Summary
Effective delivery of location-based services (LBS) requires efficient processing of access requests to find the past, present and future location of the mobile customers (or moving objects) that match a certain profile. However, this gives rise to a number of security and privacy concerns because LBS may need to locate and track a mobile customer, and gain access to his/her profile. Location information has the potential to allow an adversary to physically locate a person, and user profile information may include sensitive attributes such as name, address, linguistic preference, age group, income level, marital status, education level, etc. As such, mobile customers have legitimate concerns about their personal safety, if such information should fall into the wrong hands. One way to take these concerns into account is by establishing security policies and enforcing them for every access. A comprehensive security policy can encode spatiotemporal restrictions on access to location and profile. To incorporate security, an appropriate access control mechanism must be in place to enforce the authorization specifications reflecting the above security and privacy policies. Serving an access request requires to search for the desired moving objects that satisfy the query, as well as identify and enforce the relevant security policies.
While this solves the security problem, it creates a performance problem. Often, enforcing security incurs overhead, and as a result may degrade the performance of a system. Thus, one way to alleviate this problem and to effectively serve access requests, is to efficiently organize the mobile objects, authorizations as well as mobile customers’ profiles. The key insight is to realize that a lot of duplicate work is performed while searching for the relevant authorizations and mobile objects. In this book chapter, we present the different solutions proposed by researchers in a response to address the above issue. The solutions specifically propose unified index schemes for organizing moving object data, authorizations and profiles of users.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Active Badge Next Generation Applications. http://www.cs.agh.edu.pl/ABng/applications.html
V. Atluri, Mobile Commerce, in The Handbook of Computer Networks, Volume III Distributed Networks, Network Planning, Control, Management and Applications, Part 3: Computer Network Popular Applications, John Wiley & Sons, to appear.
V. Atluri and S. Chun. An authorization model for geospatial data. IEEE Trans. Dependable Sec. Comput., 1(4):238-254, 2004.
V. Atluri and Q. Guo. Unified index for mobile object data and authorizations. In ESORICS, pages 80-97, 2005.
V. Atluri and H. Shin. Efficient Enforcement of Security Policies based on Tracking of Mobile Users. In DBSec, pages 237-251, 2006.
V. Atluri and H. Shin. Efficient Security Policy Enforcement in a Location Based Service Environment. In DBSec, 2007.
V. Atluri, H. Shin, and J. Vaidya. Efficient Security Policy Enforcement for the Mobile Environment. Journal of Computer Security. Submitted under review.
A. Guttman. R-trees: a dynamic index structure for spatial searching. Proceedings of the 1984 ACM SIGMOD international conference on Management of data, June 18-21, 1984, Boston, MA.
J. Moreira, C. Ribeiro, and T. Abdessalem. Query operations for moving objects database systems. In proceedings of the eighth ACM international symposium on Advances in geographic information systems, ACM Press, pages 108-114, 2000.
M. Pelanis, S. Saltenis, and C.S. Jensen. Indexing the past, present and anticipated future positions of moving objects. TIMECENTER Technical Report TR-78, 2004.
S. Saltenis, C.S. Jensen, S.T. Leutenegger, and M.A. Lopez. Indexing the positions of continuously moving objects. In SIGMOD Conference, pages 331-342, 2000.
A. P. Sistla, O. Wolfson, S. Chamberlain, and S. Dao. Modeling and Querying Moving Objects. In Proceedings of the Thirteenth international Conference on Data Engineering, pages 422-432, 1997.
V. Venkatesh, V. Ramesh, Anne P. Massey, Understanding usability in mobile commerce, Communications of the ACM, Volume 46, Issue 12, December 2003.
R. Want, A. Hopper, V. Falcao, and J. Gibbons. The active badge location system. ACM Trans. Inf. Syst. 10, 1, pages 91-102, 1992.
O. Wolfson, B. Xu, S. Chamberlain, and L. Jiang. Moving objects databases: Issues and solutions. In Rafanelli, M., Jarke, M., eds. 10th International Conference on Scientic and Statistical Database Management, Proceedings, Capri, Italy, July 1-3, 1998, IEEE Computer Society, pages 111-122, 1998.
M. Youssef, V. Atluri and N. R. Adam . Preserving Mobile Customer Privacy: An Access Control System for Moving Objects and Customer Profiles, In Proceedings of the 6th International Conference on Mobile Data Management (MDM) 2005.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media, LLC.
About this chapter
Cite this chapter
Atluri, V., Shin, H. (2008). Efficiently Enforcing the Security and Privacy Policies in a Mobile Environment. In: Gertz, M., Jajodia, S. (eds) Handbook of Database Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-48533-1_23
Download citation
DOI: https://doi.org/10.1007/978-0-387-48533-1_23
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-48532-4
Online ISBN: 978-0-387-48533-1
eBook Packages: Computer ScienceComputer Science (R0)