Abstract
With the growing use of wireless networks and mobile devices, we are moving towards an era where location information will be necessary for access control. The use of location information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, a formal model for location-based access control is needed that increases the security of the application and ensures that the location information cannot be exploited to cause harm. In this paper, we show how the Role-Based Access Control (RBAC) model can be extended to incorporate the notion of location. We show how the different components in the RBAC model are related with location and how this location information can be used to determine whether a subject has access to a given object. This model is suitable for applications consisting of static and dynamic objects, where location of the subject and object must be considered before granting access.
This material is based upon work funded by AFOSR under Award No. FA9550-04-1-0102.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: A Spatially Aware RBAC. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden (June 2005)
Covington, M.J., Fogla, P., Zhan, Z., Ahamad, M.: A Context-Aware Security Architecture for Emerging Applications. In: Proceedings of the Annual Computer Security Applications Conference, Las Vegas, NV, USA, December 2002, pp. 249–260 (2002)
Covington, M.J., Long, W., Srinivasan, S., Dey, A., Ahamad, M., Abowd, G.: Securing Context-Aware Applications Using Environment Roles. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, Chantilly, VA, USA, May 2001, pp. 10–20 (2001)
Denning, D.E., MacDoran, P.F.: Location-Based Authentication: Grounding Cyberspace for Better Security. In: Computer Fraud and Security. Elsevier Science Ltd., Amsterdam (1996)
Hengartner, U., Steenkiste, P.: Implementing Access Control to People Location Information. In: Proceeding of the SACMAT 2004, Yorktown Heights, California,USA (June 2004)
Leonhardt, U., Magee, J.: Security Consideration for a Distributed Location Service. In: Imperial College of Science, Technology and Medicine, London, UK (1997)
Potter, B., Sinclair, J., Till, D.: An Introduction to Formal Specification and Z. Prentice-Hall, New York (1991)
Ray, I., Yu, L.: Short Paper: Towards a Location-Aware Role-Based Access Control Model. In: Proceedings of the IEEE Conference on Security and Privacy for Emerging Areas in Communications Network, Athens, Greece (September 2005)
Sampemane, G., Naldurg, P., Campbell, R.H.: Access Control for Active Spaces. In: Proceedings of the Annual Computer Security Applications Conferences, Las Vegas, NV, USA, December 2002, pp. 343–352 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ray, I., Kumar, M., Yu, L. (2006). LRBAC: A Location-Aware Role-Based Access Control Model. In: Bagchi, A., Atluri, V. (eds) Information Systems Security. ICISS 2006. Lecture Notes in Computer Science, vol 4332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11961635_10
Download citation
DOI: https://doi.org/10.1007/11961635_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68962-1
Online ISBN: 978-3-540-68963-8
eBook Packages: Computer ScienceComputer Science (R0)