Intelligent Transport Systems - Telenor
Intelligent Transport Systems - Telenor
Intelligent Transport Systems - Telenor
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Figure 6 Access control<br />
132<br />
Initiator<br />
Access control<br />
Enforcement<br />
Function<br />
Target<br />
information:<br />
• identification<br />
• restrictions<br />
• conditions<br />
intruder masquerading as another network 4) .<br />
Until recently, this type of activity has been<br />
assumed to require economic and technical<br />
resources so that this type of security attack<br />
would not present any problem. This picture is<br />
changing: anyone can own and operate an Internet<br />
router and then by definition be a network<br />
operator.<br />
The configuration of an access control system<br />
is shown in Figure 6. We have introduced the<br />
terms initiator and target for the communicating<br />
entities. This terminology is often used in security<br />
literature and may represent users (persons,<br />
machines or software) or network elements<br />
requiring authorisation. The access control is<br />
distributed and it may consist of several entities.<br />
For simplicity (and in accordance with convention),<br />
the distributed system is represented as<br />
two entities only in the figure.<br />
The distributed entities of the access control system<br />
are called access control enforcement function<br />
and access control decision function. The<br />
access control enforcement function accepts or<br />
denies the call dependent on information<br />
received from the access control decision function.<br />
The access control decision function consists<br />
essentially of databases. The information<br />
required for this purpose is:<br />
• Initiator information includes secure identification<br />
of the initiator, restrictions and conditions<br />
related to the particular service and<br />
application. Identification may be enhanced<br />
by use of authentication of the initiator by<br />
simple passwords or tokens, or by cryptographic<br />
methods. Restrictions and conditions<br />
may be related to called numbers, constraints<br />
concerning the cost of the call, type of service<br />
and location of the user (in mobile systems).<br />
The restrictions and conditions are there to<br />
Request Decision<br />
Access control<br />
Decision<br />
Function<br />
Contextual information<br />
Policy rules<br />
Action rules<br />
Retained information<br />
Target information:<br />
• identification<br />
• restrictions<br />
• conditions<br />
protect the initiator and the network against<br />
illegitimate usage and attacks.<br />
• Target information is similar to the initiator<br />
information. The call is only allowed if the<br />
initiator information and the target information<br />
are not contradictory. For example, the<br />
initiator and the target are not interconnected<br />
if the initiator is allowed to call the target<br />
while the target is not allowed to receive calls<br />
from the initiator. This situation occurs if an<br />
unauthorised party (initiator) tries to access<br />
the protected part of a local network (target).<br />
• Contextual information can be time of access<br />
and location of initiator or target. One example<br />
is that the access conditions may be different<br />
if the initiator accesses the restricted system<br />
from a computer at the premises of the<br />
enterprise or from home.<br />
• Action rules are the conditions related to the<br />
action. For example, the target may either<br />
access a database for retrieving the information<br />
(read action) or for changing the information<br />
(write action). The read action may be<br />
open for everyone while the write action may<br />
be restricted to some users.<br />
• Retained information represents the outcome<br />
of previous access events. If the access has<br />
been denied before, this information can be<br />
used to deny new access to the same target<br />
without further analysis. The information may<br />
also be used to simplify subsequent accesses<br />
if other essential conditions have not changed<br />
from one access to the next.<br />
• Policy rules indicate which data and protection<br />
mechanisms are required for allowing the<br />
access, for example that the enterprise of the<br />
initiator will only allow access to targets that<br />
4) There have been attacks on public networks based on this lack of access control (also called blue-boxing and black-boxing). The masquerading utilises<br />
security weaknesses in old signalling systems such as Signalling System No 5. The motive has been cheap long distance calling.<br />
Telektronikk 1.2003