Abstract
The traditional access control models, such as Role-Based Access Control (RBAC) and Bell-LaPadula (BLP), are not suitable for pervasive computing applications which typically lack well-defined security perimeters and where all the entities and interactions are not known in advance. We propose an access control model that handles such dynamic applications and uses environmental contexts to determine whether a user can get access to some resource. Our model is based on RBAC because it simplifies role management and is the de facto access control model for commercial organizations. However, unlike RBAC, it uses information from the environmental contexts to determine access decisions. The model also supports delegation which is important for dynamic applications where a user is unavailable and permissions may have to be transferred temporarily to another user/role in order to complete a specific task. This model can be used for any application where spatial and temporal information of a user and an object must be taken into account before granting access or temporarily transferring access to another user.
This work was supported in part by AFOSR under contract number FA9550-07-1-0042.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Atluri, V., Chun, S.A.: A geotemporal role-based authorisation system. International Journal of Information and Computer Security 1(1/2), 143–168 (2007)
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A Temporal Role-Based Access Control Model. In: Proceedings of the 5th ACM workshop on Role-Based Access Control, Berlin, Germany, July 2000, pp. 21–30. ACM Press, New York (2000)
Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, June 2005, pp. 29–37. ACM Press, New York (2005)
Chandran, S.M., Joshi, J.B.D.: LoT-RBAC: A Location and Time-Based RBAC Model. In: WISE, pp. 361–375 (2005)
Covington, M.J., Fogla, P., Zhan, Z., Ahamad, M.: A Context-Aware Security Architecture for Emerging Applications. In: Proceedings of the Annual Computer Security Applications Conference, Las Vegas, NV, USA, December 2002, pp. 249–260 (2002)
Covington, M.J., Long, W., Srinivasan, S., Dey, A., Ahamad, M., Abowd, G.: Securing Context-Aware Applications Using Environment Roles. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, Chantilly, VA, USA, May 2001, pp. 10–20 (2001)
Hengartner, U., Steenkiste, P.: Implementing Access Control to People Location Information. In: Proceeding of the 9th Symposium on Access Control Models and Technologies, Yorktown Heights, New York (June 2004)
Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J.: Context sensitive access control. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, pp. 111–119. ACM Press, New York (2005)
Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005)
Leonhardt, U., Magee, J.: Security Consideration for a Distributed Location Service. In: Imperial College of Science, Technology and Medicine, London, UK (1997)
Pu, F., Sun, D., Cao, Q., Cai, H., Yang, F.: Pervasive Computing Context Access Control Based on UCON ABC Model. In: International Conference on Intelligent Information Hiding and Multimedia Signal Processing, 2006. IIH-MSP 2006, December 2006, pp. 689–692 (2006)
Ray, I., Toahchoodee, M.: A Spatio-Temporal Role-Based Access Control Model. In: Proceedings of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Redondo Beach, CA, July 2007, pp. 211–226 (2007)
Ray, I., Kumar, M.: Towards a Location-Based Mandatory Access Control Model. Computers & Security 25(1) (February 2006)
Ray, I., Kumar, M., Yu, L.: LRBAC: A Location-Aware Role-Based Access Control Model. In: Proceedings of the 2nd International Conference on Information Systems Security, Kolkata, India, December 2006, pp. 147–161 (2006)
Sampemane, G., Naldurg, P., Campbell, R.H.: Access Control for Active Spaces. In: Proceedings of the Annual Computer Security Applications Conference, Las Vegas, NV, USA, December 2002, pp. 343–352 (2002)
Samuel, A., Ghafoor, A., Bertino, E.: A Framework for Specification and Verification of Generalized Spatio-Temporal Role Based Access Control Model. Technical report, Purdue University, February 2007. CERIAS TR 2007-08 (2007)
Yu, H., Lim, E.-P.: LTAM: A Location-Temporal Authorization Model. In: Secure Data Management, pp. 172–186 (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ray, I., Toahchoodee, M. (2008). A Spatio-temporal Access Control Model Supporting Delegation for Pervasive Computing Applications. In: Furnell, S., Katsikas, S.K., Lioy, A. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2008. Lecture Notes in Computer Science, vol 5185. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85735-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-85735-8_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85734-1
Online ISBN: 978-3-540-85735-8
eBook Packages: Computer ScienceComputer Science (R0)