Access Control• Consent Based Access Control


ww

w.s

un

shin

ep

roje

ct.

eu


Update of D1.3

Taken alongside developments in

T4.8

Reviews newer attack models

Heartbleed as an example

Introduces metrics from MITRE, ISO

and Common Criteria in

developing products and services

Considering use of STIX for incident

reports


ww

w.s

un

shin

ep

roje

ct.

eu


Identity management - generic


ww

w.s

un

shin

ep

roje

ct.

eu


Access control – generic XACML


ww

w.s

un

shin

ep

roje

ct.

eu


Identity and access

management in SUNSHINE

Implemented using WSO2 toolkit

Identity Manager

XACML policy engine

SAML policy engine

X509 certificate generator, verifier

Multiple algorithms (RSA, ECC, etc.)


ww

w.s

un

shin

ep

roje

ct.

eu


Sunshine’s XACML implementation


ww

w.s

un

shin

ep

roje

ct.

eu


Sunshine’s XACML implementation

PEP

PAP/PDP

User Directory


ww

w.s

un

shin

ep

roje

ct.

eu


Principles involved

Rule processing

Attestation creation using signed

attributes

Attestation verification


ww

w.s

un

shin

ep

roje

ct.

eu



ww

w.s

un

shin

ep

roje

ct.

eu


Process


ww

w.s

un

shin

ep

roje

ct.

eu


Next steps #1

Testing of implementation

Done by Sinergis

SUNSHINE specific scripts

Re-analysis of data and user model to assign rules for access

Determine authority for each rule

Distribute rules and collate policies

More testing


ww

w.s

un

shin

ep

roje

ct.

eu


Next steps #2

Creation of new work item in ETSI

CYBER for Access Control scripting

Extending rules for good XACML essentially

Building towards introducing the cPPconcept to GML through OGC

Reviewing algorithms for asymmetric access control attestations in a

quantum safe cryptographic world


ww

w.s

un

shin

ep

roje

ct.

eu


Next steps #3

Working with OGC to tighten up

geoXACML

As part of smart city initiatives in OGC

Preparing report on anonymisation

Current anonymisation practices in SUNSHINE are adequate

Concern is linkage and inference from other data sources (much more complex anti-privacy attack but

concern has been raised in the EU)


ww

w.s

un

shin

ep

roje

ct.

eu


Standards development goals

•Developments with ETSI at smartM2M, ITS and CYBER

TR 102 893

Risk analysis TVRA

TS 103 097

Security data definitions

TS 102 940

ITS security architecture & sec

management

TS 102 941

Trust & Privacy

TS 102 942

Confidentiality

TS 102 943

Access control

All published and in revision/maintenance mode


ww

w.s

un

shin

ep

roje

ct.

eu


Credits

For more training material and courses visit http://www.sunshineproject.eu/solutions/trainingor contact us directly at [email protected]

Sou

rce:

ww

w.u

nio

neg

eom

etri

.co

m

Thank you!

Scott CADZOW

C3L


http://www.sunshineproject.eu/solutions/training

mailto:[email protected]

s.3.4 security and privacy

Technology