research-article

Context-awareness: exploring the imperative shared context of security and ubiquitous computing

Authors:

M. Fahim Ferdous Khan,

Ken SakamuraAuthors Info & Claims

IIWAS '12: Proceedings of the 14th International Conference on Information Integration and Web-based Applications & Services

Pages 101 - 110

https://doi.org/10.1145/2428736.2428755

Published: 03 December 2012 Publication History

Abstract

Context-awareness is a quintessential feature of ubiquitous computing. Contextual information not only facilitates improved applications, but can also become significant security parameters -- which in turn can potentially ensure service delivery not to anyone anytime anywhere, but to the right person at the right time and place. Specially, in determining access control to resources, contextual information can play an important role. Access control models, as studied in traditional computing security, however, have no notion of context-awareness; and the recent works in the nascent field of context-aware access control predominantly focus on spatio-temporal contexts, disregarding a host of other pertinent contexts. In this paper, with a view to exploring the relationship of access control and context-awareness in ubiquitous computing, we propose a comprehensive context-aware access control model for ubiquitous healthcare services. We explain the design, implementation and evaluation of the proposed model in detail. We chose healthcare a representative application domain because healthcare systems pose an array of non-trivial context-sensitive access control requirements, many of which are directly or indirectly applicable to other context-aware ubiquitous computing applications.

References

[1]

Dey, A. K., Understanding and using context, Personal and Ubiquitous Computing Journal, 5, 1, (2001), 5--7.

Digital Library

[2]

Sampemane G., Naldurg P. and Campbell, R. H. 2002. Access control for active spaces. In Proceedings of Annual Computer Security Applications Conference (2002), 343--352.

Digital Library

[3]

Covington, M. J., Long, W., Srinivasan S., Dey, A. K., M. Ahamad, and G. D. Abowd. 2001. Securing context-aware applications using environment roles. In Proceeding of Sixth ACM Symposium on Access control Models and Technologies (2001), 10--20.

Digital Library

[4]

Bertino, E., Catania, B., Damiani, M. L. and Perlasca, P. 2005. GEO-RBAC: A spatially aware RBAC. In Proceedings of Tenth ACM Symposium on Access control Models and Technologies (2005), 29--37.

Digital Library

[5]

Joshi, J. B. D., Bertino, E., Latif, U. and Ghafoor, A. 2005. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering. 17, 1 (2005), 4--23.

Digital Library

[6]

Wilikens, M., Feriti, S. and Masera, M. 2002. A context-related authorization and access control method based on RBAC: A case study from the health care domain. In Proceedings of Seventh ACM Symposium on Access control Models and Technologies (2002), 117--124.

Digital Library

[7]

Seon-Ho, P., Young-Yu, H. and Tai-Myoung, C. 2006. Context-roles based access control for context aware applications. LNCS 4208, Springer-Verlag (2006), 572--580.

Digital Library

[8]

Xianxi, H., Haiyang, W., Zhenxiang, C. and Jinjiou, L. 2006. A context, rule and RBAC access control in enterprise pervasive computing environment," In Proceedings of 1st International Symposium on Pervasive Computing and Applications (2006), 497--502.

[9]

Thomas, R. K. 1997. Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In Proceedings of 2nd ACM workshop on Role-based access control (1997), 13--19.

Digital Library

[10]

Georgiadis, C. K., Mavridis, I., Pangalos, G. and Thomas, R. K. 2001. Flexible team-based access control using contexts. In Proceedings of Sixth ACM Symposium on Access Control Models and Technologies (2001), 21--27.

Digital Library

[11]

Schmidt A., Beigl M., and Gellersen H. 1999. There is more to context than location. Computers & Graphics, 23, 6, (Dec. 1999), 893--901

[12]

Wang, Q. and Jin, H. 2008 Usable authentication for electronic healthcare systems. In Proceedings of Symposium on Usable Privacy and Security (SOUPS 2008).

[13]

Sandhu, R. S., Coyne, E. J., Feinstein, H. L. and Youman, C. E. 1996. Role-based access control models. IEEE Computer. 29, 2 (1996), 38--47.

Digital Library

[14]

Karp, A. H., Haury, H. and Davis, M. S. 2009. From ABAC to ZBAC: The evolution of access control models. Technical Report HPL-2009-30, HP Labs.

[15]

HIPAA, Health Insurance Portability and Accountability Act, http://www.hhs.gov/ocr/privacy/index.html

[16]

HL7, Health Level Seven International, http://www.hl7.org/

[17]

Sakamura K. and Koshizuka, N. 2001. The eTRON wide-area distributed-system architecture for e-commerce. IEEE Micro. 21, 6 (2001) 7--12.

Digital Library

[18]

Yashiro, T., Khan, M. F. F., Ito, S., Bessho, M. Kobayashi, S., Usaka, T. Koshizuka N. and Sakamura, K. 2011. eTNet: A smart card network architecture for flexible electronic commerce services. In Proceedings of 4th IFIP International Conference on New Technologies, Mobility and Security (2011), 1--5.

[19]

J. Krikke. 2005. T-Engine: Japan's ubiquitous computing architecture is ready for prime time. IEEE Pervasive Computing. 4, 2 (April 2005), 4--9.

Digital Library

[20]

Khan, M. F. F., Yashiro, T., Ito, S., Bessho, M. and Sakamura, K. 2009. A secure and flexible electronic-ticket system. In Proceedings of 33rd Annual IEEE International Computer Software and Applications Conference (2009), 421--426.

Digital Library

[21]

Koshizuka, N. and Sakamura, K. 2010. Ubiquitous ID: standards for ubiquitous computing and the Internet of things. IEEE Pervasive Computing. 9, 4 (2010), 98--101.

Digital Library

[22]

Kuhn, D. R., Coyne, E. J. and Weil, T. R. 2010. Adding attributes to role-based access control. IEEE Computer. 43, 6 (June 2010), 79--81.

Digital Library

[23]

Canada Health Infoway, https://www.infoway-inforoute.ca/lang-en/

[24]

Barka, E. and Sandhu, R. 2000. A role-based delegation model and some extensions. In Proceedings of National Information Systems Security Conference (2000), 101--114.

[25]

Barka, E. and Sandhu, R. 2004. Role-based delegation model/hierarchical roles. In Proceedings of Annual Computer Security Applications Conference (2004), 396--404.

Digital Library

[26]

Zhang, L., Ahn, G. and Chu, B. T. 2001. A rule-based framework for role based delegation. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (2001), 53--162.

Digital Library

[27]

Zhang, X., Oh, S. and Sandhu, R. 2003. PBDM: A flexible delegation model in RBAC. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (2003), 149--157.

Digital Library

[28]

Ferreira, A., Chadwick, D., Farinha, P., Correia, et al. 2009. How to securely break into RBAC: the BTG-RBAC model. In Proceedings of the 2009 Annual Computer Security Applications Conference (2009), 23--31.

Digital Library

[29]

Marinovic, S., Craven, R., Ma, J., and Dulay. N. 2011. Rumpole: a flexible break-glass access control model. In Proceedings of the 16th ACM symposium on Access control models and technologies (2011), 73--82.

Digital Library

[30]

Gupta, S. K. S., Mukherjee, T. and Venkatasubramanian, K. 2006. Criticality Aware Access Control Model for Pervasive Applications. In Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications (2006), 251--257.

Digital Library

[31]

The Protégé Ontology Editor and Knowledge Acquisition System, http://protege.stanford.edu/

[32]

Rjaibi W. 2004. An introduction to multilevel secure relational database management systems. In Proceedings. 24th Conference of the Center for Advanced Studies on Collaborative Research (2004), 232--241.

Digital Library

[33]

Sandhu R. S. 1993. Lattice-based access control models. IEEE Computer, 26, 11(Nov. 1993), 9--19.

Digital Library

Cited By

Petrov DZnati T(2018)Context-Aware Deep Learning-Driven Framework for Mitigation of Security Risks in BYOD-Enabled Environments2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC.2018.00032(166-175)Online publication date: Oct-2018
https://doi.org/10.1109/CIC.2018.00032
Khan MSakamura KKoshizuka N(2017)Robust Enterprise Application Security with eTRON ArchitectureEnterprise Security10.1007/978-3-319-54380-2_7(155-178)Online publication date: 19-Mar-2017
https://doi.org/10.1007/978-3-319-54380-2_7
Jayabalan MO'daniel T(2016)Access control and privilege management in electronic health recordJournal of Medical Systems10.1007/s10916-016-0589-z40:12(1-9)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1007/s10916-016-0589-z
Show More Cited By

Index Terms

Context-awareness: exploring the imperative shared context of security and ubiquitous computing
1. Security and privacy
  1. Database and storage security
  2. Security services
    1. Authentication
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory
      1. Theory of database privacy and security

Recommendations

The Context-Security Nexus in Ubiquitous Computing

Context-awareness is a quintessential feature of ubiquitous computing. Contextual information not only facilitates improved applications, but can also become significant security parameters — which in turn can potentially ensure service delivery not to ...
Cerberus: A Context-Aware Security Scheme for Smart Spaces
PERCOM '03: Proceedings of the First IEEE International Conference on Pervasive Computing and Communications

Ubiquitous computing has fueled the idea of constructing sentient, information-rich "smart spaces" that extend the boundaries of traditional computing to encompass physical spaces, embedded devices, sensors, and other machinery. To achieve this, smart ...
Challenges in the age of ubiquitous computing: a case study of T-Engine, an open development platform for embedded systems
ICSE '06: Proceedings of the 28th international conference on Software engineering

Ubiquitous Computing poses new challenges for the software engineering community. The T-Engine platform consisting of standard real-time kernel, T-Kernel, running on the standard hardware with networking facility creates broad application opportunities ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

IIWAS '12: Proceedings of the 14th International Conference on Information Integration and Web-based Applications & Services

December 2012

432 pages

ISBN:9781450313063

DOI:10.1145/2428736

General Chair:
Eric Pardede
La Trobe University, Australia

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

@WAS: International Organization of Information Integration and Web-based Applications and Services

In-Cooperation

ACM: Association for Computing Machinery

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 December 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

IIWAS '12

Sponsor:

@WAS

IIWAS '12: The 14th International Conference on Information Integration and Web-based Applications & Services

December 3 - 5, 2012

Bali, Indonesia

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
290
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Petrov DZnati T(2018)Context-Aware Deep Learning-Driven Framework for Mitigation of Security Risks in BYOD-Enabled Environments2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC.2018.00032(166-175)Online publication date: Oct-2018
https://doi.org/10.1109/CIC.2018.00032
Khan MSakamura KKoshizuka N(2017)Robust Enterprise Application Security with eTRON ArchitectureEnterprise Security10.1007/978-3-319-54380-2_7(155-178)Online publication date: 19-Mar-2017
https://doi.org/10.1007/978-3-319-54380-2_7
Jayabalan MO'daniel T(2016)Access control and privilege management in electronic health recordJournal of Medical Systems10.1007/s10916-016-0589-z40:12(1-9)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1007/s10916-016-0589-z
Khan MSakamura K(2015)Tamper-Resistant Security for Cyber-Physical Systems with eTRON ArchitectureProceedings of the 2015 IEEE International Conference on Data Science and Data Intensive Systems (DSDIS)10.1109/DSDIS.2015.98(196-203)Online publication date: 11-Dec-2015
https://dl.acm.org/doi/10.1109/DSDIS.2015.98
Mowafi YAbou-Tair DZmily AAl-Aqarbeh TAbilov MDmitriyevr V(2015)Exploring a Context-based Network Access Control for Mobile DevicesProcedia Computer Science10.1016/j.procs.2015.08.53062(547-554)Online publication date: 2015
https://doi.org/10.1016/j.procs.2015.08.530
Khan MSakamura K(2013)Towards securer and smarter smartcard applications2013 IEEE Third International Conference on Consumer Electronics ¿ Berlin (ICCE-Berlin)10.1109/ICCE-Berlin.2013.6698024(302-306)Online publication date: Sep-2013
https://doi.org/10.1109/ICCE-Berlin.2013.6698024

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten