Abstract
Inter-organizational exchange of information about physical objects that is automatically gathered using RFID can increase the traceability of goods in complex supply chains. With the EPCIS specification, a standard for RFID-based events and respective information system interfaces is available. However, it does not address access control in detail, which is a prerequisite for secure information exchange. We propose a novel rule-based, context-aware policy language for describing access rights on large sets of EPCIS Events. Furthermore, we discuss approaches to enforce these policies and introduce an efficient enforcement mechanism based on query recomposition and its prototypical implementation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Agrawal, R., Cheung, A., Kailing, K., Schönauer, S.: Towards Traceability across Sovereign, Distributed RFID Databases. In: IDEAS 2006: Proceedings of the 10th International Database Engineering and Applications Symposium, Washington, DC, USA, pp. 174–184. IEEE Computer Society, Los Alamitos (2006)
Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Inc., New York (2001)
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A Temporal Role-Based Access Control Model. In: RBAC 2000: Proceedings of the fifth ACM workshop on Role-based access control, pp. 21–30. ACM Press, New York (2000)
Bornh”ovd, C., Lin, T., Haller, S., Schaper, J.: Integrating Automatic Data Acquisition with Business Processes – Experiences with SAP’s Auto-ID Infrastructure. In: Proceedings of the 30th International Conference on Very Large Data Bases, pp. 1182–1188 (2004)
Browder, K., Davidson, M.A.: The Virtual Private Database in Oracle9iR2. In: Oracle Technical White Paper, Oracle Corporation, 500 Oracle Parkway, Redwood Shores, CA 94065, U.S.A (January 2002)
De Capitani di Vimercati, S., Samarati, P.: Access Control in Federated Systems. In: NSPW 1996: Proceedings of the 1996 workshop on New security paradigms, pp. 87–99. ACM Press, New York (1996)
Do, H.-H., Anke, J., Hackenbroich, G.: Architecture Evaluation for Distributed Auto-ID Systems. In: Bressan, S., Küng, J., Wagner, R. (eds.) DEXA 2006. LNCS, vol. 4080, pp. 30–34. Springer, Heidelberg (2006)
EPCglobal Inc. EPC Information Services (EPCIS) Version 1.0 Specification (April 2007), http://www.epcglobalinc.org/standards/EPCglobal_EPCIS_Ratified_Standard_12April_2007_V1.0.pdf
Ferraiolo, D.F., Kuhn, D.R.: Role-based access controls. In: 15th National Computer Security Conference, Baltimore, MD, pp. 554–563 (October 1992)
Floerkemeier, C., Lampe, M., Roduner, C.: Facilitating RFID Development with the Accada Prototyping Platform. In: Proceedings of PerWare Workshop 2007 at IEEE International Conference on Pervasive Computing and Communications, New York, USA (March 2007)
Garfinkel, S., Juels, A., Pappu, R.: RFID Privacy: An Overview of Problems and Proposed Solutions. IEEE Security and Privacy 3(3), 34–43 (2005)
Groba, C., Groß, S., Springer, T.: Context-Dependent Access Control for Contextual Information. In: ARES 2007: Proceedings of the The Second International Conference on Availability, Reliability and Security, Washington, DC, USA, pp. 155–161. IEEE Computer Society, Los Alamitos (2007)
Grummt, E., Ackermann, R.: Proof of Possession: Using RFID for large-scale Authorization Management. In: Proceedings of the European Conference on Ambient Intelligence, Darmstadt, Germany (November 2007)
Grummt, E., Müller, M., Ackermann, R.: Access Control: Challenges and Approaches in the Internet of Things. In: Proceedings of the IADIS International Conference WWW/Internet 2007, Vila Real, Portugal, vol. 2, pp. 89–93 (October 2007)
Vincent, C., Hu, D.F.: Ferraiolo, and D. Rick Kuhn. Assessment of Access Control Systems. Interagency Report 7316, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930 (September 2006)
Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J.: Context sensitive access control. In: SACMAT 2005: Proceedings of the tenth ACM symposium on Access control models and technologies, pp. 111–119. ACM Press, New York (2005)
Juels, A.: RFID Security and Privacy: A Research Survey. IEEE Journal on Selected Areas in Communication 24(2), 381–394 (2006)
Lampson, B.: Protection. In: Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pp. 437–443. Princeton University, Princeton (1971)
LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Limiting Disclosure in Hippocratic Databases. In: Proceedings of the 30th International Conference on Very Large Data Bases, Toronto, Canada, pp. 108–119 (August 2004)
Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First Experiences Using XACML for Access Control in Distributed Systems. In: XMLSEC 2003: Proceedings of the 2003 ACM workshop on XML security, pp. 25–37. ACM Press, New York (2003)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J., Ribagorda, A.: RFID Systems: A Survey on Security Threats and Proposed Solutions. In: Cuenca, P., Orozco-Barbosa, L. (eds.) PWC 2006. LNCS, vol. 4217, pp. 159–170. Springer, Heidelberg (2006)
Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. Proceedings of the IEEE 63, 1278–1308 (1975)
Sarma, S.: Integrating RFID. ACM Queue 2, 50–57 (2004)
Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: ACM 1974: Proceedings of the 1974 annual conference, pp. 180–186. ACM Press, New York (1974)
Sybase, Inc. New Security Features in Sybase Adaptive Server Enterprise. Technical Whitepaper (2003)
Tim Moses (Editor). eXtensible Access Control Markup Language (XACML) Version 2.0 (February 2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
Traub, K., Allgair, G., Barthel, H., Burstein, L., Garrett, J., Hogan, B., Rodrigues, B., Sarma, S., Schmidt, J., Schramek, C., Stewart, R., Suen, K.: The EPCglobal Architecture Framework – EPCglobal Final Version of 1 July 2005 (July 2005), http://www.epcglobalinc.org/standards/Final-epcglobal-arch-20050701.pdf
Wang, F., Liu, P.: Temporal Management of RFID data. In: VLDB 2005: Proceedings of the 31st international conference on Very large data bases, VLDB Endowment, pp. 1128–1139 (2005)
Yagüe, M.I.: Survey on XML-Based Policy Languages for Open Environments. Journal of Information Assurance and Security 1, 11–20 (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Grummt, E., Müller, M. (2008). Fine-Grained Access Control for EPC Information Services. In: Floerkemeier, C., Langheinrich, M., Fleisch, E., Mattern, F., Sarma, S.E. (eds) The Internet of Things. Lecture Notes in Computer Science, vol 4952. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78731-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-78731-0_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78730-3
Online ISBN: 978-3-540-78731-0
eBook Packages: Computer ScienceComputer Science (R0)