Spatial Context in Role-Based Access Control

  • Hong Zhang
  • Yeping He
  • Zhiguo Shi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4296)


Controlling access to resources in location-based services and mobile applications require the definition of spatially aware access control systems. However, traditional RBAC model does not specify these requirements. In this paper, we present an extension of the RBAC model to deal with spatial and location-based information, which called LRBAC. In LRBAC, the final permission set of a user depends on the physical location in which a user is situated. The ability to specify the spatial boundary of the role allows LRBAC to be flexible and express a variety of access policies that can provide tight and just-in-time role activation. Besides a real position obtained from a specific mobile terminal, users are also assigned a logical location domain that is application dependent. Then, we extend LRBAC to deal with hierarchies and present how complex spatial role hierarchies in the location-dependent case can be generated by applying Cartesian products as an arithmetic operation over role hierarchies and logical location domain hierarchies.


Access Control Mobile Terminal Spatial Context Location Domain Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role base access control models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
  2. 2.
    Covington, M., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing Context-aware Applications Using Environment Roles. In: Proc. of the 6th ACM Symposium on Access Control Models and Technologies, Chantilly, Virginia, USA, pp. 10–20 (2001)Google Scholar
  3. 3.
    Cuppens, F., Mige, A.: Modelling Contexts in the Or-BAC Model. In: Proc. of 19th Annual Computer Security Applications Conference, pp. 416–427. IEEE Computer Society, Los Alamitos (2003)CrossRefGoogle Scholar
  4. 4.
    Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: A Spatially Aware RBAC. In: Proc. of the 10th ACM Symposium on Access Control Models and Technologies, pp. 29–37 (2005)Google Scholar
  5. 5.
    Wilikens, M., Feriti, S., Sanna, A., Masera, M.: A context-related authorization and access control method based on RBAC: A case study from the health care domain. In: Proc. of the 7th ACM Symposium on Access Control Models and Technologies, pp. 117–124 (2002)Google Scholar
  6. 6.
    Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J.: Context-Sensitive Access Control. In: Proc. of 10th ACM symposium on Access Control Models and Technologies, Sweden, pp. 111–119 (2005)Google Scholar
  7. 7.
    Thomas, R.: Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments. In: Proc. of 2nd ACM workshop on Role-based access control, pp. 13–19 (1997)Google Scholar
  8. 8.
    Wolf, R., Schneider, M.: Context-Dependent Access Control for Web-Based Collaboration Environments with Role-Based Approach. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 267–278. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Davey, B., Priestley, H.: Introduction to Lattices and Order. Cambridge University Press, Cambridge (2002)zbMATHGoogle Scholar
  10. 10.
    Jonsson, B.: Arithmetic of ordered sets. In: Proc. of the NATO Advanced Study Institute (1981)Google Scholar
  11. 11.
    Cholewka, D.G., Botha, R.H., Eloff, J.H.P.: A Context Sensitive Access Control Model and Prototype Implementation. In: Proc. of the IFIP TC11 15th International Conference on Information Security, Beijing, China, pp. 341–350 (2000)Google Scholar
  12. 12.
    Ferraolo, D., Sandhu, R., Gavrila, S., Kuhn, R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. In: Proc. of ACM Transactions on Information and System Security, vol. 4, pp. 224–274 (2001)Google Scholar
  13. 13.
    Kumar, A., Karnik, N., Chafle, G.: Context Sensitivity in Role-based Access Control. ACM SIGPOS Operating Systems Review 36(3), 53–66 (2002)CrossRefGoogle Scholar
  14. 14.
    Covington, M., Moyer, M., Ahamad, M.: Generalized Role-based Access Control for Securing Future Applications. In: Proc. of 23rd National Information Systems Security Conference, pp. 416–427. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  15. 15.
    Hansen, F., Oleshchuk, V.: Spatial Role-based Access Control Model for Wireless Networks. In: Proc. of IEEE Vehicular Technology Conference (VTC), Orlando, USA (2003)Google Scholar
  16. 16.
    OpenGIS Consortium. OpenGIS Simple Features Specification for SQL. Technical Report OGC 99-049 (1999)Google Scholar
  17. 17.
    Jiang, C., Steenkiste, P.: A Hybrid Location Model with a Computable Location Identifier for Ubiquitous Computing. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, pp. 246–263. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Hengartner, U., Steenkiste, P.: Implementing Access Control to People Location Information. In: Proc. of the 9th ACM Symposium on Access Control Models and Technologies, pp. 11–20 (2004)Google Scholar
  19. 19.
    Hengartner, U., Steekiste, P.: Protecting Access to People Location Information. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 25–38. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. 20.
    Clementini, E., di Felice, P., Van Oosterom, P.: A Small set of Formal Topological Relationships Suitable for End-User Interaction. In: Proc. of the 3th International Symposium on Advances in Spatial Databases, pp. 277–295 (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Hong Zhang
    • 1
    • 2
  • Yeping He
    • 1
  • Zhiguo Shi
    • 1
    • 2
  1. 1.Institute of SoftwareChinese Academy of SciencesBeijingPRC
  2. 2.Graduate School of the Chinese Academy of SciencesBeijingPRC

Personalised recommendations