Skip to main content
SpringerLink
Log in

Integrating Access Control Obligations in the Session Initiation Protocol for Pervasive Computing Environments

  • Conference paper
  • First Online:
E-Technologies: Embracing the Internet of Things (MCETECH 2017)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 289))

Included in the following conference series:

  • 918 Accesses

Abstract

The widely use of advanced technologies in the sensor network and computing has facilitated the development of convenient pervasive applications in order to access information at anytime and anywhere. The traditional access control mechanisms cannot appropriately protect the access and usage of digital resources in the highly distributed and heterogeneous computing environment. In such an environment, enforcing continuously the access control policies during the access period is a challenge because traditional authorization decisions are generally made at the time of access requests but do not consider ongoing controls. Obligations are the vital part of many access control policies and they specify mandatory behavior that should be conducted by a user of the access control system in sensitive domains. Therefore, utilizing a mechanism to approve the fulfillment of the obligation is required for continuing or revoking the access decision. We leveraged the capability of Session Initiation Protocol (SIP) to manage the communication between entities in order to provide a mechanism to handle the continuous enforcement of the obligation. Meanwhile, we present several scenarios which indicate our proposed model can manage the obligatory behavior that affects the continuity of access to resources in pervasive computing environment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. eXtensible Access Control Markup Language (XACML), version 3.0, OASIS standard, January 2013. https://www.oasis-open.org/

  2. Ardagna, C.A., Cremonini, M., Damiani, E., di Vimercati, S.D.C., Samarati, P.: Supporting location-based conditions in access control policies. In: ACM Symposium on Information, Computer and Communications Security, pp. 212–222. ACM (2006)

    Google Scholar 

  3. Cirani, S., Picone, M., Veltri, L.: A session initiation protocol for the internet of things. Sci. Int. J. Parallel Distrib. Comput. Scalable Comput. Pract. Experience 14(4), 249–263 (2015). SCPE

    Google Scholar 

  4. Damiani, M.L., Bertino, E., Silvestri, C.: An approach to supporting continuity of usage location-based access control. In: 12th IEEE International Workshop on Future Trends of Distributed Computing Systems, pp. 199–205. IEEE (2008)

    Google Scholar 

  5. Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data Knowl. Eng. 71(1), 127–147 (2012)

    Article  Google Scholar 

  6. Feltus, C., Petit, M., Sloman, M.: Enhancement of business IT alignment by including responsibility components in RBAC. In: CAiSE 2010 Workshop Busital 10, Hammamet, Tunisia, pp. 61–75 (2010)

    Google Scholar 

  7. Gomez, L., Trabelsi, S.: Obligation based access control. In: Meersman, R. (ed.) On the Move to Meaningful Internet Systems: OTM 2014 Workshops. LNCS, vol. 8842, pp. 108–116. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45550-0_15

    Google Scholar 

  8. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., et al.: SIP: Session initiation protocol. RFC 3261 (2002). https://www.ietf.org/rfc/rfc3261.txt

  9. Karopoulos, G., Mori, P., Martinelli, F.: Continuous authorizations in SIP with usage control. In: 20th Euromicro International Conference on Parallel, Distributed and Network-based Processing, pp. 283–287. IEEE (2012)

    Google Scholar 

  10. Karopoulos, G., Mori, P., Martinelli, F.: Usage control in SIP-based multimedia delivery. Comput. Secur. 39, 406–418 (2013). Elsevier

    Article  Google Scholar 

  11. Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.P.: A general obligation model and continuity-enhanced policy enforcement engine for usage control. In: The 13th ACM symposium on Access Control Models and Technologies, pp. 123–132. ACM (2008)

    Google Scholar 

  12. Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: 13th ACM symposium on Access Control Models and Technologies, pp. 113–122. ACM (2008)

    Google Scholar 

  13. Li, N., Chen, H., Bertino, E.: On practical specification and enforcement of obligations. In: The second ACM conference on Data and Application Security and Privacy, pp. 71–82. ACM (2012)

    Google Scholar 

  14. Liscano, R., Dersingh, A., Jost, A.G., Hu, H.: Discovering and managing access to private services in collaborative sessions. IEEE Trans. Syst. Man Cybern. Part A: Syst. Hum. 36(6), 1086–1097 (2006). IEEE

    Article  Google Scholar 

  15. Miskovic, V., Babic, D.: An architecture for pervasive healthcare system based on the IP multimedia subsystem and body sensor network. Facta Univ. Ser. Electron. Energetics 28(3), 439–456 (2015)

    Article  Google Scholar 

  16. Park, J., Sandhu, R.: The UCON\(_{ABC}\) usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)

    Article  Google Scholar 

  17. Ray, I., Toahchoodee, M.: A spatio-temporal role-based access control model. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 211–226. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73538-0_16

    Chapter  Google Scholar 

  18. Sampemane, G., Naldur, P., Campbellg, R.H.: Access control for active spaces. In: 18th Annual Computer Security Applications Conference. ACM (2002)

    Google Scholar 

  19. Schulzrinne, H., Wedlund, E.: Application-layer mobility using SIP. Mob. Comput. Commun. Rev. 4(3), 47–57 (2000). ACM

    Article  Google Scholar 

  20. Sharghi, H., Sartipi, K.: An expressive event-based language for representing user behavior patterns. J. Intell. Inf. Syst. 1–25 (2017). doi:10.1007/s10844-017-0456-5

  21. Strembeck, M., Neumann, G.: An integrated approach to engineer and enforce context constraints in RBAC environments. ACM Trans. Inf. Syst. Secur. 7(3), 392–427 (2004). ACM

    Article  Google Scholar 

  22. Toahchoodee, M.: Access control models for pervasive computing environments. Ph.D. thesis, Colorado State University, Fort Collins, Colorado (2010)

    Google Scholar 

  23. Toahchoodee, M., Abdunabi, R., Ray, I., Ray, I.: A trust-based access control model for pervasive computing applications. In: Gudes, E., Vaidya, J. (eds.) DBSec 2009. LNCS, vol. 5645, pp. 307–314. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03007-9_22

    Chapter  Google Scholar 

  24. Ulltveit-Moe, N., Oleshchuk, V.: Enforcing mobile security with location-aware role-based access control. Secur. Commun. Netw. 9(5), 429–439 (2016). Wiley

    Article  Google Scholar 

  25. Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8(4), 351–387 (2005)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical, Computer and Software Engineering, University of Ontario Institute of Technology, Oshawa, ON, L1H 7K4, Canada

    Hassan Sharghi & Ramiro Liscano

Authors
  1. Hassan Sharghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ramiro Liscano
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hassan Sharghi .

Editor information

Editors and Affiliations

  1. Université de Montréal, Montreal, Québec, Canada

    Esma Aïmeur

  2. University of Ottawa, Ottawa, Ontario, Canada

    Umar Ruhi

  3. Carleton University, Ottawa, Ontario, Canada

    Michael Weiss

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Sharghi, H., Liscano, R. (2017). Integrating Access Control Obligations in the Session Initiation Protocol for Pervasive Computing Environments. In: Aïmeur, E., Ruhi, U., Weiss, M. (eds) E-Technologies: Embracing the Internet of Things . MCETECH 2017. Lecture Notes in Business Information Processing, vol 289. Springer, Cham. https://doi.org/10.1007/978-3-319-59041-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59041-7_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59040-0

  • Online ISBN: 978-3-319-59041-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation