Skip to main content

Security Policy Model for Ubiquitous Social Systems

  • Conference paper
  • First Online:
Modeling and Using Context (CONTEXT 2017)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 10257))

  • 1095 Accesses

Abstract

Ubiquitous social systems encompass ubiquitous computing, enterprise mobility and consumerization of IT, amplifying the threats associated to these fields. Context-aware security systems have been proposed as solutions for many of these threats. We argue that policy models used by these systems are not suitable for ubiquitous social systems. They lack of sufficient abstractions for specification and analysis of security policies and unnecessarily burden them with context reasoning rules. This can compromise the correctness of security policies and the performance of security systems. To address these issues, we propose a security policy model for ubiquitous social systems. The model defines all possible contextual information as policy abstractions, enabling clear and precise analysis of how they influence access control. Moreover, it takes into account the social related aspect and introduces an object life cycle. As a result, our model provides more intuitive abstractions and facilitates policy specification and context-aware security provisioning.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Security property is a quality that describes a resource or its usage, with respect to the objectives of security, i.e., confidentiality, integrity and availability.

  2. 2.

    Examples of social domains are family or research department, whereas examples of social groups are their particular realization.

  3. 3.

    Participant is an entity involved in an activity by consuming or generating resources, whereas observer is an entity that can monitor an activity which is being performed.

  4. 4.

    Asset is a resource assigned to a social group, or an entity defined as its member. Entities are assets as they are responsible for achieving the social group goals.

  5. 5.

    Since continuous activities and current security contexts are activities and security contexts, respectively, they are represented through these abstractions on the figure.

  6. 6.

    Since activating applications has different security implications than activating data and channels, we use two activity types in order to control them separately.

  7. 7.

    Since subjects are objects, this implies that Org also includes origins of subjects.

  8. 8.

    Destroy activity as not continuous, because its effect over the involved object does not exist, as the object is destroyed after its execution.

  9. 9.

    One entity acts both as user and participant in an activity. In the former case, it initiates the activity, whereas in the latter it participates in it.

  10. 10.

    Since people are often part of a single social group from a social domain, we refer to social groups by their domains, e.g., work is ACME1 and home is Alice’s family.

  11. 11.

    As explained in [8], the public social group is default and contains all entities.

  12. 12.

    The values of the association and setting will also change, since there are public group members around.

References

  1. Bai, G., Gu, L., Feng, T., Guo, Y., Chen, X.: Context-aware usage control for Android. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICSSITE, vol. 50, pp. 326–343. Springer, Heidelberg (2010). doi:10.1007/978-3-642-16161-2_19

    Chapter  Google Scholar 

  2. Bettini, C., Brdiczka, O., Henricksen, K., Indulska, J., Nicklas, D., Ranganathan, A., Riboni, D.: A survey of context modelling and reasoning techniques. Pervasive Mob. Comput. 6(2), 161–180 (2010)

    Article  Google Scholar 

  3. Bonatti, P., Galdi, C., Torres, D.: ERBAC: Event-driven RBAC. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, pp. 125–136. ACM (2013)

    Google Scholar 

  4. Covington, M.J., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT 2001, pp. 10–20. ACM (2001)

    Google Scholar 

  5. Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008)

    Article  MATH  Google Scholar 

  6. Dey, A.K.: Understanding and using context. Pers. Ubiquit. Comput. 5(1), 4–7 (2001)

    Article  Google Scholar 

  7. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)

    Article  Google Scholar 

  8. Jovanovikj, V., Gabrijelčič, D., Klobučar, T.: A conceptual model of security context. Int. J. Inf. Secur. 13(6), 571–581 (2014)

    Article  Google Scholar 

  9. Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT 2008, pp. 113–122. ACM (2008)

    Google Scholar 

  10. Mostefaoui, G.K.: Towards a conceptual and software framework for integrating context-based security in pervasive environments. Ph.D. thesis, University of Fribourg (2004)

    Google Scholar 

  11. Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(1), 128–174 (2004)

    Article  Google Scholar 

  12. Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: Proteus: A semantic context-aware adaptive policy model. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2007, pp. 129–140. IEEE Computer Society (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Vladimir Jovanovikj .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Jovanovikj, V., Gabrijelčič, D., Klobučar, T. (2017). Security Policy Model for Ubiquitous Social Systems. In: Brézillon, P., Turner, R., Penco, C. (eds) Modeling and Using Context. CONTEXT 2017. Lecture Notes in Computer Science(), vol 10257. Springer, Cham. https://doi.org/10.1007/978-3-319-57837-8_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-57837-8_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-57836-1

  • Online ISBN: 978-3-319-57837-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics