This paper describes how location-aware Role-Based Access Control (RBAC) can be implemented on top of the Geographically eXtensible Access Control Markup Language (GeoXACML). It furthermore sketches how spatial separation of duty constraints (both static and dynamic) can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC can be used to implement location dependent access control and also other security enhancing solutions on mobile devices, like location dependent device locking, firewall, intrusion prevention or payment anti-fraud systems.


location-aware RBAC GeoXACML mobile security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aburahma, M., Stumptner, R.: Modeling location attributes using XACML-RBAC model. In: MoMM 2009, Kuala Lumpur, Malaysia, p. 251 (2009)Google Scholar
  2. 2.
    Matheus, A. (ed.): OGC 07-026r2 Geospatial eXtensible Access Control Markup Language (GeoXACML) version 1.0 (2007), http://portal.opengeospatial.org/files/?artifact_id=25218
  3. 3.
    Anderson, A. (ed.): Core and hierarchical role based access control (RBAC) profile of XACML v2.0 (2005), http://docs.oasis-open.org/xacml/cd-xacml-rbac-profile-01.pdf
  4. 4.
    Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. In: ACM SACMAT, p. 37 (2005)Google Scholar
  5. 5.
    Chandran, S.M., Joshi, J.B.D.: LoT-RBAC: A Location and Time-Based RBAC Model. In: Ngu, A.H.H., Kitsuregawa, M., Neuhold, E.J., Chung, J.-Y., Sheng, Q.Z. (eds.) WISE 2005. LNCS, vol. 3806, pp. 361–375. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: Geo-rbac: A spatially aware rbac. ACM TISSEC 10(1), 2 (2007)CrossRefGoogle Scholar
  7. 7.
    Dhankhar, V., Kaushik, S., Wijesekera, D.: XACML Policies for Exclusive Resource Usage. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 275–290. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Dietrich, K., Winter, J.: Implementation Aspects of Mobile and Embedded Trusted Computing. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 29–44. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuch, D.R., Chandraouli, R.: Proposed NIST Standard for Role-Based Access Control (2001)Google Scholar
  10. 10.
    Hansen, F., Oleshchuk, V.: Spatial role-based access control model for wireless networks. In: IEEE 58th VTC, pp. 2093–2097 (2003)Google Scholar
  11. 11.
    Hansen, F., Oleshchuk, V.: SRBAC: A spatial role-based access control model for mobile systems. In: NORDSEC, pp. 129–141 (2003)Google Scholar
  12. 12.
    Kirkpatrick, M.S., Bertino, E.: Enforcing spatial constraints for mobile RBAC systems. In: ACM SACMAT, pp. 99–108. ACM (2010)Google Scholar
  13. 13.
    Ray, I., Kumar, M., Yu, L.: LRBAC: A location-aware role-based access control model. In: Information Systems Security, pp. 147–161 (2006)Google Scholar
  14. 14.
    Cox, S., et al. (eds.): OGC 02-023r4 OpenGIS Geography Markup Language (GML) Encoding Specification Version 3.00 (2002), https://portal.opengeospatial.org/files/?artifact_id=7174
  15. 15.
    Moses, T. (ed.): OASIS eXtensible Access Control Markup Language (XACML) Version 2.0 (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2012

Authors and Affiliations

  • Nils Ulltveit-Moe
    • 1
  • Vladimir Oleshchuk
    • 1
  1. 1.University of AgderGrimstadNorway

Personalised recommendations