Skip to main content
SpringerLink
Log in

Towards the realisation of context-risk-aware access control in pervasive computing

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

This paper proposes a novel Context-Risk-Aware Access Control (CRAAC) model for Ubiquitous Computing (UbiComp) environments. Context-aware access control allows access permissions to be adjusted dynamically in adaptation to the changes in the surrounding context. Though current context-aware access control solutions can, to a certain extent, achieve such context adaptation, there are still limitations in these solutions. One of the limitations is that they make use of an architectural model by which the two major functional blocks, context infrastructure and access control system, are tightly coupled together. As a result, they are not flexible nor generic to accommodate various access control constraints and policy settings. The CRAAC model is designed to overcome this limitation. By introducing the concept of risk aware and authorisation levels of assurance (LoA) into the authorisation decision making, and by maximising the use of a component-based approach in the architectural design, the model has successfully decoupled context infrastructure and access control system making it more extensible in providing the required functionality, and more flexible in accommodating different contextual attributes and their mutual correlation. In addition, it interoperates and is backward compatible with traditional role-based access control solutions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Hulsebosch, R. J., Salden, A. H., Bargh, M. S., Ebben, P. W. G., & Reitsma, J. (2005). Context sensitive access control. In Proc. 10th ACM symposium on access control models and technologies (SACMAT ’05), New York (pp. 111–119) 2005.

  2. Dey, A. (2001). Understanding and using context. Personal Ubiquitous Computing, 5(1), 4–7.

    Article  Google Scholar 

  3. US Office of Management & Budge (2003). Memorandum M-04-04: E-Authentication Guidance for Federal Agencies, December.

  4. Burr, W. E., Dodson, D. F., & Polk, W. T. (2006). Electronic authentication guideline. NIST special publication 800-63 version 1.0.2, April.

  5. Sandhu, R., & Samarati, P. (1994). Access control: principles and practice. IEEE Communications Magazine, 32(9), 40–48.

    Article  Google Scholar 

  6. Sandhu, R., Coyne, E., Feinstein, H., & Youman, C. (1996). Role-based access control models. IEEE Computer, 29(2), 38–47.

    Google Scholar 

  7. Chou, S. (2005). An RBAC-based access control model for object-oriented systems offering dynamic aspect features. IEICE Transactions on Information and Systems, 88(9), 2143–2147.

    Article  Google Scholar 

  8. Park, S., Han, Y., & Chung, T. (2006). Context-role based access control for context-aware application. In Lecture notes in computer science : Vol. 4208. High performance computing and communications (pp. 572–580). Berlin/Heidelberg: Springer.

    Chapter  Google Scholar 

  9. Moyer, M. J., & Ahamad, M. (2001). Generalized role-based access control. In Proc. 21st international conference on distributed computing systems (ICDCS ’01), Washington, DC, April 2001 (pp. 391–398). Los Alamitos: IEEE Computer Society.

    Chapter  Google Scholar 

  10. Covington, M. J., Fogla, P., Zhan, Z., & Ahamad, M. (2002). A context-aware security architecture for emerging applications. In Proc. 18th annual computer security applications conference (ACSAC ’02), Washington, 2002 (p. 249). Los Alamitos: IEEE Computer Society.

    Chapter  Google Scholar 

  11. Bertino, E., Bonatti, P. A., & Ferrari, E. (2001). TRBAC: a temporal role-based access control model. ACM Transactions on Information and System Security, 4(3), 191–233.

    Article  Google Scholar 

  12. Chae, S., Kim, W., & Kim, D. (2006). Role-based access control model for ubiquitous computing environment. In Lecture notes in computer science : Vol. 3786. Information security applications, (pp. 354–363). Berlin/Heidelberg: Springer.

    Chapter  Google Scholar 

  13. Joshi, J., Bertino, E., & Ghafoor, A. (2002). Hybrid role hierarchy for generalized temporal role based access control model. In Proc. 26th international computer software and applications conference on prolonging software life: development and redevelopment (COMPSAC ’02), Washington, DC (pp. 951–956). Los Alamitos: IEEE Computer Society.

    Google Scholar 

  14. Hansen, F., & Oleshchu, V. (2003). SRBAC: a spatial role-based access-control model for mobile systems. In Proc. 7th Nordic Workshop on Secure IT Systems (NORDSEC’03). Gj‘vik, Norway (pp. 129–141) 2003.

  15. Zhang, H., He, Y., & Shi, Z. (2006). Spatial context in role-based access control. In Lecture notes in computer science : Vol. 4296. Information Security and Cryptology—ICISC 2006, November 2006 (pp. 166–178). Berlin/Heidelberg: Springer.

    Chapter  Google Scholar 

  16. Guangsen, Z., & Manish, P. (2004). Context-aware dynamic access control for pervasive applications. In Proc. communication networks and distributed systems modeling and simulation conference, San Diego, California (pp. 219–225) January 2004.

  17. Kim, Y., Mon, C., Jeong, D., Lee, J., Song, C., & Baik, D. (2005). Context-aware access control mechanism for ubiquitous applications. In Lecture notes in computer science : Vol. 3528. Advances in web intelligence (pp. 236–242). Berlin/Heidelberg: Springer.

    Chapter  Google Scholar 

  18. Motta, G. H. M. B., & Furuie, S. S. (2003). A contextual role-based access control authorization model for electronic patient record. IEEE Transactions on Information Technology in Biomedicine, 7(3), 202–207.

    Article  Google Scholar 

  19. Diep, N. N., Hung, L. X., Zhung, Y., Lee, S., Lee, Y., & Lee, H. (2007). Enforcing access control using risk assessment. In Proc. 4th European conference on universal multiservice networks (ECUMN ’07), Washington, DC (pp. 419–424). Los Alamitos: IEEE Computer Society.

    Chapter  Google Scholar 

  20. Konrad, K. K., Konrad, T., David, D., Howard, S., & Trevor, D. (2006). Activity zones for context-aware computing. In Lecture notes in computer science : Vol. 2864. UbiComp 2003: ubiquitous computing, October 2006 (pp. 90–106). Berlin/Heidelberg: Springer.

    Google Scholar 

  21. Meneses, F., & Moreira, A. (2004). A flexible location-context representation. In Proc. 15th IEEE international symposium on personal, indoor and mobile radio communications (PIMRC 2004) (Vol. 2, pp. 1065–1069) September 2004.

  22. Sundaram, A. (1996). An introduction to intrusion detection. ACM Crossroads, 2(4), 3–7.

    Article  Google Scholar 

  23. Giles, S., & Bersinic, D. (2003). MCSA Windows server 2003 all-in-one exam guide (exams 70-270,70-290,70-291) (p. 614). New York: McGraw-Hill Osborne Media.

  24. Barron, H., & Barrett, B. (1996). Decision quality using ranked attribute weights. Management Science, 42(11), 1515–1523.

    Article  Google Scholar 

  25. Barron, H. (1992). Selecting a best multiattribute alternative with partial information about attribute weights. Acta Psychologica, 80, 91–103.

    Article  Google Scholar 

  26. Ahn, B. S., & Park, K. S. (2008). Comparing methods for multiattribute decision making with ordinal weights. Computers & Operations Research, 35(5), 1660–1670. Part Special Issue: Algorithms and Computational Methods in Feasibility and Infeasibility.

    Article  Google Scholar 

  27. Ranganathan, A., Al-Muhtadi, J., & Campbell, R. H. (2004). Reasoning about uncertain contexts in pervasive computing environments. IEEE Pervasive Computing, 3(2), 62–70.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, University of Manchester, Oxford Road, Manchester, M13 9PL, UK

    Ali Ahmed & Ning Zhang

Authors
  1. Ali Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ning Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Ahmed.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ahmed, A., Zhang, N. Towards the realisation of context-risk-aware access control in pervasive computing. Telecommun Syst 45, 127–137 (2010). https://doi.org/10.1007/s11235-009-9240-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-009-9240-3

Search

Navigation