Abstract
Controlling access to resources in location-based services and mobile applications require the definition of spatially aware access control systems. However, traditional RBAC model does not specify these requirements. In this paper, we present an extension of the RBAC model to deal with spatial and location-based information, which called LRBAC. In LRBAC, the final permission set of a user depends on the physical location in which a user is situated. The ability to specify the spatial boundary of the role allows LRBAC to be flexible and express a variety of access policies that can provide tight and just-in-time role activation. Besides a real position obtained from a specific mobile terminal, users are also assigned a logical location domain that is application dependent. Then, we extend LRBAC to deal with hierarchies and present how complex spatial role hierarchies in the location-dependent case can be generated by applying Cartesian products as an arithmetic operation over role hierarchies and logical location domain hierarchies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role base access control models. IEEE Computer 29(2), 38–47 (1996)
Covington, M., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing Context-aware Applications Using Environment Roles. In: Proc. of the 6th ACM Symposium on Access Control Models and Technologies, Chantilly, Virginia, USA, pp. 10–20 (2001)
Cuppens, F., Mige, A.: Modelling Contexts in the Or-BAC Model. In: Proc. of 19th Annual Computer Security Applications Conference, pp. 416–427. IEEE Computer Society, Los Alamitos (2003)
Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: A Spatially Aware RBAC. In: Proc. of the 10th ACM Symposium on Access Control Models and Technologies, pp. 29–37 (2005)
Wilikens, M., Feriti, S., Sanna, A., Masera, M.: A context-related authorization and access control method based on RBAC: A case study from the health care domain. In: Proc. of the 7th ACM Symposium on Access Control Models and Technologies, pp. 117–124 (2002)
Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J.: Context-Sensitive Access Control. In: Proc. of 10th ACM symposium on Access Control Models and Technologies, Sweden, pp. 111–119 (2005)
Thomas, R.: Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments. In: Proc. of 2nd ACM workshop on Role-based access control, pp. 13–19 (1997)
Wolf, R., Schneider, M.: Context-Dependent Access Control for Web-Based Collaboration Environments with Role-Based Approach. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 267–278. Springer, Heidelberg (2003)
Davey, B., Priestley, H.: Introduction to Lattices and Order. Cambridge University Press, Cambridge (2002)
Jonsson, B.: Arithmetic of ordered sets. In: Proc. of the NATO Advanced Study Institute (1981)
Cholewka, D.G., Botha, R.H., Eloff, J.H.P.: A Context Sensitive Access Control Model and Prototype Implementation. In: Proc. of the IFIP TC11 15th International Conference on Information Security, Beijing, China, pp. 341–350 (2000)
Ferraolo, D., Sandhu, R., Gavrila, S., Kuhn, R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. In: Proc. of ACM Transactions on Information and System Security, vol. 4, pp. 224–274 (2001)
Kumar, A., Karnik, N., Chafle, G.: Context Sensitivity in Role-based Access Control. ACM SIGPOS Operating Systems Review 36(3), 53–66 (2002)
Covington, M., Moyer, M., Ahamad, M.: Generalized Role-based Access Control for Securing Future Applications. In: Proc. of 23rd National Information Systems Security Conference, pp. 416–427. IEEE Computer Society, Los Alamitos (2003)
Hansen, F., Oleshchuk, V.: Spatial Role-based Access Control Model for Wireless Networks. In: Proc. of IEEE Vehicular Technology Conference (VTC), Orlando, USA (2003)
OpenGIS Consortium. OpenGIS Simple Features Specification for SQL. Technical Report OGC 99-049 (1999)
Jiang, C., Steenkiste, P.: A Hybrid Location Model with a Computable Location Identifier for Ubiquitous Computing. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, pp. 246–263. Springer, Heidelberg (2002)
Hengartner, U., Steenkiste, P.: Implementing Access Control to People Location Information. In: Proc. of the 9th ACM Symposium on Access Control Models and Technologies, pp. 11–20 (2004)
Hengartner, U., Steekiste, P.: Protecting Access to People Location Information. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 25–38. Springer, Heidelberg (2004)
Clementini, E., di Felice, P., Van Oosterom, P.: A Small set of Formal Topological Relationships Suitable for End-User Interaction. In: Proc. of the 3th International Symposium on Advances in Spatial Databases, pp. 277–295 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, H., He, Y., Shi, Z. (2006). Spatial Context in Role-Based Access Control. In: Rhee, M.S., Lee, B. (eds) Information Security and Cryptology – ICISC 2006. ICISC 2006. Lecture Notes in Computer Science, vol 4296. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11927587_15
Download citation
DOI: https://doi.org/10.1007/11927587_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49112-5
Online ISBN: 978-3-540-49114-9
eBook Packages: Computer ScienceComputer Science (R0)