Fine-grained Access Control for Spatial Services ...enforcing the Need-to-Know Principle

1
Fine-grained Access Control for Spatial
Services...enforcing the Need-to-Know Principle

• Rüdiger Gartmann
• con terra GmbH, Münster, Germany

2
Public Safety Scenario Planning an Event

• Actors

3
User Groups
4
Access to All Information

• Planning team
• Event preparation
• Plan roadblocks, routes, evacuation scenarios,
  personnel...
• Assign areas for police, firefighters,
  paramedics, ...
• Control team
• Event monitoring
• Measuring of movements, reaction to incidents and
  emergencies, revision of plans, ...
• Management of emergency response teams
• Observation of surveillance cameras, location of
  suspects, ...

5
Access to Limited Information

• Technical preparation
• Create roadblocks, traffic control systems,
  barriers, ...
• Seal gully holes, check security measures, ...
• Emergency response teams
• Situation assessments
• Taking orders
• Status reports
• Finding places of accident
• Guidance, evacuation, protection...

6
Access to Public Information

• Tourists
• Plan their trips
• See whats going on
• Find friends
• Post information, photos, ...
• Get event notifications
• Threats
• Only access to public information

7
Security Levels vs. Need-To-Know

• Regardless of the security classification, access
  is only permitted if there is an actual need
• Planning team is allowed to see evacuation
  routes...
• Control team is allowed to use surveillance
  cameras...
• Poliecemen are allowed to report incidents...
• Paramedics are allowed to request ambulances...
• ...but only for the very event they are actually
  dealing with!

8
Authorisation Decision
Class 1 Class 2 Class 3 Class 4
Event A
Event B
Event C
Event D

• Information is classified
• Information is assigned to certain tasks
• Users are classified
• Users are assigned to certain roles (responsible
  for certain tasks)
• Access is granted, only if
• classification level matches and
• task/role assignment matches

9
Access Control to Spatial Content

• based on security.manager

10
Creating Policies

• Policy structure

Subject Resource Action Obligation
Subject Resource Action Obligation
Planning Team Evacuation Routes Area of Interest, Classification green
Subject Resource Action Obligation
Planning Team Places to inspect Area of Interest, Classification green
Policemen Places to inspect Check Area of Duty, Classification yellow

• System is deny-biased
• Everyone without explicit permissions is denied

11
Example Places to Inspect
12
Required Authorisation Capabilities
13
Authorisation of Services
14
Layer Authorisation
All layers
15
Feature Authorization
Classification yellow
All features
16
Authorise Functionalities
17
Spatial Restrictions
18
Thank you for your interest......and visit us
in the exhibition!

• Rüdiger Gartmannr.gartmann_at_conterra.de