Trusted Architecture for Trusted Architecture for Securely Shared Services Securely Shared Services Four Layers to Build a Four Layers to Build a Trusted Architecture Trusted Architecture Danny De Cock K.U.Leuven ESAT/COSIC Danny.DeCock@esat.kuleuven.be Slides available from: http://godot.be/slides Info: tas3@ls.kuleuven.be 1
What is TAS 3 About? What is TAS About? � TAS 3 is an FP7 Integrated Project focusing identity management ◦ 4 years, starting 1 January 2008 � Consolidating scattered research in ◦ Security, Trust, Privacy, Digital identities, Authorization, Authentication… � Integrating adaptive business-driven end2end trust services based on personal information: ◦ Semantic integration of Security, Trust, Privacy components � Application-level end2end use & exchange of personal data …”a dynamic view on distributed data”… 2
TAS 3 – 18 Partners TAS 18 Partners � Coordinators: ◦ K.U.Leuven & Synergetics � 9 Research Institutes: ◦ Universities of Eindhoven, Karlsruhe, Kent, Koblenz- Landau, Leuven, Nottingham, Brussel, Zaragoza ◦ Consiglio Nazionale delle Ricerche � 9 Companies & Organizations: ◦ Custodix, Eifel ASBL, Intalio Ltd, Kenteq, Medisoft, Oracle, Risaris Ltd, SAP Research, Synergetics 3
Generic TAS 3 Architecture Generic TAS Architecture � Focuses on adaptable business-driven trust services � Enforcement of data protection policies � User-centric trust policy management � Generic architecture instantiated into two environments: ◦ Employability use case ◦ Personal Healthcare Records & Patient self- management 4
High-level Process Flow High-level Process Flow Service Provider Identity 5. SP requests additional Provider user attributes Service Provider 4,6. 1. User authenticates himself and Validates 2. User obtains corresponding credentials service request PEP 3. User requests service 7. User accesses service PDP User Authentication Tokens Access control is based on (smart card smart card, , Mobile Level of Assurance (LoA) phone, uid/pwd) Higher LoA ⇒ Higher authorisation 5
Support for Cross-Sector Support for Cross-Sector Adaptable Business Processes! Adaptable Business Processes! L 3 M 11 11 L 4 M 10 L 2 M 8 L 1 10 M 2 L 5 M 12 12 M 3 Sector L Sector L M 1 M 4 K 4 K 1 M 6 M 9 K 3 M 7 K 5 K 2 M 5 Sector K Sector K Sector M Sector M 6
TAS TAS 3 ’s 4 Layers ’s 4 Layers � Layer 1 – Authentication ◦ Federated identities � Layer 2 – Authorization ◦ Federated attributes � Layer 3 – Compliance with Trustworthiness profile ◦ End-user controlled ◦ Fine-grained role-based � Layer 4 – Compliance with Data-protection regulation ◦ Sticky policies associated with information elements 7
TAS 3 ’s 4 Layers TAS ’s 4 Layers Brokers Federation Brokers Federation Identity Identity Trust Trust Management Management Policies Policies Brokers Brokers Brokers Brokers Service Service Authorization Authorization Policies Policies Brokers Brokers Service Requester Service Requester Service Provider Service Provider 8
TAS TAS 3 ’s 4 Layers ’s 4 Layers Brokers Federation Brokers Federation Trust Trust Identity Identity Policy Policy Management Management Identity Identity Trust Trust Helpers Helpers Helpers Helpers Policies Policies Management Management Brokers Brokers Brokers Brokers Audit Audit Guard Guard Service Service Trust Trust Authenticity Authenticity Authorization Authorization Guard Guard Guard Guard Policies Policies Entry Entry Exit Exit Brokers Brokers (1) (1) (4) (4) Point Point Point Point Service Requester Service Requester Service Provider Service Provider Service Service Trust Trust Identity Identity Authorization Authorization Audit Audit Management Management Policy Policy Policy Policy Guard Guard Helpers Helpers Helpers Helpers Helpers Helpers Service Service Authenticity Authenticity Trust Trust Services Services Authorization Authorization Guard Guard Guard Guard Engine Engine Guard Guard (2) (2) 9 (3) (3)
TAS TAS 3 ’s 4 Layers ’s 4 Layers Brokers Federation Brokers Federation Trust Trust Identity Identity Policy Policy Management Management Identity Identity Trust Trust Helpers Helpers Helpers Helpers Policies Policies Management Management Brokers Brokers Brokers Brokers Audit Audit Guard Guard Service Service Trust Trust Authenticity Authenticity Authorization Authorization Guard Guard Guard Guard Policies Policies Entry Entry Exit Exit Brokers Brokers (1) (1) (4) (4) Point Point Point Point Service Requester Service Requester Service Provider Service Provider Service Service Trust Trust Identity Identity Authorization Authorization Audit Audit Management Management Policy Policy Policy Policy Guard Guard Helpers Helpers Helpers Helpers Helpers Helpers Service Service Authenticity Authenticity Trust Trust Services Services Authorization Authorization Guard Guard Guard Guard Engine Engine Guard Guard (2) (2) 10 (3) (3)
Layer 1 – Layer 1 – Authentication & Authentication & Level of Assurance (LoA) Level of Assurance (LoA) � Federated identity management model ◦ E.g., Shibboleth, Liberty Alliance, CardSpace… LoA 4+ Setting access policies (qualified plus biometric) LoA 4 Sensitive medical records (e.g. HIV), Consultant notes containing opinions. (qualified cert with smart card EAL4+) Ability to Break the Glass. Bank to bank transfers LoA 3 Patient confidential records (non- sensitive) (2-factor authentication, non-qualified cert, EAL4 smart card) LoA 2 Some Internet banking applications (one time password) System administration LoA 1 Retrieve degree certificate. Completing public service employment application (uid/password, Verisign Class 1 cert) LoA 0 Public data (no authentication) 11
Layer 2 – Layer 2 – Authorization Authorization Policy Enforcement Point Policy Enforcement Point Service Provider Service Provider Joe Joe 6 6 Execute Execute OK OK 1 1 Service Y Service Y Execute Service Y Execute Service Y Check Policy Compliance � � Check Policy Compliance � � Permit / Deny Service Request Permit / Deny Service Request 5 5 2 2 Authorization Domain Authorization Domain 3 3 4 4 Retrieve Relevant Retrieve Relevant Retrieve Policy Retrieve Policy Policies Policies Validation Information Validation Information Policy Policy Policy Decision Point Policy Decision Point Information Information Policy Access Point Policy Access Point Point Point 12
Level 3 – Level 3 – Trustworthiness rustworthiness Joe Joe Joe ‘s Trust Guard Joe ‘s Trust Guard Service Service Providers Providers 1 1 Which SPs would I Trust? � Which SPs would I Trust? � A A � � A & D A & D 6 6 B B C C D D � � Trustworthiness of SPs A-D Trustworthiness of SPs A-D Analyze Trustworthiness of SPs A-D � Analyze Trustworthiness of SPs A-D � 2 2 5 5 Trust Policies Broker Trust Policies Broker Trust Policies Helpers Trust Policies Helpers Fetch Joe’s Fetch Joe’s Read Trust Read Trust Trust Policies Trust Policies Newspaper Newspaper Trust Trust 3 3 4 4 Information Information Trust Decision Helper Trust Decision Helper Collector Collector Trust Domain Trust Domain 13
Level 4 – Compliance with Data Level 4 – ompliance with Data Protection Regulation Protection Regulation Data Protection Policy Guard Data Protection Policy Guard Services Engine Services Engine Joe Joe 6 6 Execute Execute OK OK Authentic Authentic 1 1 Action Z Action Z Data Data Execute Action Z Execute Action Z Repository Repository Check Policy Compliance � � Check Policy Compliance � � Permit / Deny Action Permit / Deny Action 2 2 5 5 Data Protection Domain Data Protection Domain 3 3 4 4 Retrieve Relevant Retrieve Relevant Retrieve Policy Retrieve Policy Policies Policies Validation Information Validation Information Policy Policy Policy Decision Point Policy Decision Point Information Information Policy Access Point Policy Access Point Point Point 14
TAS 3 – Break the Glass Service TAS reak the Glass Service 1. (6). Access patient record Policy Policy 2. Denied 8. Granted Enforcement Decision 3. Break the Glass Point Point 5. Granted 7. Retrieve Record Obligations Patient Service � Break-the-Glass service Record ◦ Only activated after strong authentication 4. Enforce Data ◦ Triggers advanced & fine Protection Policy grained monitoring Data Protection ◦ Audit trail provides hard Audit evidence Policy Guard Trail 15
TAS 3 Phased Approach TAS Phased Approach Phase II Phase I Phase III Requirements Analysis Update of Requirements System Design / Architect . Def. Update of System Design / Architecture Definition Final Baseline Setup Development I Development II Development III Docum . Test bed Test bed Test bed Test Bed Setup phaseI phaseII phaseIII increasing functionality as well as deepness of integration Final Versions of all TAS³ services services AdvancedVersions of all TAS³ services services services services services First Versions of all TAS³ services 6 M 12 M 18 M 24 M 30 M 36 M 42 M 48 M 16
Questions? Questions? � Email: ◦ Danny.DeCock@esat.kuleuven.be ◦ tas3@ls.kuleuven.be � Slides: ◦ http://godot.be/slides 17
Recommend
More recommend
