Securing Information Gateways with Derivation-Constrained Access Control
In pervasive computing environments, information gateways derive specific information, such as a person’s location, from raw data provided by a service, such as a videostream offered by a camera. Here, access control to confidential raw data provided by a service becomes difficult when a client does not have access rights to this data. For example, a client might have access to a person’s location information, but not to the videostream from which a gateway derives this information. Simply granting access rights to a gateway will allow an intruder into the gateway to access any raw data that the gateway can access. We present the concept of derivation-constrained access control, which requires a gateway to prove to a service that the gateway needs requested raw data to answer a client’s authorized request for derived information. Therefore, an intruder into the gateway will be limited in its capabilities. We provide a formal framework for derivation-constrained access control based on Lampson et al.’s “speaks-for” relationship. We demonstrate feasibility of our design with a sample implementation and a performance evaluation.
KeywordsAccess Control Location Information Location Service Access Control Model Subject Information
Unable to display preview. Download preview PDF.
- 1.Gasser, M., McDermott, E.: An Architecture for Practical Delegation in a Distributed System. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 20–30 (1990)Google Scholar
- 2.Kornievskaia, O., Honeyman, P., Doster, B., Coffman, K.: Kerberized Credential Translation: A Solution to Web Access Control. In: Proceedings of 10th Usenix Security Symposium (2001)Google Scholar
- 5.Neuman, B.: Proxy-Based Authorization and Accounting for Distributed Systems. In: Proceedings of International Conference on Distributed Computing Systems, pp. 283–291 (1993)Google Scholar
- 6.Sollins, K.R.: Cascaded Authentication. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 156–163 (1988)Google Scholar
- 8.Howell, J., Kotz, D.: End-to-end authorization. In: Proceedings of 4th Symposium on Operating System Design & Implementation (OSDI 2000), pp. 151–164 (2000)Google Scholar
- 9.Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory. RFC 2693 (1999)Google Scholar
- 11.Hengartner, U.: Access Control to Information in Pervasive Computing Environments. PhD thesis, Computer Science Department, Carnegie Mellon University, Available as Technical Report CMU-CS-05-160 (2005)Google Scholar
- 12.Bertino, E., Bettini, C., Samarati, P.: A Temporal Authorization Model. In: Proceedings of 2nd ACM Conference on Computer and Communications Security (CCS 1994), pp. 126–135 (1994)Google Scholar
- 13.Cohen, E., Jefferson, D.: Protection in the Hydra Operating System. In: Proceedings of 5th ACM Symposium on Operating Systems Principles, pp. 141–160 (1975)Google Scholar
- 15.Song, D., Wagner, D., Perrig, A.: Practical Techniques for Searches on Encrypted Data. In: Proceedings of 2000 IEEE Symposium on Security and Privacy (2000)Google Scholar
- 16.Appel, A.W., Felten, E.W.: Proof-Carrying Authentication. In: Proceedings of 6th ACM Conference on Computer and Communications Security (1999)Google Scholar