• ABAC
• access
• ACL
• CAACS
• control
• fine grain
• high performance
• language specification
• lightweight
• OAUTH
• PBAC
• ptz
• ptz camera
• RBAC
• SOA
• TRBAC
• XACML

Pitagora Project is carried out by 8 partners (1 LE, 5 SME, 2 RC) and tackles
the main issues of airport management: collaboration, resource management,
and crisis. The project will design, develop and test a prototype to create an
innovative platform for an efficient and integrated management of airport
infrastructures.
The goal of this thesis is the implementation of a software system which
is capable of managing a privacy-aware access control system, based on information
retrieved from a critical infrastructure, such as an airport. More
specifically, Università di Pisa, as partner of Pitagora Project, has been asked
to deal with resources having high performance requirements, such as PTZ
cameras, in order to grant or deny an authorization to control them on a
fine-grained level.
Among all the existing access control models which had been analyzed,
we selected the Context-Aware Access Control Model as the reference model.
We then analyzed the technological solutions which are already available,
starting with the de facto standard, XACML, and we evaluated whether an
innovative approach such as OAuth 2.0 is able to satisfy our requirements.
Given the architectural complexity of both solutions and the strict performance
requirements, we opted for a fine-grained and lightweight access
control, introducing a new policy definition language formalized using the
Backus-Naur Form (BNF) and actually implemented in XML code.
We also designed an evaluation method to take into account both the operative
scenario and a reference architecture, that could be used as a generic
access control solution for physical and cyber resources.
The reference model was implemented in collaboration with Thales Italia,
using an extremely modular approach in order to decouple all modules from
a functional and data representation standpoint.
The performance analysis showed the quality of our solution. More specifically,
in our reference scenario, our solution resulted more than 7 times faster
than the XACML implementation.

-----------------------------------------------

I processi aeroportuali richiedono un controllo degli accessi più flessibile di quello classico basato sulla risorsa, l’operazione richiesta ed il soggetto richiedente. Più precisamente, è necessario tenere conto del contesto in cui una richiesta viene fatta. Ad esempio, un privilegio può essere concesso o revocato al verificarsi di una particolare situazione di emergenza. A questo proposito, si è definito un linguaggio per la specifica di politiche di sicurezza basata sul contesto. Si è inoltre implementato un sistema di controllo degli accessi basato su tale linguaggio che è stato poi integrato nella piattaforma Pitagora. Il sistema risultante è utilizzato verrà utilizzato per la gestione di risorse “cyber", come un file, ma anche per risorse “physical”, come ad esempio le telecamere PTZ.