skip to main content
10.1145/1594139.1594151acmconferencesArticle/Chapter ViewAbstractPublication PagesmodConference Proceedingsconference-collections
research-article

Law-aware access control for international financial environments

Published: 29 June 2009 Publication History

Abstract

Financial institutions are restricted by legislation and have to ensure that mobile access to data is legal in a defined context. However, today's access control solutions work but cannot decide whether an access is legal. Especially when an access from different countries is required different legislations have to be taken into account. In this paper, we address the problem of a law-compliant access in international financial environments. We present an extension to context-aware access control systems so that they incorporate legal constraints. To this end, we introduce different facets of context information, their interrelations, and describe their necessity for a law-aware access control. Finally, by using an international banking application scenario, we demonstrate how a system that follows our approach can decide about access.

References

[1]
G.-J. Ahn and R. Sandhu. Role-based authorization constraints specification. ACM Trans. Inf. Syst. Secur., 3(4):207--226, 2000.
[2]
V. Atluri and J. Warner. Supporting conditional delegation in secure workflow management systems. In SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies, pages 49--58, New York, NY, USA, 2005. ACM.
[3]
E. Bertino, C. Bettini, E. Ferrari, and P. Samarati. A Temporal Access Control Mechanism for Database Systems. IEEE Transactions on Knowledge and Data Engineering, 08(1):67--80, 1996.
[4]
E. Bertino, C. Bettini, and P. Samarati. A Temporal Authorization Model. In CCS '94: Proceedings of the 2nd ACM Conference on Computer and communications security, pages 126--135, New York, NY, USA, 1994. ACM.
[5]
S. M. Chandran and J. B. D. Joshi. LoT-RBAC: A location and time-based RBAC model. In A. H. H. Ngu, M. Kitsuregawa, E. J. Neuhold, J.-Y. Chung, and Q. Z. Sheng, editors, WISE, volume 3806 of Lecture Notes in Computer Science, pages 361--375. Springer, 2005.
[6]
J. Crampton and H. Khambhammettu. Delegation and satisfiability in workflow systems. In SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologies, pages 31--40, New York, NY, USA, 2008. ACM. p31-crampton.
[7]
M. L. Damiani, E. Bertino, B. Catania, and P. Perlasca. Geo-rbac: A spatially aware rbac. ACM Trans. Inf. Syst. Secur., 10(1):2, 2007.
[8]
D. E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236--243, 1976.
[9]
A. K. Dey and G. D. Abowd. Towards a better understanding of context and context-awarenesss. In Computer Human Intraction 2000 Workshop on the What, Who, Where, 1999.
[10]
D. Ferraiolo and R. Kuhn. Role-based access controls. In 15th NIST-NCSC National Computer Security Conference, pages 554--563, 1992.
[11]
C. K. Georgiadis, I. Mavridis, G. Pangalos, and R. K. Thomas. Flexible team-based access control using contexts. In SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies, pages 21--27, New York, NY, USA, 2001. ACM.
[12]
T. Gross and M. Specht. Awareness in context-aware information systems. In H. Oberquelle, R. Oppermann, and J. Krause, editors, Mensch & Computer. Teubner, 2001.
[13]
M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter. Monitors for Usage Control. In Joint iTrust and PST Conferences on Privacy, Trust Management and Security, volume 238 of IFIP International Federation for Information Processing. Springer-Verlag, 2007.
[14]
L. LaPadula, T. Original, D. E. Bell, and L. J. LaPadula. Secure Computer Systems: Mathematical Foundations, 1973.
[15]
G. Neumann and M. Strembeck. A scenario-driven role engineering process for functional RBAC roles. In In Proceedings of 7th ACM Symposium on Access Control Models and Technologies (SACMAT), 2002.
[16]
J. Park and R. Sandhu. The UCONABC usage control model. ACM Trans. Inf. Syst. Secur., 7(1):128--174, 2004.
[17]
R. Sandhu and F. Chen. The multilevel relational (MLR) data model. ACM Trans. Inf. Syst. Secur., 1(1):93--132, 1998.
[18]
R. Sandhu, D. Ferraiolo, and R. Kuhn. The NIST model for role-based access control: towards a unified standard. In RBAC '00: Proceedings of the fifth ACM workshop on Role-based access control, pages 47--63, New York, NY, USA, 2000. ACM.
[19]
B. Schilit, N. Adams, and R. Want. Context-aware computing applications. In IEEE Workshop on Mobile Computing Systems and Applications, Santa Cruz, CA, US, 1994.
[20]
B. Schilit and M. Theimer. Disseminating active map information to mobile hosts. IEEE Network, 8(5):22--32, 1994.
[21]
C. Serban, Y. Chen, W. Zhang, and N. Minsky. The concept of decentralized and secure electronic marketplace. Electronic Commerce Research, 8(1--2):79--101, 2008.
[22]
M. Strembeck and G. Neumann. An integrated approach to engineer and enforce context constraints in RBAC environments. ACM Trans. Inf. Syst. Secur., 7(3):392--427, 2004.
[23]
R. Thomas. Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments. In Proceedings of the Second ACM workshop on Role-based Access Control, Fairfax, VA USA, 1997.
[24]
V. Ungureanu and N. H. Minsky. Establishing business rules for inter-enterprise electronic commerce. In DISC '00: Proceedings of the 14th International Conference on Distributed Computing, pages 179--193, London, UK, 2000. Springer-Verlag.

Cited By

View all
  • (2022)Real geo‐time‐based secured access computation model for e‐Health systemsComputational Intelligence10.1111/coin.1252339:1(18-35)Online publication date: 10-Apr-2022
  • (2010)Benefits of Location-Based Access ControlProceedings of the 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing10.1109/GreenCom-CPSCom.2010.148(739-746)Online publication date: 18-Dec-2010
  • (2009)Law-aware access controlProceedings of the 2009 international conference on New frontiers in artificial intelligence10.5555/1881958.1881966(73-86)Online publication date: 19-Nov-2009
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
MobiDE '09: Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access
June 2009
67 pages
ISBN:9781605587127
DOI:10.1145/1594139
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 June 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. access control
  2. context-awareness
  3. legal constraints

Qualifiers

  • Research-article

Conference

MobiDE'09
Sponsor:

Acceptance Rates

Overall Acceptance Rate 23 of 59 submissions, 39%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Real geo‐time‐based secured access computation model for e‐Health systemsComputational Intelligence10.1111/coin.1252339:1(18-35)Online publication date: 10-Apr-2022
  • (2010)Benefits of Location-Based Access ControlProceedings of the 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing10.1109/GreenCom-CPSCom.2010.148(739-746)Online publication date: 18-Dec-2010
  • (2009)Law-aware access controlProceedings of the 2009 international conference on New frontiers in artificial intelligence10.5555/1881958.1881966(73-86)Online publication date: 19-Nov-2009
  • (2009)Law-Aware Access Control: About Modeling Context and Transforming LegislationNew Frontiers in Artificial Intelligence10.1007/978-3-642-14888-0_7(73-86)Online publication date: 19-Nov-2009

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media