elib
DLR-Header
DLR-Logo -> http://www.dlr.de
DLR Portal Home | Imprint | Privacy Policy | Contact | Deutsch
Fontsize: [-] Text [+]

Identity and Access Management with GART (GSOC Access Request Tool)

Perera, Nadine (2017) Identity and Access Management with GART (GSOC Access Request Tool). In: 68th International Astronautical Congress 2017, IAC 2017. IAC, 23.-29.09.2017, Adelaide, Australien.

[img] PDF
267kB

Abstract

Performing Identity and Access Management (IAM) for space mission ground systems is essential to ensure operational security. Establishing an IAM Tool (IAMT) in addition to a manual process is a powerful countermeasure to address cyber-security threats. Informing the mission managers at a glance which users currently have access to mission (IT) resources improves transparency and diminishes the risk for identity theft. For instance, transparency leads to a more prompt and strict deletion of users, who no longer need access to resources, thereby eliminating their login data as an attack surface. Access Management is demanded by information security regulations, e.g., ISO27001. Space operations companies need to show compliance with regulations, which require controls to enforce the need-to-know-principle. At the same time, organizations want to help users to gain quick and secure access to the (IT) resources they need. The observation of the defined process can be established much more efficiently by a tool than via a manual and error-prone organizational process. This paper describes the approach taken at GSOC to enforce the access management process for all ground systems by implementing an IAMT. A role-based workflow, governing (IT) resources, provides accountability and traceability in addition to transparency. The first implementation covers the physical door entry system and the OpenLDAP systems. Other directory services may be added in a modular fashion, e.g., DLR's Active Directory. Identity Management introduces transparency across a user's different access data, such as login names and passwords, in different directories within the organization. The more directories and heterogeneous types of resources exist in an organization, the more important it is to provide an overview of a user's accounts, passwords, and responsibilities, such as changing the password at regular intervals and choosing safe passwords according to different rule sets. Challenges for the approach were the multi-mission character of GSOC, since several missions share personnel and resources, and the integration of several directory services into one system, among them two separate OpenLDAP trees with overlapping user entries, and a physically separated database with door access information. Thanks to the established IAMT, access changes are recorded and traceable, both during the review process and afterwards. A future step is to use the IAMT to detect unauthorized changes in directories by regularly polling and comparing the data over time. The IAMT will generate a warning if changes are found without a corresponding approved request, for better control and monitoring of privileged users.

Item URL in elib:https://elib.dlr.de/116636/
Document Type:Conference or Workshop Item (Speech)
Title:Identity and Access Management with GART (GSOC Access Request Tool)
Authors:
AuthorsInstitution or Email of AuthorsAuthors ORCID iD
Perera, Nadinenadine.perera (at) dlr.dehttps://orcid.org/0000-0001-7845-0624
Date:September 2017
Journal or Publication Title:68th International Astronautical Congress 2017, IAC 2017
Refereed publication:No
Open Access:Yes
Gold Open Access:No
In SCOPUS:No
In ISI Web of Science:No
Status:Published
Keywords:Access management, procedures, cyber security
Event Title:IAC
Event Location:Adelaide, Australien
Event Type:international Conference
Event Dates:23.-29.09.2017
Organizer:IAF
HGF - Research field:Aeronautics, Space and Transport
HGF - Program:Space
HGF - Program Themes:Space Technology
DLR - Research area:Raumfahrt
DLR - Program:R SY - Technik für Raumfahrtsysteme
DLR - Research theme (Project):R - Raumflugbetrieb / Kontrollzentrums-Technologie
Location: Oberpfaffenhofen
Institutes and Institutions:Space Operations and Astronaut Training > Communication and Ground Stations
Space Operations and Astronaut Training > Mission Operations
Space Operations and Astronaut Training > Mobile Rocket Base
Deposited By: Perera, Dr. Nadine
Deposited On:06 Dec 2017 14:40
Last Modified:31 Jul 2019 20:14

Repository Staff Only: item control page

Browse
Search
Help & Contact
Information
electronic library is running on EPrints 3.3.12
Copyright © 2008-2017 German Aerospace Center (DLR). All rights reserved.