Abstract
Context-aware computing is an important aspect of the pervasive computing environment and its various dynamic context information brings new challenges to access control systems. In this paper a new access control model, relation based access control (RelBAC), is provided for context-aware environment with a domain specific Description Logic to formalize the model. The novelty of RelBAC is that permissions are formalized as binary relations between subjects and objects which could evolve with the dynamic contexts. The expressive power of RelBAC is illustrated in a case study of a project meeting event.
Similar content being viewed by others
References
Baader F., Calvanese D., McGuinness D. L., Nardi D., Patel-Schneider P. F. (Eds.). (2003). The description logic handbook: Theory, implementation, and applications. New York: Cambridge University Press.
Bouquet, P., Giunchiglia, F., Harmelen, F. V., Serafini, L., & Stuckenschmidt, H. (2003). C-owl: Contextualizing ontologies. In: Journal Of Web Semantics, Springer, pp. 164–179.
Covington, M. J., Long, W., Srinivasan, S., Dev, A. K., Ahamad, M., & Abowd, G. D. (2001). Securing context-aware applications using environment roles. In: SACMAT ’01: Proceedings of the sixth ACM symposium on Access control models and technologies (pp. 10–20). New York, NY: ACM. http://doi.acm.org/10.1145/373256.373258
Damiani, M. L., Bertino, E., Catania, B., & Perlasca, P. (2007). Geo-rbac: A spatially aware rbac. ACM Transactions on Information and System Security, 10(1).
Damianou, N., Dulay, N., Lupu, E. C., & Sloman, M. (2000). Ponder: A language for specifying security and management policies for distributed systems. Imperial College Research Report DoC 2000/1. URL:citeseer.ist.psu.edu/damianou00ponder.html.
Emami, S. S., Amini, M., & Zokaei, S. (2007). A context-aware access control model for pervasive computing environments. Intelligent Pervasive Computing, 0, 51–56. http://doi.ieeecomputersociety.org/10.1109/IPC.2007.6
Ferraiolo, D. F., Sandhu, R. S., Gavrila, S. I., Kuhn, D. R., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. Information and System Security, 4(3), 224–274. URL:http://citeseer.ist.psu.edu/ferraiolo01proposed.html.
Giunchiglia, F., Marchese, M., & Zaihrayeu, I. (2007). Encoding classifications into lightweight ontologies. Journal of Data Semantics, 8.
Giunchiglia, F., Zhang, R., & Crispo, B. (2008). Relbac: Relation based access control. In: SKG ’08: Proceedings of the 2008 Fourth International Conference on Semantics, Knowledge and Grid (pp. 3–11). Washington, DC: IEEE Computer Society. http://dx.doi.org/10.1109/SKG.2008.76.
Hulsebosch, R. J., Salden, A. H., Bargh, M. S., Ebben, P. W. G., & Reitsma, J. (2005). Context sensitive access control. In: SACMAT ’05: Proceedings of the tenth ACM symposium on Access control models and technologies (pp. 111–119). New York, NY: ACM. http://doi.acm.org/10.1145/1063979.1064000.
Joshi J., Bertino E., Latif U., Ghafoor A. (2005) A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering 17(1): 4–23
Kagal, L. (2002). Rei : A Policy Language for the Me-Centric Project. Tech. rep., HP Labs. http://www.hpl.hp.com/techreports/2002/HPL-2002-270.html.
Kagal, L., Finin, T., & Joshi, A. (2003). A policy language for a pervasive computing environment. In:POLICY ’03: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (p. 63). Washington, DC: IEEE Computer Society.
Kulkarni, D., & Tripathi, A. (2008). Context-aware role-based access control in pervasive computing systems. In: SACMAT, pp. 113–122.
Lampson, B. (1971). Protection. In: Proceedings of 5th Princeton Conference on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1, pp. 18–24
Mccarthy, J. (1993). Notes on formalizing context. In: Proceedings of the Thirteenth International Joint conference on Artificial Intelligence (pp. 555–560). Morgan Kaufmann.
Moyer, M. J., & Ahamad, M. (2001). Generalized role-based access control. In: ICDCS, pp. 391–398.
Uszok, A., Bradshaw, J. M., Johnson, M., Jeffers, R., Tate, A., Dalton, J., & Aitken, S. (2004). Kaos policy management for semantic web services. IEEE Intelligent Systems 19(4), 32–41. http://doi.ieeecomputersociety.org/10.1109/MIS.2004.31.
Zhang, G., & Parashar, M. (2004). Context-aware dynamic access control for pervasive computing. http://citeseer.ist.psu.edu/687356.html.
Zhang, R., Artale, A., Giunchiglia, F., & Crispo, B. (2009). Using description logics in relation based access control. Tech. rep., University of Trento. http://eprints.biblio.unitn.it/archive/00001611/01/024.pdf.
Author information
Authors and Affiliations
Corresponding author
Additional information
This work was done during the PhD program of the first author in University of Trento.
Rights and permissions
About this article
Cite this article
Zhang, R., Giunchiglia, F., Crispo, B. et al. Relation-Based Access Control: An Access Control Model for Context-Aware Computing Environment. Wireless Pers Commun 55, 5–17 (2010). https://doi.org/10.1007/s11277-009-9782-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-009-9782-4