A Contextual Attribute-Based Access Control Model

  • Michael J. Covington
  • Manoj R. Sastry
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4278)


The emergence of ubiquitous mobile devices, such as MP3 players, cellular phones, PDAs, and laptops, has sparked the growth of rich, mobile applications. Moreover, these applications are increasingly “aware” of the user and her surrounding environment. Dynamic mobile environments are generating new requirements – such as allowing users to access real-time, customized services on-demand and with no prior registration – that are not currently addressed by existing approaches to authorization. We investigate using contextual information present in the user’s operating environment, such as a user’s location, for defining an authorization policy. More precisely, we have defined an access control model that uses contextual attributes to capture the dynamic properties of a mobile environment, including attributes associated with users, objects, transactions, and the environment. Our Contextual Attribute-Based Access Control model lends itself more naturally to a mobile environment where subjects and objects are dynamic. Our authorization model promotes the adoption of many revolutionary mobile applications by allowing for the specification of flexible access control policies.


Access Control Object Attribute User Attribute Access Control Policy Access Control Model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sastry, M.R., Covington, M.J.: Attribute-based authentication using trusted platforms. In: Proceedings of the 8th International Symposium on Wireless Personal Multimedia Communications (WPMC 2005), Aalborg, Denmark (2005); Special Session on Platform SecurityGoogle Scholar
  2. 2.
    Covington, M.J., Sastry, M.R., Manohar, D.J.: Attribute-based authentication model for dynamic mobile environments. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 227–242. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Computer 2 (1996)Google Scholar
  4. 4.
    Covington, M.J., Long, W., Srinivasan, S., Dey, A., Ahamad, M., Abowd, G.: Securing context-aware applications using environment roles. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT), Chantilly, Virginia, USA, pp. 10–20 (2001)Google Scholar
  5. 5.
    Zhang, X., Parisi-Presicce, F., Sandhu, R.: Formal model and policy specification of usage control. ACM Transactions on Information and System Security 8, 351–387 (2005)CrossRefGoogle Scholar
  6. 6.
    Giuri, L., Iglio, P.: Role templates for content-based access control. In: Proceedings of the Second ACM Workshop on Role Based Access Control, Fairfax, Virginia, USA, pp. 153–159 (1997)Google Scholar
  7. 7.
    Moyer, M.J., Ahamad, M.: Generalized role based access control. In: Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS), Mesa, Arizona, USA (2001)Google Scholar
  8. 8.
    Hess, A., Holt, J., Jacobson, J., Seamons, K.E.: Content-triggered trust negotiation. ACM Transactions on Information and System Security 7, 428–456 (2004)CrossRefGoogle Scholar
  9. 9.
    Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J.: Context sensitive access control. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005), Stockholm, Sweden, pp. 111–119 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Michael J. Covington
    • 1
  • Manoj R. Sastry
    • 1
  1. 1.Corporate Technology Group, Intel Corporation 

Personalised recommendations