Skip to main content

A conceptual model of security context

Abstract

Ubiquitous environments which embrace the trends of enterprise mobility and the consumerization of IT have an increasing social importance. In these environments, the same device and applications are simultaneously used for both personal and professional purposes. Such usage blurs the boundaries between personal and professional domains and presents many challenges for information security. Context-aware security has been proposed as a solution for many of them. We argue that the existing approaches are limited and mainly deal with targeted use cases. They do not provide a clear and complete understanding of the context relevant for security, and use contextual information with an arbitrary level of abstraction. In order to address these issues, we propose a conceptual model of security context. The model identifies important concepts of security context and takes related social aspects into account. It represents the security context through a set of concepts at the appropriate level of abstraction. We show that our model is suitable to analyze various situations from the perspective of security and compare them with the existing approaches. The model promises to facilitate the specification and management of security policies containing contextual information as well.

This is a preview of subscription content, access via your institution.

Fig. 1

References

  1. Abowd, G.D., Dey, A.K., Brown, P.J., Davies, N., Smith, M., Steggles, P.: Towards a better understanding of context and context-awareness. In: Gellersen, H.W. (ed.) Handheld and Ubiquitous Computing. Lecture Notes in Computer Science, vol. 1707, pp. 304–307. Springer, Berlin (1999)

    Chapter  Google Scholar 

  2. Ahmed, A., Zhang, N.: Towards the realisation of context-risk-aware access control in pervasive computing. Telecommun. Syst. 45(2–3), 127–137 (2010)

    Article  Google Scholar 

  3. Al-Muhtadi, J., Ranganathan, A., Campbell, R., Mickunas, M.D.: Cerberus: a context-aware security scheme for smart spaces. In: Proceedings of the IEEE International Conference on Pervasive Computing and Communications, PerCom ’03, pp. 489–496. IEEE Computer Society (2003)

  4. Bai, G., Gu, L., Feng, T., Guo, Y., Chen, X.: Context-aware usage control for android. In: Jajodia, S., Zhou, J. (eds.) Security and Privacy in Communication Networks, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 50, pp. 326–343. Springer, Berlin (2010)

    Google Scholar 

  5. Baldauf, M., Dustdar, S., Rosenberg, F.: A survey on context-aware systems. Int. J. Ad Hoc Ubiquitous Comput. 2(4), 263–277 (2007)

    Article  Google Scholar 

  6. Bandinelli, M., Paganelli, F., Vannuccini, G., Giuli, D.: A context-aware security framework for next generation mobile networks. In: Schmidt, A., Lian, S. (eds.) Security and Privacy in Mobile Information and Communication Systems. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 17, pp. 134–147. Springer, Berlin (2009)

    Google Scholar 

  7. Basole, R.C.: The value and impact of mobile information and communication technologies. In: Proceedings of the IFAC Symposium on Analysis, Modeling & Evaluation of Human-Machine Systems, pp. 1–7 (2004)

  8. Basole, R.C.: The emergence of the mobile enterprise: a value-driven perspective. In: International Conference on the Management of Mobile Business, ICMB 2007, pp. 41–41. IEEE (2007)

  9. Bazire, M., Brézillon, P.: Understanding context before using it. In: Dey, A., Kokinov, B., Leake, D., Turner, R. (eds.) Modeling and Using Context. Lecture Notes in Computer Science, vol. 3554, pp. 29–40. Springer, Berlin (2005)

    Chapter  Google Scholar 

  10. Bettini, C., Brdiczka, O., Henricksen, K., Indulska, J., Nicklas, D., Ranganathan, A., Riboni, D.: A survey of context modelling and reasoning techniques. Pervasive Mob. Comput. 6(2), 161–180 (2010)

    Article  Google Scholar 

  11. Bishop, M.A.: The Art and Science of Computer Security. Addison-Wesley, Boston (2002)

  12. Buchholz, T., Schiffers, M.: Quality of context: What it is and why we need it. In: Proceedings of the 10th Workshop of the OpenView University Association: OVUA’03 (2003)

  13. Campbell, R., Al-Muhtadi, J., Naldurg, P., Sampemane, G., Mickunas, M.D.: Towards security and privacy for pervasive computing. In: Okada, M., Pierce, B., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) Software Security : Theories and Systems. Lecture Notes in Computer Science, vol. 2609, pp. 1–15. Springer, Berlin (2003)

    Google Scholar 

  14. Chen, G., Kotz, D.: A survey of context-aware mobile computing research. Technical report, Department of Computer Science, Dartmouth College (2000)

  15. Clarke, J., Hidalgo, M.G., Lioy, A., Petkovic, M., Vishik, C., Ward, J.: Consumerization of IT: top risks and opportunities. Technical report, European Network and Information Security Agency (ENISA) (2012)

  16. Covington, M.J., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT ’01, pp. 10–20. ACM (2001)

  17. Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008)

    Article  Google Scholar 

  18. D’Arcy, P.: CIO strategies for consumerization: the future of enterprise mobile computing (2011)

  19. Dey, A.K.: Understanding and using context. Pers. Ubiquitous Comput. 5(1), 4–7 (2001)

    Article  Google Scholar 

  20. Dourish, P.: What we talk about when we talk about context. Pers. Ubiquitous Comput. 8(1), 19–30 (2004)

    Article  Google Scholar 

  21. Engeström, Y., et al.: Activity theory and individual and social transformation. Perspectives on activity theory, pp. 19–38 (1999)

  22. Evesti, A., Pantsar-Syväniemi, S.: Towards micro architecture for security adaptation. In: Proceedings of the European Conference on Software Architecture: Companion Volume, ECSA ’10, pp. 181–188. ACM (2010)

  23. Feth, D., Jung, C.: Context-aware, data-driven policy enforcement for smart mobile devices in business environments. In: Schmidt, A., Russello, G., Krontiris, I., Lian, S. (eds.) Security and Privacy in Mobile Information and Communication Systems. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 107, pp. 69–80. Springer, Berlin (2012)

    Google Scholar 

  24. Frank, K., Kalatzis, N., Roussaki, I., Liampotis, N.: Challenges for context management systems imposed by context inference. In: Proceedings of the International Workshop on Managing Ubiquitous Communications and Services, MUCS ’09, pp. 27–34. ACM (2009)

  25. Ganger, G.R.: Authentication confidences. In: Proceedings of the Workshop on Hot Topics in Operating Systems, HOTOS ’01, p. 169. IEEE Computer Society (2001)

  26. Giessmann, A., Stanoevska-Slabeva, K., De Visser, B.: Mobile enterprise applications: current state and future directions. In: Proceedings of the 45th Hawaii International Conference on System Science, HICSS 2012, pp. 1363–1372. IEEE (2012)

  27. Hachem, S., Toninelli, A., Pathak, A., Issarny, V.: Policy-based access control in mobile social ecosystems. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY ’11, pp. 57–64. IEEE Computer Society (2011)

  28. Haque, M., Ahamed, S.I.: Security in pervasive computing: current status and open issues. Int. J. Netw. Secur. 3(3), 203–214 (2006)

    Google Scholar 

  29. Harris, J., Ives, B., Junglas, I.: IT consumerization: when gadgets turn into enterprise IT tools. MIS Q. Exec. 11(3), 99–111 (2012)

    Google Scholar 

  30. Hines, A., Carbone, C.: The future of knowledge work. Employ. Relat. Today 40(1), 1–17 (2013)

    Article  Google Scholar 

  31. Hulsebosch, R., Bargh, M., Lenzini, G., Ebben, P., Iacob, S.: Context sensitive adaptive authentication. In: Kortuem, G., Finney, J., Lea, R., Sundramoorthy, V. (eds.) Smart Sensing and Context. Lecture Notes in Computer Science, vol. 4793, pp. 93–109. Springer, Berlin (2007)

    Chapter  Google Scholar 

  32. ISO/IEC: ISO/IEC 27002:2005: Information technology—Security techniques—Code of practice for information security management. Technical Report 27002:2005, ISO/IEC (2005)

  33. ITU-T: Security architecture for open systems interconnection for CCITT applications. Technical Report. Recommendation X.800, International Telecommunications Union (ITU) (1991)

  34. Johnson, G., Shakarian, P., Gupta, N., Agrawala, A.: Towards shrink-wrapped security: practically incorporating context into security services. Procedia Comput. Sci. 5, 782–787 (2011)

    Article  Google Scholar 

  35. Johnson, G.M.: Towards shrink-wrapped security: a taxonomy of security-relevant context. In: Proceedings of the IEEE International Conference on Pervasive Computing and Communications, PerCom ’09, pp. 1–2. IEEE Computer Society (2009)

  36. Ksiezopolski, B., Kotulski, Z.: Adaptable security mechanism for dynamic environments. Comput. Secur. 26(3), 246–255 (2007)

    Article  Google Scholar 

  37. Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT ’08, pp. 113–122. ACM (2008)

  38. La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. Commun. Surv. Tutor. IEEE 15(1), 446–471 (2013)

    Article  Google Scholar 

  39. Lacoste, M., Privat, G., Ramparany, F.: Evaluating confidence in context for context-aware security. In: Ambient Intelligence, pp. 211–229. Springer (2007)

  40. Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2011)

    Article  Google Scholar 

  41. Kouadri-Mostefaoui, G.: Towards a conceptual and software framework for integrating context-based security in pervasive environments. Ph.D. thesis, University of Fribourg (2004)

  42. Niehaves, B., Köffer, S., Ortbach, K.: IT consumerization: a theory and practice review. In: Americas Conference on Information Systems, AMCIS 2012 (2012)

  43. Nissenbaum, H.F.: Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford Law & Politics (2010)

  44. Papadopoulou, E., Gallacher, S., Taylor, N.K., Williams, M.H.: A personal smart space approach to realising ambient ecologies. Pervasive Mob. Comput. 8(4), 485–499 (2012)

    Article  Google Scholar 

  45. Ramakrishna, V., Eustice, K., Schnaider, M.: Approaches for ensuring security and privacy in unplanned ubiquitous computing interactions. In: Reiher, P., Makki, K., Pissinou, N., Makki, S., Makki, S. (eds.) Mob. Wirel. Netw. Secur. Priv., pp. 167–189. Springer, US (2007)

    Chapter  Google Scholar 

  46. Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: Proceedings of the USENIX Security Symposium, Security ’12, pp. 15–15. USENIX Association (2012)

  47. Robinson, P., Beigl, M.: Trust context spaces: an infrastructure for pervasive security in context-aware environments. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. Lecture Notes in Computer Science, vol. 2802, pp. 157–172. Springer, Berlin (2004)

    Chapter  Google Scholar 

  48. Rocha, B.P., Costa, D.N., Moreira, R.A., Rezende, C.G., Loureiro, A.A., Boukerche, A.: Adaptive security protocol selection for mobile computing. J. Netw. Comput. Appl. 33(5), 569–587 (2010)

    Article  Google Scholar 

  49. Sabzevar, A., Sousa, J.: Chameleon: a model of identification, authorization and accountability for ubicomp. In: Hsu, C.H., Yang, L., Ma, J., Zhu, C. (eds.) Ubiquitous Intelligence and Computing. Lecture Notes in Computer Science, vol. 6905, pp. 326–339. Springer, Berlin (2011)

    Chapter  Google Scholar 

  50. Sandhu, R.: Good-enough security. Internet Comput. 7(1), 66–68 (2003)

    Article  Google Scholar 

  51. Saxena, A., Lacoste, M., Jarboui, T., Lücking, U., Steinke, B.: A software framework for autonomic security in pervasive environments. In: McDaniel, P., Gupta, S. (eds.) Information Systems Security. Lecture Notes in Computer Science, vol. 4812, pp. 91–109. Springer, Berlin (2007)

    Chapter  Google Scholar 

  52. Schmidt, A., Pfleging, B., Alt, F., Sahami, A., Fitzpatrick, G.: Interacting with 21st-century computers. Pervasive Comput. 11(1), 22–31 (2012)

    Article  Google Scholar 

  53. Shirey, R.W: Internet security glossary, version 2. Technical Report RFC: 4949, The Internet Engineering Task Force (IETF) (2007)

  54. Spanoudakis, G., Kokolakis, S., Gomez, A.M.: Security and Dependability for Ambient Intelligence. Springer, Berlin (2009)

  55. Stallings, W., Brown, L.V.: Computer Security: Principles and practice. Prentice-Hall, New Jersey (2008)

  56. Strimpakou, M., Roussaki, I., Pils, C., Angermann, M., Robertson, P., Anagnostou, M.: Context modelling and management in ambient-aware pervasive environments. In: Strang, T., Linnhoff-Popien, C. (eds.) Location- and Context-Awareness. Lecture Notes in Computer Science, vol. 3479, pp. 83–94. Springer, Berlin (2005)

    Chapter  Google Scholar 

  57. The Australian Signals Directorate: Risk management of enterprise mobility including bring your own device. Technical report, Australian Governament, Department of Defence, Intelligence and Security (2013)

  58. Thomas, R.K., Sandhu, R.: Models, protocols, and architectures for secure pervasive computing: challenges and research directions. In: Proceedings of the IEEE Conference on Pervasive Computing and Communications, PerCom ’04, pp. 164–168. IEEE Computer Society (2004)

  59. Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: Proteus: a semantic context-aware adaptive policy model. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY ’07, pp. 129–140. IEEE Computer Society (2007)

  60. Weiser, M.: The computer for the 21st century. Sci. Am. 265(3), 94–104 (1991)

    Article  Google Scholar 

  61. Ye, J., Dobson, S., McKeever, S.: Situation identification techniques in pervasive computing: a review. Pervasive Mob. Comput. 8(1), 36–66 (2012)

    Article  Google Scholar 

  62. Zhang, R., Giunchiglia, F., Crispo, B., Song, L.: Relation-based access control: an access control model for context-aware computing environment. Wirel. Pers. Commun. 55(1), 5–17 (2010)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by the Slovenian Research Agency (ARRS).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Vladimir Jovanovikj.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Jovanovikj, V., Gabrijelčič, D. & Klobučar, T. A conceptual model of security context. Int. J. Inf. Secur. 13, 571–581 (2014). https://doi.org/10.1007/s10207-014-0229-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-014-0229-x

Keywords

  • Security
  • Context
  • Ubiquitous computing