Role Based Access Control with Spatiotemporal Context for Mobile Applications
Role based access control (RBAC) is an established paradigm in resource protection. However, with the proliferation of mobile computing, it is being frequently observed that the RBAC access decision is directly influenced by the spatiotemporal context of both the subjects and the objects in the system. Currently, there are only a few models (STRBAC, GSTRBAC) in place which specify spatiotemporal security policy on top of the classical RBAC. In this paper we propose a complete RBAC model in spatiotemporal domain based on the idea of spatiotemporal extent. The concept of spatiotemporal role extent and spatiotemporal permission extent introduced here enables our model to specify granular spatiotemporal access control policies not specifiable in the existing approaches. Our model is also powerful enough to incorporate classical role hierarchy and other useful RBAC policies including Role based Separation of Duty and Permission based Separation of Duty in spatiotemporal domain.
Healthcare is an area in which information security is of utmost importance. The risk of personal medical data leakage is especially high in mobile healthcare applications. As a proof of concept, we have implemented the proposed spatiotemporal access control method in a mobile telemedicine system.
KeywordsSpatiotemporal domain Role extent Permission extent Spatiotemporal SOD and Telemedicine
Unable to display preview. Download preview PDF.
- 6.Covington, M.V., Long, W., Srinivasan, S., Dey, A.K., Ahamad, M., Abowd, G.D.: Securing Context-aware Applications using Environment Roles. In: Proceedings of ACM Symposium on Access Control Models and Technologies, pp. 10–20 (2001)Google Scholar
- 7.Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: GEO-RBAC: A Spatially Aware RBAC. ACM Transactions on Information and System Security 10(1) Article 2, (February 2007)Google Scholar
- 9.Hansen, F., Oleshchuk, V.: Spatial Role-Based Access Control Model for Wireless Networks. In: Proceedings of IEEE Vehicular Technology Conference, pp. 2093–2097 (2003)Google Scholar
- 11.Maji, A.K.: Vulnerability Analysis of a Multi-tier Architecture for Web-based Services with Application to Tele-healthcare, MS Thesis, IIT Kharagpur, India (2008) Google Scholar
- 13.Ray, I., Kumar, M., Yu, L.: LRBAC: A Location-Aware Role-Based Access Control Model. In: Proceedings of International Conference on Information Systems Security, pp. 147–161 (2006)Google Scholar
- 14.Ray, I., Toahchoodee, M.: A Spatio-Temporal Role-Based Access Control Model. In: Proceedings of 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security (2007)Google Scholar
- 15.Samuel, A., Ghafoor, A., Bertino, E.: A Framework for Specification and Verification of Generalized Spatio-Temporal Role based Access Control Model, CERIAS Tech Report 2007-08, Purdue University, West Lafayette, IN 47907-2086. Google Scholar
- 16.Sandhu, R.: Role Activation Hierarchies. In: Proceedings of ACM Workshop on Role-Based Access, pp. 33–40 (1998)Google Scholar
- 19.XML - http://www.w3c.org/XML/