Context-Aware Access Control with Imprecise Context Characterization Through a Combined Fuzzy Logic and Ontology-Based Approach

  • A. S. M. Kayes
  • Wenny Rahayu
  • Tharam Dillon
  • Elizabeth Chang
  • Jun Han
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10573)

Abstract

Context information plays a crucial role in dynamically changing environments and the different types of contextual conditions bring new challenges to access control. This information mostly can be derived from the crisp sets. For example, we can utilize a crisp set to derive a patient and nurse are co-located in the general ward of the hospital or not. Some of the context information characterizations cannot be made using crisp sets, however, they are equally important in order to make access control decisions. For example, a patient’s current health status is “critical” or “high critical” which are imprecise fuzzy facts, whereas “95% level of maximum blood pressure allowed” is precise. Thus, there is a growing need for integrating these kinds of fuzzy and other conditions to appropriately control context-specific access to information resources at different granularity levels. Towards this goal, this paper introduces an approach to Context-Aware Access Control using Fuzzy logic (FCAAC) for information resources. It includes a formal context model to represent the fuzzy and other contextual conditions. It also includes a formal policy model to specify the policies by utilizing these conditions. Using our formal approach, we combine the fuzzy model with an ontology-based approach that captures such contextual conditions and incorporates them into the policies, utilizing the ontology languages and the fuzzy logic-based reasoning. We justify the feasibility of our approach by demonstrating the practicality through a prototype implementation and a healthcare case study, and also evaluating the performance in terms of response time.

Keywords

Context-aware access control Fuzzy facts Contextual conditions Context model Fuzzy reasoning model Policy model 

References

  1. 1.
    Weiser, M.: Some computer science issues in ubiquitous computing. Commun. ACM 36(7), 75–84 (1993)CrossRefGoogle Scholar
  2. 2.
    Kayes, A.S.M., Han, J., Colman, A.: OntCAAC: an ontology-based approach to context-aware access control for software services. Comput. J. 58(11), 3000–3034 (2015)CrossRefGoogle Scholar
  3. 3.
    Kayes, A.S.M., Han, J., Colman, A.W.: An ontological framework for situation-aware access control of software services. Inf. Syst. 53, 253–277 (2015)CrossRefGoogle Scholar
  4. 4.
    Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. In: SACMAT, pp. 29–37 (2005)Google Scholar
  5. 5.
    Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng. 17(1), 4–23 (2005)CrossRefGoogle Scholar
  6. 6.
    Bonatti, P., Galdi, C., Torres, D.: Event-driven RBAC. J. Comput. Secur. 23(6), 709–757 (2015)CrossRefGoogle Scholar
  7. 7.
    Schefer-Wenzl, S., Strembeck, M.: Modelling context-aware RBAC models for mobile business processes. IJWMC 6(5), 448–462 (2013)CrossRefGoogle Scholar
  8. 8.
    Hosseinzadeh, S., Virtanen, S., Rodríguez, N.D., Lilius, J.: A semantic security framework and context-aware role-based access control ontology for smart spaces. In: SBD@SIGMOD, pp. 1–6 (2016)Google Scholar
  9. 9.
    Trnka, M., Cerný, T.: On security level usage in context-aware role-based access control. In: SAC, pp. 1192–1195 (2016)Google Scholar
  10. 10.
    Kayes, A.S.M., Han, J., Colman, A.: An ontology-based approach to context-aware access control for software services. In: Lin, X., Manolopoulos, Y., Srivastava, D., Huang, G. (eds.) WISE 2013. LNCS, vol. 8180, pp. 410–420. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41230-1_34 CrossRefGoogle Scholar
  11. 11.
    Kayes, A.S.M., Han, J., Colman, A., Islam, M.S.: RelBOSS: a relationship-aware access control framework for software services. In: CoopIS, pp. 258–276 (2014)Google Scholar
  12. 12.
    Kayes, A.S.M., Han, J., Colman, A.: PO-SAAC: a purpose-oriented situation-aware access control framework for software services. In: Jarke, M., Mylopoulos, J., Quix, C., Rolland, C., Manolopoulos, Y., Mouratidis, H., Horkoff, J. (eds.) CAiSE 2014. LNCS, vol. 8484, pp. 58–74. Springer, Cham (2014). doi:10.1007/978-3-319-07881-6_5 Google Scholar
  13. 13.
    Kayes, A.S.M., Han, J., Colman, A.: A semantic policy framework for context-aware access control applications. In: TrustCom, pp. 753–762 (2013)Google Scholar
  14. 14.
    Almenárez, F., Marín, A., Campo, C., García R., C.: TrustAC: Trust-based Access Control for pervasive devices. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 225–238. Springer, Heidelberg (2005). doi:10.1007/11414360_22 CrossRefGoogle Scholar
  15. 15.
    Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: IEEE Symposium on Security and Privacy, pp. 222–230. IEEE (2007)Google Scholar
  16. 16.
    Takabi, H., Amini, M., Jalili, R.: Trust-based user-role assignment in role-based access control. In: AICCSA, pp. 807–814. IEEE (2007)Google Scholar
  17. 17.
    Martínez-García, C., Navarro-Arribas, G., Borrell, J.: Fuzzy role-based access control. Inf. Process. Lett. 111(10), 483–487 (2011)CrossRefMATHMathSciNetGoogle Scholar
  18. 18.
    Feng, L., Dillon, T.S.: Using fuzzy linguistic representations to provide explanatory semantics for data warehouses. IEEE Trans. Knowl. Data Eng. 15(1), 86–102 (2003)CrossRefGoogle Scholar
  19. 19.
    Dey, A.K.: Understanding and using context. Pers. Ubiquitous Comput. 5(1), 4–7 (2001)CrossRefGoogle Scholar
  20. 20.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29, 38–47 (1996)CrossRefGoogle Scholar
  21. 21.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM TISSEC 4(3), 224–274 (2001)CrossRefGoogle Scholar
  22. 22.
    Riboni, D., Bettini, C.: OWL 2 modeling and reasoning with complex human activities. Pervasive Mob. Comput. 7, 379–395 (2011)CrossRefGoogle Scholar
  23. 23.
    OWL: Web ontology language (2017). http://www.w3.org/2007/owl/
  24. 24.
    SWRL: Semantic web rule language (2017). http://www.w3.org/submission/swrl/
  25. 25.
    Protégé: Protégé-OWL API (2017). http://protege.stanford.edu/
  26. 26.
    Jess: Jess rule engine (2017). http://herzberg.ca.sandia.gov/
  27. 27.
    jFuzzyLogic: Fuzzy concepts and fuzzy control system in Java (2017). http://sourceforge.net/projects/jfuzzylogic
  28. 28.
    Wong, A.K.Y., Wong, J.H.K., Lin, W.W.K., Dillon, T.S., Chang, E.J.: Semantically Based Clinical TCM Telemedicine Systems. SCI, vol. 587. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46024-5 Google Scholar
  29. 29.
    Chang, E., Hussain, F., Dillon, T.: Trust and Reputation for Service-Oriented Environments: Technologies for Building Business Intelligence and Consumer Confidence. Wiley, London (2006)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • A. S. M. Kayes
    • 1
  • Wenny Rahayu
    • 1
  • Tharam Dillon
    • 1
  • Elizabeth Chang
    • 2
  • Jun Han
    • 3
  1. 1.La Trobe UniversityMelbourneAustralia
  2. 2.University of New South WalesCanberraAustralia
  3. 3.Swinburne University of TechnologyMelbourneAustralia

Personalised recommendations