Abstract
Current ubiquitous computing environments provide many kinds of information. This information may be accessed by different users under varying conditions depending on various contexts (e.g. location). These ubiquitous computing environments also impose new requirements on security. The ability for users to access their information in a secure and transparent manner, while adapting to changing contexts of the spaces they operate in is highly desirable in these environments. This paper presents a domain-based approach to access control in distributed environments with mobile, distributed objects and nodes. We utilize a slightly different notion of an object’s “view”, by linking its context to the state information available to it for access control purposes. In this work, we tackle the problem of hiding sensitive information in insecure environments by providing objects in the system a view of their state information, and subsequently manage this view. Combining access control requirements and multilevel security with mobile and contextual requirements of active objects allow us to re-evaluate security considerations for mobile objects. We present a middleware-based architecture for providing access control in such an environment and view-sensitive mechanisms for protection of resources while both objects and hosts are mobile. We also examine some issues with delegation of rights in these environments. Performance issues are discussed in supporting these solutions, as well as an initial prototype implementation and accompanying results.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Roman, G.C., Picco, G.P., Murphy, A.: A Software Engineering Perspective On Mobility. In: Future of Software Engineering, 22nd International Conference on Software Engineering, pp. 241–258 (2000)
Cardelli, L.: Abstractions for Mobile Computation. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 51–94. Springer, Heidelberg (1999)
Bell, D., LaPadula, L.: Secure Computer Systems: Unified Exposition and Multics Interpretation. Technical report, Mitre Corp, US (2001)
Agha, G.A.: ACTORS: A Model of Concurrent Computation in Distributed Systems. MIT Press, Cambridge (1986)
Venkatasubramanian, N., Talcott, C.: A Semantic Framework for Modeling and Reasoning about Reflective Middleware. IEEE Distributed Systems Online 2(6) (2001)
Wickramasuriya, J., Venkatasubramanian, N.: A Middleware Approach To Access Control For Mobile, Concurrent Objects. In: Meersman, R., Tari, Z., et al. (eds.) CoopIS 2002, DOA 2002, and ODBASE 2002. LNCS, vol. 2519, Springer, Heidelberg (2002)
Wickramasuriya, J., Venkatasubramanian, N.: A Directory Enabled Middleware Framework for Distributed Systems. In: IEEE International Workshop on Objectoriented Real-time Dependable Systems (WORDS 2003), Guadalajara, Mexico (2003)
Wickramasuriya, J., Venkatasubramanian, N.: Supporting Timely Revocation in Highly Mobile Environments. Technical report, Dept. of Infomation & Comp. Science, University of California, Irvine (2003)
Venkatasubramanian, N., Deshpande, M., Mohapatra, S., Gutierrez-Nolasco, S., Wickramasuriya, J.: Design and Implementation of a Composable Reflective Middleware Framework. In: Proc. of the 21st International Conference on Distributed Computing Systems, ICDCS (2001)
Howes, T., Wahl, S.K.M.: Lightweight Directory Access Protocol (v3). IETF RFC 2251 (1997)
Bettstetter, C.: Smooth is Better than Sharp: A Random Mobility Model for Simulation of Wireless Networks. In: ACM Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM), Rome, Italy (2001)
Qian, T.: Cherubim Agent Based Dynamic Security Architecture. Technical report, Department of Computer Science, University of Illinois at Urbana-Champaign (UIUC) (1998)
Campbell, R.H., Qian, T., Liao, W., Liu, Z.: Active Capability: A Unified Security Model for Supporting Mobile, Dynamic and Application Specific Delegation. Technical report, Department of Computer Science, University of Illinois at Urbana-Champaign (UIUC) (1996)
Murphy, A., Picco, G., Roman, G.C.: Lime: A Middleware for Physical and Logical Mobility. In: Proc. of the 21st International Conference on Distributed Computing Systems (ICDCS) (2001)
Hine, J.H., Yao, W., Bacon, J., Moody, K.: An Architecture for Distributed OASIS Services. In: Coulson, G., Sventek, J. (eds.) Middleware 2000. LNCS, vol. 1795, pp. 104–120. Springer, Heidelberg (2000)
Riechmann, T., Hauck, F.J.: Meta Objects for Access Control: Extending Capability-based Security. In: Proceedings of New Security Paradigms Workshop, Langdale, Cumbria, UK, pp. 17–22 (1997)
Wolfson, O., Sistla, P., Dao, S., Narayanan, K., Raj, R.: View Maintenance in Mobile Computing. In: SIGMOD RECORD (1995)
Bertino, E., Jajodia, S., Samarati, P.: Access Control in Object-oriented Database Systems: Some Approaches and Issues. In: Adam, N.R., Bhargava, B.K. (eds.) Advanced Database Systems. LNCS, vol. 759, pp. 17–44. Springer, Heidelberg (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wickramasuriya, J., Venkatasubramanian, N. (2004). Dynamic Access Control for Ubiquitous Environments. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems 2004: CoopIS, DOA, and ODBASE. OTM 2004. Lecture Notes in Computer Science, vol 3291. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30469-2_49
Download citation
DOI: https://doi.org/10.1007/978-3-540-30469-2_49
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23662-7
Online ISBN: 978-3-540-30469-2
eBook Packages: Springer Book Archive