Abstract
The widely use of advanced technologies in the sensor network and computing has facilitated the development of convenient pervasive applications in order to access information at anytime and anywhere. The traditional access control mechanisms cannot appropriately protect the access and usage of digital resources in the highly distributed and heterogeneous computing environment. In such an environment, enforcing continuously the access control policies during the access period is a challenge because traditional authorization decisions are generally made at the time of access requests but do not consider ongoing controls. Obligations are the vital part of many access control policies and they specify mandatory behavior that should be conducted by a user of the access control system in sensitive domains. Therefore, utilizing a mechanism to approve the fulfillment of the obligation is required for continuing or revoking the access decision. We leveraged the capability of Session Initiation Protocol (SIP) to manage the communication between entities in order to provide a mechanism to handle the continuous enforcement of the obligation. Meanwhile, we present several scenarios which indicate our proposed model can manage the obligatory behavior that affects the continuity of access to resources in pervasive computing environment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
eXtensible Access Control Markup Language (XACML), version 3.0, OASIS standard, January 2013. https://www.oasis-open.org/
Ardagna, C.A., Cremonini, M., Damiani, E., di Vimercati, S.D.C., Samarati, P.: Supporting location-based conditions in access control policies. In: ACM Symposium on Information, Computer and Communications Security, pp. 212–222. ACM (2006)
Cirani, S., Picone, M., Veltri, L.: A session initiation protocol for the internet of things. Sci. Int. J. Parallel Distrib. Comput. Scalable Comput. Pract. Experience 14(4), 249–263 (2015). SCPE
Damiani, M.L., Bertino, E., Silvestri, C.: An approach to supporting continuity of usage location-based access control. In: 12th IEEE International Workshop on Future Trends of Distributed Computing Systems, pp. 199–205. IEEE (2008)
Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data Knowl. Eng. 71(1), 127–147 (2012)
Feltus, C., Petit, M., Sloman, M.: Enhancement of business IT alignment by including responsibility components in RBAC. In: CAiSE 2010 Workshop Busital 10, Hammamet, Tunisia, pp. 61–75 (2010)
Gomez, L., Trabelsi, S.: Obligation based access control. In: Meersman, R. (ed.) On the Move to Meaningful Internet Systems: OTM 2014 Workshops. LNCS, vol. 8842, pp. 108–116. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45550-0_15
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., et al.: SIP: Session initiation protocol. RFC 3261 (2002). https://www.ietf.org/rfc/rfc3261.txt
Karopoulos, G., Mori, P., Martinelli, F.: Continuous authorizations in SIP with usage control. In: 20th Euromicro International Conference on Parallel, Distributed and Network-based Processing, pp. 283–287. IEEE (2012)
Karopoulos, G., Mori, P., Martinelli, F.: Usage control in SIP-based multimedia delivery. Comput. Secur. 39, 406–418 (2013). Elsevier
Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.P.: A general obligation model and continuity-enhanced policy enforcement engine for usage control. In: The 13th ACM symposium on Access Control Models and Technologies, pp. 123–132. ACM (2008)
Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: 13th ACM symposium on Access Control Models and Technologies, pp. 113–122. ACM (2008)
Li, N., Chen, H., Bertino, E.: On practical specification and enforcement of obligations. In: The second ACM conference on Data and Application Security and Privacy, pp. 71–82. ACM (2012)
Liscano, R., Dersingh, A., Jost, A.G., Hu, H.: Discovering and managing access to private services in collaborative sessions. IEEE Trans. Syst. Man Cybern. Part A: Syst. Hum. 36(6), 1086–1097 (2006). IEEE
Miskovic, V., Babic, D.: An architecture for pervasive healthcare system based on the IP multimedia subsystem and body sensor network. Facta Univ. Ser. Electron. Energetics 28(3), 439–456 (2015)
Park, J., Sandhu, R.: The UCON\(_{ABC}\) usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)
Ray, I., Toahchoodee, M.: A spatio-temporal role-based access control model. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 211–226. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73538-0_16
Sampemane, G., Naldur, P., Campbellg, R.H.: Access control for active spaces. In: 18th Annual Computer Security Applications Conference. ACM (2002)
Schulzrinne, H., Wedlund, E.: Application-layer mobility using SIP. Mob. Comput. Commun. Rev. 4(3), 47–57 (2000). ACM
Sharghi, H., Sartipi, K.: An expressive event-based language for representing user behavior patterns. J. Intell. Inf. Syst. 1–25 (2017). doi:10.1007/s10844-017-0456-5
Strembeck, M., Neumann, G.: An integrated approach to engineer and enforce context constraints in RBAC environments. ACM Trans. Inf. Syst. Secur. 7(3), 392–427 (2004). ACM
Toahchoodee, M.: Access control models for pervasive computing environments. Ph.D. thesis, Colorado State University, Fort Collins, Colorado (2010)
Toahchoodee, M., Abdunabi, R., Ray, I., Ray, I.: A trust-based access control model for pervasive computing applications. In: Gudes, E., Vaidya, J. (eds.) DBSec 2009. LNCS, vol. 5645, pp. 307–314. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03007-9_22
Ulltveit-Moe, N., Oleshchuk, V.: Enforcing mobile security with location-aware role-based access control. Secur. Commun. Netw. 9(5), 429–439 (2016). Wiley
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8(4), 351–387 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Sharghi, H., Liscano, R. (2017). Integrating Access Control Obligations in the Session Initiation Protocol for Pervasive Computing Environments. In: Aïmeur, E., Ruhi, U., Weiss, M. (eds) E-Technologies: Embracing the Internet of Things . MCETECH 2017. Lecture Notes in Business Information Processing, vol 289. Springer, Cham. https://doi.org/10.1007/978-3-319-59041-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-59041-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59040-0
Online ISBN: 978-3-319-59041-7
eBook Packages: Computer ScienceComputer Science (R0)