Risk-aware Data Usage Control

Distributed environments such as Internet of Things, have an increasing need of introducing access and usage control mechanisms, to manage the rights of performing specific operations and regulate the access to the plethora of information daily generated by an enormous network of interconnected devices. Defining policies which are specific to these distributed environments could be a challenging and tedious task, mainly due to the large set of attributes that should be considered, leading often to unforeseen conflicts or unconsidered conditions and misconfigurations. This thesis presents the study, design and implementation of a risk-aware security policy enforcement mechanism, which aims at providing a way of simplifying the process of writing, managing and enforcing security policies in highly dynamic and heterogeneous environments such as the Internet of Things. Usage Control model was exploited in order to allow the fine-grained policy based management of system resources, based on dynamic monitoring and evaluation of object, subject, and environmental attributes. The proposed mechanism is based on the construction of an hierarchy of the attributes which participate in the security policy, while the notion of risk is introduced by assigning a risk level to those attributes based on the values that they can acquire at the time of the access request or during the access session. Those risk values are then aggregated, aiming at computing one single risk value that is able to characterize the total risk of a given access request. The construction of the hierarchy and the assignment of the risk values are handled as a Multi-Criteria Decision Making problem and the utilized algorithms are the Analytic Hierarchy Process, the fuzzy Analytic Hierarchy Process and a variation of TOPSIS. This single value can then be utilized in order to define one-attribute policies, which lessens both the evaluation time and the coding complexity, avoiding thus potential errors during the policy writing process. Moreover, this study presents the integration of the risk-aware Usage Control framework to a Software-Defined Network architecture and the validation of the proposed solution through its application to a Smart Building environment. The conducted experiments have shown that the evaluation time was decreased significantly by the use of one-attribute policies while at the same time the final decision of granting or denying the access was in most of the cases the same as the one that would have been made evaluating a policy which contains the full range of attributes. In addition, with respect to the integration of the framework to the Software-Defined Networks, the achieved timings of installing or revoking a traffic flow do not present an overhead able to compromise the user's experience or the network processes, proving thus a proof of the feasibility of the proposed solution. Last but not least, this thesis presents the application of a risk-aware security policy enforcement mechanism in constrained and dynamic networks based on a combination of Attribute Based and Role Based access control. The framework exploits and combines the benefits of those two models and enhances them with the possibility of considering and evaluating risk-aware policies.