Computer Security in 3D presented at ISSA 2015

by Christian damsgaard Jensen,

Summary : Computer Security has traditionally presumed the physical security of key components, i.e. that these
components are protected from tampering and that they can only be accessed through well-known channels using predefined
protocols (whether these protocols are also secure or simply well-defined is a separate issue). We traditionally
solve this requirement by locking up servers, gateways and routers in server rooms and provide individual offices for
access to sensitive material to reduce the risks of shoulder surfing. With the emergence of laptops, tablets and smart
phones, we have come to expect ubiquitous access to corporate resources, which breaks down the standard barriers of
physical security. This is exacerbated by the increasing reliance on open plan offices which effectively reduces the
confidentiality of that anything displayed on a monitor, either in the office or from any of the many locations from where
we work.
This talk examines the application of smart technologies to achieve situational awareness, through the use of sensors,
and enforce the security policies defined for the computer system in a physical environment. This allows the security
model to incorporate information about the physical environment and to explicitly define and enforce physical access
control policies for logical objects that have physical representations, e.g. confidential information displayed on a
monitor. An example of a context aware access control model, called Sensor Enhanced Access Control, is presented
along with new mechanisms, such as persistent authentication and device comfort, to support situational awareness in
a physical environment.