Abstract
Access control is concerned with determining which operations a particular user is allowed to perform on a particular electronic resource. For example, an access control decision could say that user Alice is allowed to perform the operation read (but not write) on the resource research report. With conventional access control this decision is based on the user’s identity whereas the basic idea of Location-Aware Access Control (LAAC) is to evaluate also a user’s current location when making the decision if a particular request should be granted or denied. LAAC is an interesting approach for mobile information systems because these systems are exposed to specific security threads like the loss of a device. Some data models for LAAC can be found in literature, but almost all of them are based on RBAC and none of them is designed especially for Database Management Systems (DBMS). In this paper we therefore propose a LAAC-approach for DMBS and describe a prototypical implementation of that approach that is based on database triggers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bell, D.E., LaPadula, L.J.: Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report MTR-2997, The MITRE Corporation (1976)
Biba, K.J.: Integrity Considerations for Secure Computer Systems. Technical Report MTR-3153, The MITRE Corporation (1976)
Casati, F., Castano, S., Fugini, M.G.: Managing Workflow Authorization Constraints through Active Database Technology. Information Systems Frontiers 3(3), 319–338 (2001)
Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison-Wesley, Wokingham (1994)
Cho, Y., Bao, L., Goodrich, M.T.: LAAC: A Location-Aware Access Control Protocol. In: Third Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services, pp. 1–7 (2006)
Damiani, M.L., Bertino, E., Perlasca, P.: Data Security in Location-Aware Applications: An Approach Based on RBAC. International Journal of Information and Computer Security 1(1/2), 5–38 (2007)
Decker, M.: Location Privacy – An Overview. In: Proceedings of the International Conference on Mobile Business (ICMB 2008), Barcelona, Spain. IEEE, Los Alamitos (2008)
Decker, M.: Location-Aware Access Control: An Overview. In: Proceedings of the Conference on Wireless Applications and Computing (WAC 2009), Carvoeiro, Portugal, pp. 75–82 (2009)
Decker, M.: Prevention of Location-Spoofing. A Survey on Different methods to Prevent the Manipulation of Locating-Technologies. In: Proceedings of the International Conference on e-Business (ICE-B), Milano, Italy, pp. 109–114. INSTICC (2009)
Elmasri, R., Navathe, S.: Fundamentals of Database Systems, 4th edn. Pearson, Boston (2004)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House, Boston (2007)
Gallagher, M.: Location-based authorization. Master’s thesis, University of Minnesota (2002)
Hansen, F., Oleshchuk, V.: SRBAC: A Spatial Role-Based Access Control Model for Mobile Systems. In: Proceedings of the Nordic Workshop on Secure IT Systems (NORDSEC), Gjovik, Norway, pp. 129–141 (2003)
Küpper, A.: Location-based Services – Fundamentals and Operation. John Wiley & Sons, Chichester (Reprint, 2007)
Lake, R., Burggraf, D.S., Trninic, M., Rae, L.: GML. Geography Mark-Up Language. Foundation for the Geo-Web. John Wiley & Sons, Chichester (2004)
Lunt, T.F., Denning, D.E., Schell, R.R., Heckman, M., Shockley, W.R.: The seaview security model. IEEE Trans. Softw. Eng. 16(6), 593–607 (1990)
Ray, I., Kumar, M.: Towards a Location-based Mandatory Access Control Model. Computers & Security 25(1), 36–44 (2006)
Sastry, N., Shankar, U., Wagner, D.: Secure Verification of Location Claims. In: Proceedings of the 2nd ACM Workshop on Wireless Security (WiSE 2003), San Diego, California, USA, pp. 1–10 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Decker, M. (2009). Mandatory and Location-Aware Access Control for Relational Databases. In: Mehmood, R., Cerqueira, E., Piesiewicz, R., Chlamtac, I. (eds) Communications Infrastructure. Systems and Applications in Europe. EuropeComm 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 16. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11284-3_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-11284-3_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11283-6
Online ISBN: 978-3-642-11284-3
eBook Packages: Computer ScienceComputer Science (R0)