ABSTRACT
In this paper we present a context-aware RBAC (CARBAC) model for pervasive computing applications. The design of this model has been guided by the context-based access control requirements of such applications. These requirements are related to users' memberships in roles, permission executions by role members, and context-based dynamic integration of services in the environment with an application. Context information is used in role admission policies, in policies related to permission executions by role members, and in policies related to accessing of dynamically interfaced services by role members. The dynamic nature of context information requires model-level support for revocations of role memberships and permission activations when certain context conditions fail to hold. Based on this model we present a programming framework for building context-aware applications, providing mechanisms for specifying and enforcing context-based access control requirements.
- G. D. Abowd, A. K. Dey, P. J. Brown, N. Davies, M. Smith, and P. Steggles. Towards a Better Understanding of Context and Context-Awareness. In HUC '99: Proceedings of the 1st International Symposium on Handheld and Ubiquitous Computing, pages 304--307. Springer-Verlag, 1999.]] Google ScholarDigital Library
- T. Ahmed and A. R. Tripathi. Specification and Verification of Security Requirements in a Programming Model for Decentralized CSCW Systems. ACM Transactions on Information and System Security (TISSEC), 10(2):7, 2007.]] Google ScholarDigital Library
- G.-J. Ahn and R. Sandhu. Role-based Authorization Constraints Specification. ACM Transactions on Information and System Security (TISSEC), 3(4):207 -- 226, November 2000.]] Google ScholarDigital Library
- J. Bacon, K. Moody, and W. Yao. A Model of OASIS Role-based Access Control and its support for Active Security. ACM Transactions on Information and System Security (TISSEC), 5(4):492--540, 2002.]] Google ScholarDigital Library
- J. E. Bardram, T. R. Hansen, M. Mogensen, and M. Søgaard. Experiences from Real-World Deployment of Context-Aware Technologies in a Hospital Environment. In Ubicomp, pages 369--386, 2006.]] Google ScholarDigital Library
- E. Bertino, B. Catania, M. L. Damiani, and P. Perlasca. GEO-RBAC: A Spatially Aware RBAC. In SACMAT '05: Proceedings of the Tenth ACM Symposium on Access control Models and Technologies, pages 29--37, 2005.]] Google ScholarDigital Library
- R. Campbell, J. Al-Muhtadi, P. Naldurg, G. Sampemane, and M. D. Mickunas. Towards Security and Privacy for Pervasive Computing. In Lecture Notes in Computer Science Software Security - Theories and Systems, volume 2609, pages 77--82. Springer, 2003.]] Google Scholar
- S. Consolvo, P. Roessler, B. E. Shelton, A. LaMarca, B. Schilit, and S. Bly. Technology for Care Networks of Elders. IEEE Pervasive Computing, 3(2):22--29, 2004.]] Google ScholarDigital Library
- M. J. Covington, W. Long, S. Srinivasan, A. K. Dey, M. Ahamad, and G. D. Abowd. Securing Context-Aware Applications Using Environment Roles. In SACMAT '01: Proceedings of the Sixth ACM Symposium on Access control Models and Technologies, pages 10--20, 2001.]] Google ScholarDigital Library
- J. Crampton. Specifying and Enforcing Constraints in Role-based Access Control. In SACMAT '03: Proceedings of the Eighth ACM Symposium on Access control Models and Technologies, pages 43--50, 2003.]] Google ScholarDigital Library
- N. Davies, K. Cheverst, K. Mitchell, and A. Efrat. Using and Determining Location in a Context-sensitive Tour Guide. IEEE Computer, 34(8):35--41, August 2001.]] Google ScholarDigital Library
- M. Evered and S. Bögeholz. A Case Study in Access Control Requirements for a Health Information System. In ACSW Frontiers '04: Proceedings of the Second Workshop on Australasian Information Security, Data Mining and Web Intelligence, and Software Internationalisation, pages 53--61, 2004.]] Google ScholarDigital Library
- D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for Role-based Access Control. ACM Transactions on Information and System Security (TISSEC), 4(3):224--274, 2001.]] Google ScholarDigital Library
- A. Fitzpatrick, G. Biegel, S. Clarke, and V. Cahill. Towards a Sentient Object Model. In Workshop on Engineering Context-Aware Object-Oriented Systems and Environments (ECOOSE), November 2002.]]Google Scholar
- M. Ge and S. L. Osborn. A Design for Parameterized Roles. In DBSec, pages 251--264, 2004.]]Google ScholarCross Ref
- C. K. Georgiadis, I. Mavridis, G. Pangalos, and R. K. Thomas. Flexible Team-based Access Control using Contexts. In SACMAT '01: Proceedings of the Sixth ACM Symposium on Access control Models and Technologies, pages 21--27, 2001.]] Google ScholarDigital Library
- L. Giuri and P. Iglio. Role Templates for Content-based Access Control. In RBAC '97: Proceedings of the Second ACM Workshop on Role Based Access Control, pages 153--159, 1997.]] Google ScholarDigital Library
- T. Halpin. Information Modeling and Relational Databases: From Conceptual Analysis to Logical Design. Morgan Kaufmann Publishers Inc., 2001.]] Google ScholarDigital Library
- K. Henricksen and J. Indulska. A Software Engineering Framework for Context-Aware Pervasive Computing. In PERCOM '04: Proceedings of the Second IEEE International Conference on Pervasive Computing and Communications (PerCom'04), page 77, 2004.]] Google ScholarDigital Library
- A. K. Jones and B. H. Liskov. A Language Extension for Expressing Constraints on Data Access. Commun. ACM, 21(5):358--367, 1978.]] Google ScholarDigital Library
- J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering (IEEE TKDE), 17(1):4--23, 2005.]] Google ScholarDigital Library
- P. McDaniel. On Context in Authorization Policy. In SACMAT '03: Proceedings of the Eighth ACM Symposium on Access control Models and Technologies, pages 80--89, 2003.]] Google ScholarDigital Library
- T. Moses. OASIS eXtensible Access Control Markup Language (XACML) Version 2.0, OASIS Standard. pages 1--141, 1 February 2005.]]Google Scholar
- G. Neumann and M. Strembeck. An Approach to Engineer and Enforce Context Constraints in an RBAC Environment. In SACMAT '03: Proceedings of the Eighth ACM Symposium on Access control Models and Technologies, pages 65--79, 2003.]] Google ScholarDigital Library
- U. Nitsche, R. Holbein, O. Morger, and S. Teufel. Realization of a Context-Dependent Access Control Mechanism on a Commercial Platform. In Proceedings of IFIP/SEC 1998. Chapman & Hall.]]Google Scholar
- J. Park and R. Sandhu. The UCONABC Usage Control Model. ACM Transactions on Information and System Security (TISSEC), 7(1):128--174, 2004.]] Google ScholarDigital Library
- D. Salber, A. K. Dey, and G. D. Abowd. The Context Toolkit: Aiding the Development of Context-Enabled Applications. In Proceedings of the 1999 Conference on Human Factors in Computing Systems (CHI '99), pages 434--441, May 1999.]] Google ScholarDigital Library
- G. Sampemane, P. Naldurg, and R. H. Campbell. Access control for Active Spaces. In Annual Computer Security Applications Conference (ACSAC2002), 2002.]] Google ScholarDigital Library
- B. Schilit, N. Adams, and R. Want. Context-Aware Computing Applications. In IEEE Workshop on Mobile Computing Systems and Applications, pages 85--90, Santa Cruz, CA, US, 1994.]]Google Scholar
- Y. Shi, W. Xie, G. Xu, R. Shi, E. Chen, Y. Mao, and F. Liu. The Smart Classroom: Merging Technologies for Seamless Tele-Education. IEEE Pervasive Computing, 02(2):47--55, 2003.]] Google ScholarDigital Library
- T. Strang and C. Linnhoff-Popien. A Context Modeling Survey. In Workshop on Advanced Context Modelling, Reasoning and Management as part of UbiComp 2004 - The Sixth International Conference on Ubiquitous Computing, September 2004.]]Google Scholar
- R. K. Thomas. Team-based Access Control (TMAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments. In RBAC '97: Proceedings of the Second ACM Workshop on Role-based Access Control, pages 13--19, 1997.]] Google ScholarDigital Library
- A. Tripathi, D. Kulkarni, and T. Ahmed. A Specification Model for Context-Based Collaborative Applications. Elsevier Journal on Pervasive and Mobile Computing, 1(1):21 -- 42, May-June 2005.]] Google ScholarDigital Library
- A. R. Tripathi, D. Kulkarni, H. Talkad, M. Koka, S. Karanth, T. Ahmed, and I. Osipkov. Autonomic Configuration and Recovery in a Mobile Agent-based Distributed Event Monitoring System. Software - Practice & Experience, 37(5):493--522, 2007.]] Google ScholarDigital Library
- X. H. Wang, D. Q. Zhang, T. Gu, and H. K. Pung. Ontology Based Context Modeling and Reasoning Using OWL. In PERCOMW '04: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004.]] Google ScholarDigital Library
Index Terms
- Context-aware role-based access control in pervasive computing systems
Recommendations
A generalized context-based access control model for pervasive environments
SPRINGL '09: Proceedings of the 2nd SIGSPATIAL ACM GIS 2009 International Workshop on Security and Privacy in GIS and LBSPervasive Computing Environments enable new opportunities for users to share and to access resources anytime and anywhere in a more natural way, making access control a critical issue. These heterogeneous and dynamic sensor-rich environments ...
Practical Role-Based Access Control
This article presents access control from a general and a role-based perspective. The article's focus is role based Access Control from a practical vice a theoretical perspective. The article starts with some access control definitions and two secure ...
Symbolic reachability analysis for parameterized administrative role-based access control
Role-based access control (RBAC) is a widely used access control paradigm. In large organizations, the RBAC policy is managed by multiple administrators. An administrative role-based access control (ARBAC) policy specifies how each administrator may ...
Comments