Abstract
As computing technology becomes more pervasive and mobile services are deployed, applications will need flexible access control mechanisms. Although lots of researches have been done on access control, these efforts focus on relatively static scenarios where access depends on identity of the subject. They do not address access control issues for pervasive applications where the access privileges of a subject not only depend on its identity but also on its current context and state. In this paper, we present the SESAME dynamic context-aware access control mechanism for pervasive applications. SESAME complements current authorization mechanisms to dynamically grant and adapt permissions to users based on their current context. The underlying dynamic role based access control (DRBAC) model extends the classic role based access control (RBAC). We also present a prototype implementation of SESAME and DRBAC with the Discover computational collaboratory and an experimental evaluation of its overheads.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
G.D. Abowd and A.K. Dey, The context toolkit: Aiding the development of context-aware applications, in: Human Factors in Computing Systems: CHI 99, ACM Press, eds, Pittsburgh, PA, USA, (May 1999) pp. 434–441.
V. Bhat and M. Parashar, A middleware substrate for integrating services on the grid, Technical Report Technical Report Number TR-268, ICenter for Advanced Information Processing, Rutgers University, November 2002.
S. Gavrila, D.R. Kuhn, D.F. Ferraiolo, R. Sandhu and R. Chandramouli, Proposed nist standard for role-based access control, ACM Transactions on Information and System Security 4(3) (2001) 224–274.
National Science Fundation. National Ecological Observatory Network Project Web Site, http://www.nsf.gov/bio/neon/start.htm.
L. Giuri and P. Iglio, Role templates for content-based access control, in: Proceedings of the Second ACM Workshop on Role Based Access Control, Virginia, USA (1997).
G. Tsudik, S. Tuecke, I. Foster and C. Kesselman, A security architecture for computational grids, in: 5th ACM Conference on Computer and Communications Security Conference, San Francisco, CA, USA (1998) pp. 88–92.
R. Campbell, J.Al-Muhtadi, A. Ranganathan and M.D. Mickunas, A flexible, privacy-presevering authentication framework for ubiquitous computing environments, in: International Workshop on Smart Appliances and Wearable Computing, Vienna, Austria (2002).
K. Beznosov, J. Barkley and J. Uppal, Supporting relationships in access control using role based access control, 1999.
J. Elson, H. Wang, D. Maniezzo, R.E. Hudson, K. Yao, J.C. Chen, L. Yip and D. Estrin, Coherent acoustic array processing and localization on wireless sensor network, IEEE Proceedings 91(8), August (2003).
M.J. Moyer, M.J. Covington and M. Ahamad, Generalized role-based access control for securing future applications, in: 23rd National Information Systems Security Conference. (NISSC 2000), Baltimore, Md, USA (October 2000).
S. Srinivasan, A. Dey, M. Ahamad, M.J. Covington, W. Long and G. Abowd, Securing context-aware applications using environment roles (May 2001).
V. Mann and M. Parashar, Engineering an interoperable computational collaboratory on the grid, Special Issue on Grid Computing Environments, Concurrency and Computation: Practice and Experience 14(13/15) (2002) 1569–1593.
R. Muralidhar and M. Parashar, A distributed object infrastructure for interaction and steering, in: Concurrency and Computation: Practice and Experience, to appear.
Massachusetts Institute of Technology. The IntelligentRoom Research Project Web Site, http://www.ai.mit.edu/projects/iroom/index.shtml.
Globus Project. Globus Project Web Site, 2003. http://www.globus.org/.
H. Feinstein, R. Sandhu, E. Coyne and C. Youman, Role-based access control models, IEEE Computer, 29(2) (1996) 38–47.
Network Weather Service. University of California, Santa Barbara, Research Project Web Site, 2003. http://nws.cs.ucsb.edu/.
R. Muralidhar, V. Mann, V. Matossian and M. Parashar, Discover: An environment for web-based interaction and steering of high-performance scientific applications, Concurrency and Computation: Practice and Experience 13(8/9) (2001) 737–754.
T.Y.C. Woo and Simon S. Lam, Designing a distributed authorization service, in: Proceedings of IEEE INFOCOM, 1998.
Author information
Authors and Affiliations
Corresponding author
Additional information
Guangsen Zhang is Ph.D. student in the Department of Electrical and Computer Engineering at Rutgers University. He received his MS from Rutgers University. His research interests include parallel & distributed computing, distributed system security.
Manish Parashar is an Associate Professor in the Department of Electrical and Computer Engineering at Rutgers University. His research interests include autonomic computing, parallel & distributed computing, scientific computing, and software engineering.
Rights and permissions
About this article
Cite this article
Zhang, G., Parashar, M. SESAME: Scalable, Environment Sensitive Access Management Engine. Cluster Comput 9, 19–27 (2006). https://doi.org/10.1007/s10586-006-4894-z
Issue Date:
DOI: https://doi.org/10.1007/s10586-006-4894-z