DLR-Logo -> http://www.dlr.de
DLR Portal Home | Imprint | Privacy Policy | Contact | Deutsch
Fontsize: [-] Text [+]

Identity and Access Management with GART (GSOC Access Request Tool)

Perera, Nadine (2017) Identity and Access Management with GART (GSOC Access Request Tool). In: 68th International Astronautical Congress 2017, IAC 2017. IAC, 2017-09-23 - 2017-09-29, Adelaide, Australien.

[img] PDF


Performing Identity and Access Management (IAM) for space mission ground systems is essential to ensure operational security. Establishing an IAM Tool (IAMT) in addition to a manual process is a powerful countermeasure to address cyber-security threats. Informing the mission managers at a glance which users currently have access to mission (IT) resources improves transparency and diminishes the risk for identity theft. For instance, transparency leads to a more prompt and strict deletion of users, who no longer need access to resources, thereby eliminating their login data as an attack surface. Access Management is demanded by information security regulations, e.g., ISO27001. Space operations companies need to show compliance with regulations, which require controls to enforce the need-to-know-principle. At the same time, organizations want to help users to gain quick and secure access to the (IT) resources they need. The observation of the defined process can be established much more efficiently by a tool than via a manual and error-prone organizational process. This paper describes the approach taken at GSOC to enforce the access management process for all ground systems by implementing an IAMT. A role-based workflow, governing (IT) resources, provides accountability and traceability in addition to transparency. The first implementation covers the physical door entry system and the OpenLDAP systems. Other directory services may be added in a modular fashion, e.g., DLR's Active Directory. Identity Management introduces transparency across a user's different access data, such as login names and passwords, in different directories within the organization. The more directories and heterogeneous types of resources exist in an organization, the more important it is to provide an overview of a user's accounts, passwords, and responsibilities, such as changing the password at regular intervals and choosing safe passwords according to different rule sets. Challenges for the approach were the multi-mission character of GSOC, since several missions share personnel and resources, and the integration of several directory services into one system, among them two separate OpenLDAP trees with overlapping user entries, and a physically separated database with door access information. Thanks to the established IAMT, access changes are recorded and traceable, both during the review process and afterwards. A future step is to use the IAMT to detect unauthorized changes in directories by regularly polling and comparing the data over time. The IAMT will generate a warning if changes are found without a corresponding approved request, for better control and monitoring of privileged users.

Item URL in elib:https://elib.dlr.de/116636/
Document Type:Conference or Workshop Item (Speech)
Title:Identity and Access Management with GART (GSOC Access Request Tool)
AuthorsInstitution or Email of AuthorsAuthor's ORCID iDORCID Put Code
Perera, NadineUNSPECIFIEDhttps://orcid.org/0000-0001-7845-0624UNSPECIFIED
Date:September 2017
Journal or Publication Title:68th International Astronautical Congress 2017, IAC 2017
Refereed publication:No
Open Access:Yes
Gold Open Access:No
In ISI Web of Science:No
Keywords:Access management, procedures, cyber security
Event Title:IAC
Event Location:Adelaide, Australien
Event Type:international Conference
Event Start Date:23 September 2017
Event End Date:29 September 2017
HGF - Research field:Aeronautics, Space and Transport
HGF - Program:Space
HGF - Program Themes:Space System Technology
DLR - Research area:Raumfahrt
DLR - Program:R SY - Space System Technology
DLR - Research theme (Project):R - Raumflugbetrieb / Kontrollzentrums-Technologie (old)
Location: Oberpfaffenhofen
Institutes and Institutions:Space Operations and Astronaut Training > Communication and Ground Stations
Space Operations and Astronaut Training > Mission Operations
Space Operations and Astronaut Training > Mobile Rocket Base
Deposited By: Perera, Dr. Nadine
Deposited On:06 Dec 2017 14:40
Last Modified:24 Apr 2024 20:21

Repository Staff Only: item control page

Help & Contact
electronic library is running on EPrints 3.3.12
Website and database design: Copyright © German Aerospace Center (DLR). All rights reserved.