s.3.4 security and privacy
TRANSCRIPT
ww
w.
su
ns
hi
ne
pr
oj
ec
t.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
D6.4 S3.4
Security and Privacy
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Highlights
• Publication of D1.3 now being updated from T1.6
Following on from T1.6 we’re re-viewing and revising D1.3 throughout the project
Focus on what we’re doing and ensuring it works with SUNSHINE to counter risk, maximise privacy protection, comply to standards including the development of new standards and best practices
• Architecture based on XACML/SAML with federated IdM• Result is rule based access control in a number of flavours:
• Role Based Access Control• Attribute Based Access Control• Consent Based Access Control
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Update of D1.3
Taken alongside developments in
T4.8
Reviews newer attack models
Heartbleed as an example
Introduces metrics from MITRE, ISO
and Common Criteria in
developing products and services
Considering use of STIX for incident
reports
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Identity management - generic
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Access control – generic XACML
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Identity and access
management in SUNSHINE
Implemented using WSO2 toolkit
Identity Manager
XACML policy engine
SAML policy engine
X509 certificate generator, verifier
Multiple algorithms (RSA, ECC, etc.)
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Sunshine’s XACML implementation
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Sunshine’s XACML implementation
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Sunshine’s XACML implementation
PEP
PAP/PDP
User Directory
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Principles involved
Rule processing
Attestation creation using signed
attributes
Attestation verification
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Process
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Next steps #1
Testing of implementation
Done by Sinergis
SUNSHINE specific scripts
Re-analysis of data and user model to assign rules for access
Determine authority for each rule
Distribute rules and collate policies
More testing
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Next steps #2
Creation of new work item in ETSI
CYBER for Access Control scripting
Extending rules for good XACML essentially
Building towards introducing the cPPconcept to GML through OGC
Reviewing algorithms for asymmetric access control attestations in a
quantum safe cryptographic world
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Next steps #3
Working with OGC to tighten up
geoXACML
As part of smart city initiatives in OGC
Preparing report on anonymisation
Current anonymisation practices in SUNSHINE are adequate
Concern is linkage and inference from other data sources (much more complex anti-privacy attack but
concern has been raised in the EU)
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Standards development goals
•Developments with ETSI at smartM2M, ITS and CYBER
TR 102 893
Risk analysis TVRA
TS 103 097
Security data definitions
TS 102 940
ITS security architecture & sec
management
TS 102 941
Trust & Privacy
TS 102 942
Confidentiality
TS 102 943
Access control
All published and in revision/maintenance mode
ww
w.s
un
shin
ep
roje
ct.
eu
SUNSHINE - Smart UrbaN ServIces for Higher eNergy Efficiency (GA no: 325161)
Credits
For more training material and courses visit http://www.sunshineproject.eu/solutions/trainingor contact us directly at [email protected]
Sou
rce:
ww
w.u
nio
neg
eom
etri
.co
m
Thank you!
Scott CADZOW
C3L