SlideShare uma empresa Scribd logo

Security Research

Transferir como PPTX, PDF
AGILE IoT
AGILE IoT

Juan David parra / uni passau

Software
1 de 27
AGILE M18 Review, 20 October 2017, Brussels (Belgium) Security Research JUAN DAVID PARRA / UNI PASSAU / WP 5 LEADER 1
Outline 1. Demo 2. Mapping within overall WP structure 3. Mapping within the overall Architecture 4. Goals of the Security Work Package 5. Research on Security Aspects for AGILE 6. Practical Security Aspects Relevant for AGILE 7. Security Implementation Status 8. Future Steps 2
DEMO
What the Demo is About •Role Based Access Control (by default) • Used to decide who can create entities • Who can set some attributes •Users can still have the possibility to define who can access their attributes • Credentials are only readable to the user itself • Administrators can set some attributes (such as role) 4
Steps •We log in with two different users (an AGILE-LOCAL user and a Dropbox user) both registered with AGILE-IDM •We show how both have the possibility to add attributes to other users (buttons shown in the UI) •We show how even though the Dropbox user is admin, he cannot read the credentials from the agile-local user (default policies for credentials are meant for users only) •We show that after removing the admin role from the Dropbox user, he cannot set attributes and he cannot upgrade his privileges by setting himself as admin •After placing the role back to the Dropbox user, everything goes back to normal. 5
Demo Setup 6 Admins https://youtu.be/z1V3E9Mo1Cw
WORK-PACKAGE MAPPING
Mapping to AGILE overall Work- Package structure 8
ARCHITECTURE MAPPING
Mapping to AGILE Architecture – Development View 10
MAIN CONTENTS
Goals of the Security Work Package 1. Provide authentication (internal and external applications) and Identity Management (IDM, Task 5.1) 2. Let users control by whom and under which circumstances their data is used (inside the gateway) (UC, Task 5.2) 3. Let users store data (outside of the gateway) while protecting confidentiality of their data as much as possible (DS, Task 5.3) 4. Provide security features in a flexible and understandable manner, such that pilots and gateway adopters can use them. (PS, Task 5.4) 12
Research on Security Aspects for AGILE •Analyze where data is located in IoT scenarios based on a Perimeter •Perimeter contains trusted elements to process the data •Smaller Perimeter => More “paranoid” user Parra Juan, Schreckling Daniel and Posegga Joachim. Addressing Data-Centric Security Requirements for IoT-Based Systems. In 2016 International Workshop on Secure Internet of Things (SIoT), pages 1-10, September, 2016 13
Practical Aspects Relevant for AGILE (P1, P2) Identity Management (IDM: Goal 1) – Delivered in M12 (D5.1)* •IDM needs to include the path from Devices to Visualization Device (including external systems) •To ease integration we should include external Identity Providers Delivered as AGILE Deliverable 5.1: First Prototype of the AGILE Identity Management System 14
Practical Aspects Relevant for AGILE (P1, P2) Data Usage Control (UC: Goal 2) – To be Delivered in M20(D5.2) •Data must be declassified before being delivered to (internal or external) applications or systems. •Policies should be flexible enough to specify aspects related to previous access to the data to provide higher privacy guarantees (relates to diff. privacy) 15
Practical Aspects Relevant for AGILE (P1, P2) Secure Data Sharing (DS: Goal 3) – To be Delivered in M24 (D5.3) Attempt to keep confidentiality guarantees: •Even when attackers have physical access to the gateway •Even when data is stored externally 16
Practical Applications for AGILE (P1, P2) Pilot and Adopters Support (PS: Goal 4) – Task 5.4 •Strive to provide a security framework that is as generic as possible. •A generic attribute-based security framework is the way to go here. 17
Security Implementation Status D5.1 [M12] D5.2 [M20] D5.3 [M24] D5.1. First Prototype of the AGILE Identity Management System D5.2 Usage Control and Provenance Management D5.3 Secure Data Sharing System D5.4 Pilot Integration M18 18
Security Implementation Status Generic attribute-based IDM •Defines a generic security model based a generic entity schema (Goals: All) •Defines a security model based on read and write policies (and meta- policies) on entities’ attributes. (Goals: All) •Currently it is configured by default to do Role-based access control (admin and non admin users) (Goals: UC, PS) •Authentication supports external providers: Local Authentication , Dropbox, Github, Google, PAM, WebID. (Goals: DS, PS) (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) Delivered as AGILE Deliverable 5.1: First Prototype of the AGILE Identity Management System 19
Security Implementation Status Integration with User Interface •Login functionality of Desktop-like framework integrated with IDM (Goals: IDM, PS) •Setting attributes in the Agile Control Panel (Goals: All, WP 4 Cloud Integration) •Visualization of Entities in the Agile Control Panel (Goals: All) •Registration of Devices as entities when they are paired with the gateway (Goals: All) (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) 20
Security Implementation Status Integration with Developers UI (Node-RED) •Login information propagated to the Developer’s UI (Goals: All) •Accessing authentication information for currently authenticated user from Node-RED Workflows (Goals: IDM, WP 4 Cloud Integration) •Reading entity’s attributes such as Cloud Credentials from Node-RED Workflows (Goals: PS, WP 4 Cloud Integration) (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) 21
Security Implementation Status Integration with the AGILE SDK •All security-relevant API calls are available through http and the agile- sdk (Goals: PS) (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) 22
Progress after M18 (June 2017) Ongoing implementation of Usage Control (M20) Delivered in August* •Usage control is now integrated in a Policy Decision API as well as in IDM to decide policies on reading attributes based on the current user (Goals: All) •Provide generic ways to define policies on actions (performed on entities) (Goals: UC, PS) •Developed monitoring mechanisms to let users know when and by whom their data is being accessed (Goals: UC, PS) •Extend Data and Local Store component to track provenance of data subscriptions and information (Goals: UC, PS) Delivered as AGILE Deliverable 5.12 Usage Control and Provenance Management (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) 23
Future Steps Task Time Span Status 5.1. Identity Management M4 - M 12 Delivered in time 5.2 Usage Control and Provenance M11 -M 20 Delivered in time (next review) 5.3 Secure Data Sharing M10 - M 24 Ongoing 5.4 Platform Integration M24 - M36 Ongoing 24
THANK YOU
Future Steps Beyond M18 (Backup slide) Secure Data Sharing (due in M24) •Integrate services to enable gateway applications to rely on encrypted external storage (Goals: DS, PS) •Develop further a Lightweight one-time token generation schema (Goals: DS, PS) •Make the security aspects of the User Interface more generic and improve them (Goals: PS) •Provide support to pilots and analyze additional features needed by them or the open call projects (Goals: PS) (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) 26
Future Steps D5.1 [M12] D5.2 [M20] D5.3 [M24] D5.1. First Prototype of the AGILE Identity Management System D5.2 Usage Control and Provenance Management D5.3 Secure Data Sharing System D5.4 Pilot Integration MS1: Initial Design & Draft Framework MS2: Agile Framework Release and Initial Integration MS3: Agile Component Final Integration MS4: Agile Integration with External Clouds MS1[M9] MS2[M18] MS3[M24] MS5MS4[M30] 27

Recomendados

Pilot Design, Execution & Evaluation
Pilot Design, Execution & EvaluationPilot Design, Execution & Evaluation
Pilot Design, Execution & Evaluation
AGILE IoT
 
AGILE software, devices and wider ecosystem
AGILE software, devices and wider ecosystemAGILE software, devices and wider ecosystem
AGILE software, devices and wider ecosystem
AGILE IoT
 
IoT and Cloud services interactions
IoT and Cloud services interactionsIoT and Cloud services interactions
IoT and Cloud services interactions
AGILE IoT
 
AGILE M18 – State of the “Nation”
AGILE M18 – State of the “Nation”AGILE M18 – State of the “Nation”
AGILE M18 – State of the “Nation”
AGILE IoT
 
IoT Hardware innovation
IoT Hardware innovationIoT Hardware innovation
IoT Hardware innovation
AGILE IoT
 
AGILE Open Call #1 Pitch
AGILE Open Call #1 PitchAGILE Open Call #1 Pitch
AGILE Open Call #1 Pitch
AGILE IoT
 
Configuration & Recommendation
Configuration & RecommendationConfiguration & Recommendation
Configuration & Recommendation
AGILE IoT
 
Dissemination and Community Building
Dissemination and Community BuildingDissemination and Community Building
Dissemination and Community Building
AGILE IoT
 

Recomendados

Pilot Design, Execution & Evaluation
Pilot Design, Execution & EvaluationPilot Design, Execution & Evaluation
Pilot Design, Execution & Evaluation
AGILE IoT
 
AGILE software, devices and wider ecosystem
AGILE software, devices and wider ecosystemAGILE software, devices and wider ecosystem
AGILE software, devices and wider ecosystem
AGILE IoT
 
IoT and Cloud services interactions
IoT and Cloud services interactionsIoT and Cloud services interactions
IoT and Cloud services interactions
AGILE IoT
 
AGILE M18 – State of the “Nation”
AGILE M18 – State of the “Nation”AGILE M18 – State of the “Nation”
AGILE M18 – State of the “Nation”
AGILE IoT
 
IoT Hardware innovation
IoT Hardware innovationIoT Hardware innovation
IoT Hardware innovation
AGILE IoT
 
AGILE Open Call #1 Pitch
AGILE Open Call #1 PitchAGILE Open Call #1 Pitch
AGILE Open Call #1 Pitch
AGILE IoT
 
Configuration & Recommendation
Configuration & RecommendationConfiguration & Recommendation
Configuration & Recommendation
AGILE IoT
 
Dissemination and Community Building
Dissemination and Community BuildingDissemination and Community Building
Dissemination and Community Building
AGILE IoT
 
AGILE Use Case & Challenges
AGILE Use Case & ChallengesAGILE Use Case & Challenges
AGILE Use Case & Challenges
AGILE IoT
 
WP1 Gateway HW Design & Implementation
WP1 Gateway HW Design & ImplementationWP1 Gateway HW Design & Implementation
WP1 Gateway HW Design & Implementation
AGILE IoT
 
WP5 - Gateway Security, Data Provenance & Access Control
WP5 - Gateway Security, Data Provenance & Access ControlWP5 - Gateway Security, Data Provenance & Access Control
WP5 - Gateway Security, Data Provenance & Access Control
AGILE IoT
 
WP2 - T2.1 - Automatic configuration based on hardware modules
WP2 - T2.1 - Automatic configuration based on hardware modulesWP2 - T2.1 - Automatic configuration based on hardware modules
WP2 - T2.1 - Automatic configuration based on hardware modules
AGILE IoT
 
AGILE: Building the Open Gateway for IoT
AGILE: Building the Open Gateway for IoTAGILE: Building the Open Gateway for IoT
AGILE: Building the Open Gateway for IoT
AGILE IoT
 
2016 07-20-wp1-q2 f2 f berlin
2016 07-20-wp1-q2 f2 f berlin2016 07-20-wp1-q2 f2 f berlin
2016 07-20-wp1-q2 f2 f berlin
AGILE IoT
 
2016 07-20-wp5-q2 f2 f meeting in berlin
2016 07-20-wp5-q2 f2 f meeting in berlin2016 07-20-wp5-q2 f2 f meeting in berlin
2016 07-20-wp5-q2 f2 f meeting in berlin
AGILE IoT
 
Why IoT needs Open Source Communities
Why IoT needs Open Source CommunitiesWhy IoT needs Open Source Communities
Why IoT needs Open Source Communities
AGILE IoT
 
The IoT Open Source World: Where WSO2 stands
The IoT Open Source World: Where WSO2 standsThe IoT Open Source World: Where WSO2 stands
The IoT Open Source World: Where WSO2 stands
Charalampos Doukas
 
FIWARE IoT Proposal & Community
FIWARE IoT Proposal & CommunityFIWARE IoT Proposal & Community
FIWARE IoT Proposal & Community
FIWARE
 
WP3 – AGILE Sw Architecture
WP3 – AGILE Sw ArchitectureWP3 – AGILE Sw Architecture
WP3 – AGILE Sw Architecture
AGILE IoT
 
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Conclusion Connect enabling industry 4.0 with IoT
 
201410 1 fiware-overview
201410 1 fiware-overview201410 1 fiware-overview
201410 1 fiware-overview
FIWARE
 
FIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercises
FIWARE
 
CPaaS.io - u2-based Toolbox
CPaaS.io - u2-based ToolboxCPaaS.io - u2-based Toolbox
CPaaS.io - u2-based Toolbox
Stephan Haller
 
Internet of Things - Advantech IoT Gateway Starter Kit
Internet of Things - Advantech IoT Gateway Starter KitInternet of Things - Advantech IoT Gateway Starter Kit
Internet of Things - Advantech IoT Gateway Starter Kit
Advantech Europe E-IOT Business Group
 
CPaaS.io - FIWARE-based Toolbox
CPaaS.io - FIWARE-based ToolboxCPaaS.io - FIWARE-based Toolbox
CPaaS.io - FIWARE-based Toolbox
Stephan Haller
 
Adoptive Gateways for dIverse MuLtiple Environments
Adoptive Gateways for dIverse MuLtiple EnvironmentsAdoptive Gateways for dIverse MuLtiple Environments
Adoptive Gateways for dIverse MuLtiple Environments
Charalampos Doukas
 
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...
Rockwell Automation
 
FIWARE Developers Week_IoT Agents with Thinking Things and OMA lightweight M...
FIWARE Developers Week_IoT Agents with Thinking Things and OMA lightweight M... FIWARE Developers Week_IoT Agents with Thinking Things and OMA lightweight M...
FIWARE Developers Week_IoT Agents with Thinking Things and OMA lightweight M...
FIWARE
 
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
IRJET Journal
 
IRJET- Protection of Personal Data on Distributed Cloud using Biometrics
IRJET- Protection of Personal Data on Distributed Cloud using BiometricsIRJET- Protection of Personal Data on Distributed Cloud using Biometrics
IRJET- Protection of Personal Data on Distributed Cloud using Biometrics
IRJET Journal
 

Mais conteúdo relacionado

Mais procurados

Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Conclusion Connect enabling industry 4.0 with IoT
 

Mais procurados (20)

AGILE Use Case & Challenges
AGILE Use Case & ChallengesAGILE Use Case & Challenges
AGILE Use Case & Challenges
 
WP1 Gateway HW Design & Implementation
WP1 Gateway HW Design & ImplementationWP1 Gateway HW Design & Implementation
WP1 Gateway HW Design & Implementation
 
WP5 - Gateway Security, Data Provenance & Access Control
WP5 - Gateway Security, Data Provenance & Access ControlWP5 - Gateway Security, Data Provenance & Access Control
WP5 - Gateway Security, Data Provenance & Access Control
 
WP2 - T2.1 - Automatic configuration based on hardware modules
WP2 - T2.1 - Automatic configuration based on hardware modulesWP2 - T2.1 - Automatic configuration based on hardware modules
WP2 - T2.1 - Automatic configuration based on hardware modules
 
AGILE: Building the Open Gateway for IoT
AGILE: Building the Open Gateway for IoTAGILE: Building the Open Gateway for IoT
AGILE: Building the Open Gateway for IoT
 
2016 07-20-wp1-q2 f2 f berlin
2016 07-20-wp1-q2 f2 f berlin2016 07-20-wp1-q2 f2 f berlin
2016 07-20-wp1-q2 f2 f berlin
 
2016 07-20-wp5-q2 f2 f meeting in berlin
2016 07-20-wp5-q2 f2 f meeting in berlin2016 07-20-wp5-q2 f2 f meeting in berlin
2016 07-20-wp5-q2 f2 f meeting in berlin
 
Why IoT needs Open Source Communities
Why IoT needs Open Source CommunitiesWhy IoT needs Open Source Communities
Why IoT needs Open Source Communities
 
The IoT Open Source World: Where WSO2 stands
The IoT Open Source World: Where WSO2 standsThe IoT Open Source World: Where WSO2 stands
The IoT Open Source World: Where WSO2 stands
 
FIWARE IoT Proposal & Community
FIWARE IoT Proposal & CommunityFIWARE IoT Proposal & Community
FIWARE IoT Proposal & Community
 
WP3 – AGILE Sw Architecture
WP3 – AGILE Sw ArchitectureWP3 – AGILE Sw Architecture
WP3 – AGILE Sw Architecture
 
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
 
201410 1 fiware-overview
201410 1 fiware-overview201410 1 fiware-overview
201410 1 fiware-overview
 
FIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercises
 
CPaaS.io - u2-based Toolbox
CPaaS.io - u2-based ToolboxCPaaS.io - u2-based Toolbox
CPaaS.io - u2-based Toolbox
 
Internet of Things - Advantech IoT Gateway Starter Kit
Internet of Things - Advantech IoT Gateway Starter KitInternet of Things - Advantech IoT Gateway Starter Kit
Internet of Things - Advantech IoT Gateway Starter Kit
 
CPaaS.io - FIWARE-based Toolbox
CPaaS.io - FIWARE-based ToolboxCPaaS.io - FIWARE-based Toolbox
CPaaS.io - FIWARE-based Toolbox
 
Adoptive Gateways for dIverse MuLtiple Environments
Adoptive Gateways for dIverse MuLtiple EnvironmentsAdoptive Gateways for dIverse MuLtiple Environments
Adoptive Gateways for dIverse MuLtiple Environments
 
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...
 
FIWARE Developers Week_IoT Agents with Thinking Things and OMA lightweight M...
FIWARE Developers Week_IoT Agents with Thinking Things and OMA lightweight M... FIWARE Developers Week_IoT Agents with Thinking Things and OMA lightweight M...
FIWARE Developers Week_IoT Agents with Thinking Things and OMA lightweight M...
 

Semelhante a Security Research

CPaaS.io Y1 Review Meeting - Citizen Empowerment
CPaaS.io Y1 Review Meeting - Citizen EmpowermentCPaaS.io Y1 Review Meeting - Citizen Empowerment
CPaaS.io Y1 Review Meeting - Citizen Empowerment
Stephan Haller
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22
jemtallon
 

Semelhante a Security Research (20)

IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
 
IRJET- Protection of Personal Data on Distributed Cloud using Biometrics
IRJET- Protection of Personal Data on Distributed Cloud using BiometricsIRJET- Protection of Personal Data on Distributed Cloud using Biometrics
IRJET- Protection of Personal Data on Distributed Cloud using Biometrics
 
IRJET- Securing Cloud Data Under Key Exposure
IRJET- Securing Cloud Data Under Key ExposureIRJET- Securing Cloud Data Under Key Exposure
IRJET- Securing Cloud Data Under Key Exposure
 
GDSC Cloud Jam.pptx
GDSC Cloud Jam.pptxGDSC Cloud Jam.pptx
GDSC Cloud Jam.pptx
 
DoChronicle
DoChronicleDoChronicle
DoChronicle
 
IRJET- Sharing Session Key to Protect Data in Cloud Storage
IRJET- Sharing Session Key to Protect Data in Cloud StorageIRJET- Sharing Session Key to Protect Data in Cloud Storage
IRJET- Sharing Session Key to Protect Data in Cloud Storage
 
Basics of Cloud Computing
Basics of Cloud ComputingBasics of Cloud Computing
Basics of Cloud Computing
 
CPaaS.io Y1 Review Meeting - Citizen Empowerment
CPaaS.io Y1 Review Meeting - Citizen EmpowermentCPaaS.io Y1 Review Meeting - Citizen Empowerment
CPaaS.io Y1 Review Meeting - Citizen Empowerment
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
IRJET- Secure Data Protection in Cloud Computing
IRJET- Secure Data Protection in Cloud ComputingIRJET- Secure Data Protection in Cloud Computing
IRJET- Secure Data Protection in Cloud Computing
 
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud Systems
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud SystemsIRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud Systems
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud Systems
 
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASCIRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
 
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASCIRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
 
Presentaion final
Presentaion finalPresentaion final
Presentaion final
 
IRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on CloudIRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on Cloud
 
Cloud Storage System like Dropbox
Cloud Storage System like DropboxCloud Storage System like Dropbox
Cloud Storage System like Dropbox
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22
 
Logicaworks brochure
Logicaworks brochureLogicaworks brochure
Logicaworks brochure
 
Simple stock market analysis
Simple stock market analysisSimple stock market analysis
Simple stock market analysis
 

Mais de AGILE IoT

Mais de AGILE IoT (18)

Dockerized IoT Gateway Stack
Dockerized IoT Gateway StackDockerized IoT Gateway Stack
Dockerized IoT Gateway Stack
 
AGILE: Building the Open Gateway for IoT
AGILE: Building the Open Gateway for IoT AGILE: Building the Open Gateway for IoT
AGILE: Building the Open Gateway for IoT
 
AgriWare / Holonix
AgriWare / HolonixAgriWare / Holonix
AgriWare / Holonix
 
Towards Configuration Technologies for IoT Gateways
Towards Configuration Technologies for IoT GatewaysTowards Configuration Technologies for IoT Gateways
Towards Configuration Technologies for IoT Gateways
 
ASP-based Knowledge Representations for IoT Configuration Scenarios
ASP-based Knowledge Representations for IoT Configuration ScenariosASP-based Knowledge Representations for IoT Configuration Scenarios
ASP-based Knowledge Representations for IoT Configuration Scenarios
 
Recommendation Technologies for IoT Edge Devices
Recommendation Technologies for IoT Edge DevicesRecommendation Technologies for IoT Edge Devices
Recommendation Technologies for IoT Edge Devices
 
About Open Source Business Models
About Open Source Business ModelsAbout Open Source Business Models
About Open Source Business Models
 
2016 07-20-wp8-q2 f2 f berlin
2016 07-20-wp8-q2 f2 f berlin2016 07-20-wp8-q2 f2 f berlin
2016 07-20-wp8-q2 f2 f berlin
 
2016 07-20-wp7-q2 f2 f berlin
2016 07-20-wp7-q2 f2 f berlin2016 07-20-wp7-q2 f2 f berlin
2016 07-20-wp7-q2 f2 f berlin
 
2016 07-20-wp7-eclipse proposal
2016 07-20-wp7-eclipse proposal2016 07-20-wp7-eclipse proposal
2016 07-20-wp7-eclipse proposal
 
2016 07-20-wp4-q2 f2 f berlin
2016 07-20-wp4-q2 f2 f berlin2016 07-20-wp4-q2 f2 f berlin
2016 07-20-wp4-q2 f2 f berlin
 
2016 07-20-demo session
2016 07-20-demo session2016 07-20-demo session
2016 07-20-demo session
 
Data Ownership & Trust in the IoT
Data Ownership & Trust in the IoTData Ownership & Trust in the IoT
Data Ownership & Trust in the IoT
 
Adaptation: Iot is Art
Adaptation: Iot is ArtAdaptation: Iot is Art
Adaptation: Iot is Art
 
Art Event for AGILE 2017
Art Event for AGILE 2017Art Event for AGILE 2017
Art Event for AGILE 2017
 
The cellular network: a vital link in the world of drones
The cellular network: a vital link in the world of dronesThe cellular network: a vital link in the world of drones
The cellular network: a vital link in the world of drones
 
WP8 - Pilot – Testbed
WP8 - Pilot – TestbedWP8 - Pilot – Testbed
WP8 - Pilot – Testbed
 
WP8 Pilot Design, Execution & Evaluation
WP8 Pilot Design, Execution & EvaluationWP8 Pilot Design, Execution & Evaluation
WP8 Pilot Design, Execution & Evaluation
 

Último

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Delhi Call girls
 

Último (20)

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 

Security Research

  • 1. AGILE M18 Review, 20 October 2017, Brussels (Belgium) Security Research JUAN DAVID PARRA / UNI PASSAU / WP 5 LEADER 1
  • 2. Outline 1. Demo 2. Mapping within overall WP structure 3. Mapping within the overall Architecture 4. Goals of the Security Work Package 5. Research on Security Aspects for AGILE 6. Practical Security Aspects Relevant for AGILE 7. Security Implementation Status 8. Future Steps 2
  • 4. What the Demo is About •Role Based Access Control (by default) • Used to decide who can create entities • Who can set some attributes •Users can still have the possibility to define who can access their attributes • Credentials are only readable to the user itself • Administrators can set some attributes (such as role) 4
  • 5. Steps •We log in with two different users (an AGILE-LOCAL user and a Dropbox user) both registered with AGILE-IDM •We show how both have the possibility to add attributes to other users (buttons shown in the UI) •We show how even though the Dropbox user is admin, he cannot read the credentials from the agile-local user (default policies for credentials are meant for users only) •We show that after removing the admin role from the Dropbox user, he cannot set attributes and he cannot upgrade his privileges by setting himself as admin •After placing the role back to the Dropbox user, everything goes back to normal. 5
  • 8. Mapping to AGILE overall Work- Package structure 8
  • 10. Mapping to AGILE Architecture – Development View 10
  • 12. Goals of the Security Work Package 1. Provide authentication (internal and external applications) and Identity Management (IDM, Task 5.1) 2. Let users control by whom and under which circumstances their data is used (inside the gateway) (UC, Task 5.2) 3. Let users store data (outside of the gateway) while protecting confidentiality of their data as much as possible (DS, Task 5.3) 4. Provide security features in a flexible and understandable manner, such that pilots and gateway adopters can use them. (PS, Task 5.4) 12
  • 13. Research on Security Aspects for AGILE •Analyze where data is located in IoT scenarios based on a Perimeter •Perimeter contains trusted elements to process the data •Smaller Perimeter => More “paranoid” user Parra Juan, Schreckling Daniel and Posegga Joachim. Addressing Data-Centric Security Requirements for IoT-Based Systems. In 2016 International Workshop on Secure Internet of Things (SIoT), pages 1-10, September, 2016 13
  • 14. Practical Aspects Relevant for AGILE (P1, P2) Identity Management (IDM: Goal 1) – Delivered in M12 (D5.1)* •IDM needs to include the path from Devices to Visualization Device (including external systems) •To ease integration we should include external Identity Providers Delivered as AGILE Deliverable 5.1: First Prototype of the AGILE Identity Management System 14
  • 15. Practical Aspects Relevant for AGILE (P1, P2) Data Usage Control (UC: Goal 2) – To be Delivered in M20(D5.2) •Data must be declassified before being delivered to (internal or external) applications or systems. •Policies should be flexible enough to specify aspects related to previous access to the data to provide higher privacy guarantees (relates to diff. privacy) 15
  • 16. Practical Aspects Relevant for AGILE (P1, P2) Secure Data Sharing (DS: Goal 3) – To be Delivered in M24 (D5.3) Attempt to keep confidentiality guarantees: •Even when attackers have physical access to the gateway •Even when data is stored externally 16
  • 17. Practical Applications for AGILE (P1, P2) Pilot and Adopters Support (PS: Goal 4) – Task 5.4 •Strive to provide a security framework that is as generic as possible. •A generic attribute-based security framework is the way to go here. 17
  • 18. Security Implementation Status D5.1 [M12] D5.2 [M20] D5.3 [M24] D5.1. First Prototype of the AGILE Identity Management System D5.2 Usage Control and Provenance Management D5.3 Secure Data Sharing System D5.4 Pilot Integration M18 18
  • 19. Security Implementation Status Generic attribute-based IDM •Defines a generic security model based a generic entity schema (Goals: All) •Defines a security model based on read and write policies (and meta- policies) on entities’ attributes. (Goals: All) •Currently it is configured by default to do Role-based access control (admin and non admin users) (Goals: UC, PS) •Authentication supports external providers: Local Authentication , Dropbox, Github, Google, PAM, WebID. (Goals: DS, PS) (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) Delivered as AGILE Deliverable 5.1: First Prototype of the AGILE Identity Management System 19
  • 20. Security Implementation Status Integration with User Interface •Login functionality of Desktop-like framework integrated with IDM (Goals: IDM, PS) •Setting attributes in the Agile Control Panel (Goals: All, WP 4 Cloud Integration) •Visualization of Entities in the Agile Control Panel (Goals: All) •Registration of Devices as entities when they are paired with the gateway (Goals: All) (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) 20
  • 21. Security Implementation Status Integration with Developers UI (Node-RED) •Login information propagated to the Developer’s UI (Goals: All) •Accessing authentication information for currently authenticated user from Node-RED Workflows (Goals: IDM, WP 4 Cloud Integration) •Reading entity’s attributes such as Cloud Credentials from Node-RED Workflows (Goals: PS, WP 4 Cloud Integration) (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) 21
  • 22. Security Implementation Status Integration with the AGILE SDK •All security-relevant API calls are available through http and the agile- sdk (Goals: PS) (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) 22
  • 23. Progress after M18 (June 2017) Ongoing implementation of Usage Control (M20) Delivered in August* •Usage control is now integrated in a Policy Decision API as well as in IDM to decide policies on reading attributes based on the current user (Goals: All) •Provide generic ways to define policies on actions (performed on entities) (Goals: UC, PS) •Developed monitoring mechanisms to let users know when and by whom their data is being accessed (Goals: UC, PS) •Extend Data and Local Store component to track provenance of data subscriptions and information (Goals: UC, PS) Delivered as AGILE Deliverable 5.12 Usage Control and Provenance Management (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) 23
  • 24. Future Steps Task Time Span Status 5.1. Identity Management M4 - M 12 Delivered in time 5.2 Usage Control and Provenance M11 -M 20 Delivered in time (next review) 5.3 Secure Data Sharing M10 - M 24 Ongoing 5.4 Platform Integration M24 - M36 Ongoing 24
  • 26. Future Steps Beyond M18 (Backup slide) Secure Data Sharing (due in M24) •Integrate services to enable gateway applications to rely on encrypted external storage (Goals: DS, PS) •Develop further a Lightweight one-time token generation schema (Goals: DS, PS) •Make the security aspects of the User Interface more generic and improve them (Goals: PS) •Provide support to pilots and analyze additional features needed by them or the open call projects (Goals: PS) (IDM: Identity Management, UC: Usage Control, DS: Secure Data Sharing, PS: Pilot Support) 26
  • 27. Future Steps D5.1 [M12] D5.2 [M20] D5.3 [M24] D5.1. First Prototype of the AGILE Identity Management System D5.2 Usage Control and Provenance Management D5.3 Secure Data Sharing System D5.4 Pilot Integration MS1: Initial Design & Draft Framework MS2: Agile Framework Release and Initial Integration MS3: Agile Component Final Integration MS4: Agile Integration with External Clouds MS1[M9] MS2[M18] MS3[M24] MS5MS4[M30] 27

Notas do Editor

  1. Most interesting scenarios go up to P2