LACPi: Lightweight Context-Aware Access Control System for cyber-physical resources
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
INGEGNERIA INFORMATICA PER LA GESTIONE D'AZIENDA
Relatori
relatore Prof. Dini, Gianluca tutor Ing. Ficarra, Michele correlatore Dott. Bechini, Alessio
Parole chiave
ABAC
access
ACL
CAACS
control
fine grain
high performance
language specification
lightweight
OAUTH
PBAC
ptz
ptz camera
RBAC
SOA
TRBAC
XACML
Data inizio appello
02/10/2014
Consultabilità
Completa
Riassunto
Pitagora Project is carried out by 8 partners (1 LE, 5 SME, 2 RC) and tackles the main issues of airport management: collaboration, resource management, and crisis. The project will design, develop and test a prototype to create an innovative platform for an efficient and integrated management of airport infrastructures. The goal of this thesis is the implementation of a software system which is capable of managing a privacy-aware access control system, based on information retrieved from a critical infrastructure, such as an airport. More specifically, Università di Pisa, as partner of Pitagora Project, has been asked to deal with resources having high performance requirements, such as PTZ cameras, in order to grant or deny an authorization to control them on a fine-grained level. Among all the existing access control models which had been analyzed, we selected the Context-Aware Access Control Model as the reference model. We then analyzed the technological solutions which are already available, starting with the de facto standard, XACML, and we evaluated whether an innovative approach such as OAuth 2.0 is able to satisfy our requirements. Given the architectural complexity of both solutions and the strict performance requirements, we opted for a fine-grained and lightweight access control, introducing a new policy definition language formalized using the Backus-Naur Form (BNF) and actually implemented in XML code. We also designed an evaluation method to take into account both the operative scenario and a reference architecture, that could be used as a generic access control solution for physical and cyber resources. The reference model was implemented in collaboration with Thales Italia, using an extremely modular approach in order to decouple all modules from a functional and data representation standpoint. The performance analysis showed the quality of our solution. More specifically, in our reference scenario, our solution resulted more than 7 times faster than the XACML implementation.
-----------------------------------------------
I processi aeroportuali richiedono un controllo degli accessi più flessibile di quello classico basato sulla risorsa, l’operazione richiesta ed il soggetto richiedente. Più precisamente, è necessario tenere conto del contesto in cui una richiesta viene fatta. Ad esempio, un privilegio può essere concesso o revocato al verificarsi di una particolare situazione di emergenza. A questo proposito, si è definito un linguaggio per la specifica di politiche di sicurezza basata sul contesto. Si è inoltre implementato un sistema di controllo degli accessi basato su tale linguaggio che è stato poi integrato nella piattaforma Pitagora. Il sistema risultante è utilizzato verrà utilizzato per la gestione di risorse “cyber", come un file, ma anche per risorse “physical”, come ad esempio le telecamere PTZ.
