Abstract
Mobile devices are more and more integrated in workflows, especially when interacting with stationary resources like machines in order to improve productivity or usability, but risk unauthorized access or unwanted unattended operation. Systems for location based access control have been developed to restrict the user to be in specific locations in order to proceed in a workflow. However, these approaches do not consider the movement pattern of a user nor do they distinguish the severity of false-positives that might arise from imperfect location measurements which is crucial in certain workflows. In this paper, focusing on mobile users interacting with stationary machines, an approach for workflow policies is presented using three types of location constraints to enforce movement patterns. The evaluation of these constraints is based on a user’s location history which is generated in a tamper-proof environment on his mobile device and describes his geographical trajectory for a given timespan.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Transactions on Information and System Security (TISSEC) 2, 65–104 (1999)
Atluri, V., Huang, W.: An Authorization Model for Workflows. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 44–64. Springer, Heidelberg (1996)
Küpper, A.: Location-Based Services: Fundamentals and Operation. Wiley (2005)
Shin, H., Atluri, V.: Spatiotemporal Access Control Enforcement under Uncertain Location Estimates. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security 2009. LNCS, vol. 5645, pp. 159–174. Springer, Heidelberg (2009)
Shi, W., Yang, J., Jiang, Y., Yang, F., Xiong, Y.: SenGuard: Passive User Identification on Smartphones Using Multiple Sensors. In: 7th IEEE Int’l Conf on Wireless and Mobile Computing, Networking and Communications, pp. 141–148 (2011)
Gilbert, P., Cox, L., Jung, J., Wetherall, D.: Toward Trustworthy Mobile Sensing. In: Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications, HotMobile 2010, pp. 31–36. ACM (2010)
Wieland, M., Nicklas, D., Leymann, F.: Managing Technical Processes Using Smart Workflows. In: Mähönen, P., Pohl, K., Priol, T. (eds.) ServiceWave 2008. LNCS, vol. 5377, pp. 287–298. Springer, Heidelberg (2008)
van Cleeff, A., Pieters, W., Wieringa, R.: Benefits of Location-Based Access Control: A Literature Study. In: Proceedings of the 2010 IEEE/ACM Int’l Conf on Green Computing and Communications & Int’l Conf on Cyber, Physical and Social Computing, GREENCOM-CPSCOM 2010, pp. 739–746. IEEE (2010)
Kirkpatrick, M., Damiani, M., Bertino, E.: Prox-RBAC: A Proximity-based Spatially Aware RBAC. In: Proceedings of the 19th ACM SIGSPATIAL Int’l Conf on Advances in Geographic Information Systems, GIS 2011, pp. 339–348. ACM (2011)
Ardagna, C., Cremonini, M., Damiani, E., di Vimercati, S., Samarati, P.: Supporting Location-Based Conditions in Access Control Policies. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2006, pp. 212–222. ACM (2006)
Decker, M., Stürzel, P., Klink, S., Oberweis, A.: Location Constraints for Mobile Workflows. In: Proceedings of the 2009 Conf. on Techniques and Applications for Mobile Commerce, TAMoCo 2009, pp. 93–102. IOS Press (2009)
Che, H., Decker, M.: Anomalies in Business Process Models for Mobile Scenarios with Location Constraints. In: Proceedings of the IEEE Int’l Conf on Automation and Logistics, ICAL 2010, pp. 306–313. IEEE (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Marcus, P., Kessel, M., Linnhoff-Popien, C. (2012). Securing Mobile Device-Based Machine Interactions with User Location Histories. In: Schmidt, A.U., Russello, G., Krontiris, I., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33392-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-33392-7_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33391-0
Online ISBN: 978-3-642-33392-7
eBook Packages: Computer ScienceComputer Science (R0)