Context-Aware Provisional Access Control

  • Amir Reza Masoumzadeh
  • Morteza Amini
  • Rasool Jalili
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4332)


High heterogeneity and dynamicity of pervasive computing environments introduces requirement of more flexible and functional access control policies. The notion of provisional actions has been defined previously to overcome the insufficient grant/denial response to an access request and has been incorporated in the provision-based access control model (PBAC). Based on PBAC, we propose a context-aware provision-based access control model, capable of dynamic adaptation of access control policy according to the changing context. In particular, the model facilitates the definition of context-aware policies and enriches the access control by enforcing provisional actions in addition to common permissions.


Access Control Contextual Information Pervasive Computing Policy Rule Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Korkea-aho, M.: Context-aware applications survey. Technical report, Helsinki University of Technology (2000)Google Scholar
  2. 2.
    Dey, A.K.: Understanding and using context. Personal and Ubiquitous Computing 5(1), 4–7 (2001)CrossRefGoogle Scholar
  3. 3.
    Thomas, R.K., Sandhu, R.S.: Models, protocols, and architectures for secure pervasive computing: Challenges and research directions. In: 2nd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), Orlando, FL, USA, pp. 164–170 (2004)Google Scholar
  4. 4.
    McDaniel, P.D.: On context in authorization policy. In: 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), Villa Gallia, Como, Italy. ACM Press, New York (2003)Google Scholar
  5. 5.
    Jajodia, S., Kudo, M., Subrahmanian, V.S.: Provisional authorizations. In: 1st Workshop on Security and Privacy in E-Commerce, Athens, Greece (2000)Google Scholar
  6. 6.
    Kudo, M.: Pbac: Provision-based access control model. International Journal of Information Security 1(2), 116–130 (2002)MATHCrossRefGoogle Scholar
  7. 7.
    Bettini, C., Jajodia, S., Sean Wang, X., Wijesekera, D.: Provisions and obligations in policy management and security applications. In: Bressan, S., Chaudhri, A.B., Li Lee, M., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, pp. 502–513. Springer, Heidelberg (2003)Google Scholar
  8. 8.
    Park, J., Sandhu, R.S.: The uconabc usage control model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)Google Scholar
  9. 9.
    Han, W., Zhang, J., Yao, X.: Context-sensitive access control model and implementation. In: Fifth International Conference on Computer and Information Technology (CIT 2005), Shanghai, China, pp. 757–763. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  10. 10.
    Kouadri Mostéfaoui, G., Brézillon, P.: Modeling context-based security policies with contextual graphs. In: 2nd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), Orlando, FL, USA, pp. 28–32. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  11. 11.
    Al-Kahtani, M.A., Sandhu, R.S.: A model for attribute-based user-role assignment. In: 18th Annual Computer Security Applications Conference (ACSAC 2002), Las Vegas, NV, USA, pp. 353–364. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
  12. 12.
    Moyer, M.J., Ahamad, M.: Generalized role-based access control. In: 21st International Conference on Distributed Computing Systems, pp. 391–398 (2001)Google Scholar
  13. 13.
    Zhang, G., Parashar, M.: Context-aware dynamic access control for pervasive applications. In: Communication Networks and Distributed Systems Modeling and Simulation Conference, San Diego, USA (2004)Google Scholar
  14. 14.
    Roman, M., Hess, C., Cerqueira, R., Ranganathan, A., Campbell, R.H., Nahrstedt, K.: A middleware infrastructure for active spaces. IEEE Pervasive Computing 1(4), 74–83 (2002)CrossRefGoogle Scholar
  15. 15.
    Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 31–42. IEEE Computer Society, Los Alamitos (1997)Google Scholar
  16. 16.
    Dunlop, N., Indulska, J., Raymond, K.: Methods for conflict resolution in policy-based management systems. In: 7th IEEE International Enterprise Distributed Object Computing Conference, Brisbane, Australia, pp. 98–109. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  17. 17.
    ITU-T: Security Frameworks for Open Systems: Access Control Framework. ITU-T Recommendation X.812 (1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Amir Reza Masoumzadeh
    • 1
  • Morteza Amini
    • 1
  • Rasool Jalili
    • 1
  1. 1.Computer Engineering DepartmentSharif University of TechnologyTehranIran

Personalised recommendations