Abstract
Location-based applications are an important case within context-aware applications. They pose interesting challenges when access control is considered for they must satisfy requirements arising from the mobility of both users and resources. Further challenges arise in collaborative environments where resources are shared by users of different organizations. In this paper we propose an access control framework based on the Role Based Access Control (RBAC) model where users and resources are abstracted as sets of attributes that include their geospatial position. In our framework, collaboration is achieved through the interoperation of the access control systems of the collaborating organizations. We use Semantic Web languages, namely OWL and SPARQL. We argue that their expressive power can model a wide range of RBAC policies. In particular, reasoning as provided by OWL supports both a standard enforcement mechanism and interoperation. We have implemented our framework and studied time performance as a function of the number of users and of the roles they can assume. Our implementation also features an interface that visually depicts users and resources on a map. As users move around, the set of actions that they can execute on the resources is shown.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
S. Aich, S. Mondal, S. Sural, and A. K. Majumdar. Role Based Access Control with Spatiotemporal Context for Mobile Applications. Transactions on Computational Science IV: Special Issue on Security in Computing, pages 177–199, 2009.
C. A. Ardagna, M. Cremonini, E. Damiani, S. D. C. di Vimercati, and P. Samarati. Supporting Location-based Conditions in Access Control Policies. In Symposium on Information, Computer and Communications Security (ASIACCS), pages 212–222. ACM, 2006.
F. Baader, D. Calvanese, D. L. McGuinness, D. Nardi, and P. F. Patel-Schneider. The Description Logic Handbook: Theory, Implementation, and Applications. Cambridge University Press, Cambridge UK, 2003.
S. Bechhofer, F. van Harmelen, J. Hendler, I. Horrocks, D. L. McGuinness, P. F. Patel-Schneider, and L. A. Stein. OWL Web Ontology Language Reference. Technical report, World Wide Web Consortium, 2004. http://www.w3.org/TR/owl-ref/.
E. Bertino, B. Catania, M. L. Damiani, and P. Perlasca. GEO-RBAC: A Spatially Aware RBAC. In Symposium on Access Control Models and Technologies (SACMAT), pages 29–37. ACM, 2005.
L. Cirio, I. F. Cruz, and R. Tamassia. A Role and Attribute Based Access Control System Using Semantic Web Technologies. In International IFIP Workshop on Semantic Web and Web Semantics, volume 4806 of LNCS, pages 1256–1266. Springer, 2007.
I. F. Cruz, R. Gjomemo, B. Lin, and M.. A Location Aware Role and Attribute Based Access Control System. In ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems (ACM GIS), pages 527–528. ACM, 2008.
I. F. Cruz, R. Gjomemo, B. Lin, and M. Orsini. A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments. In International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pages 1–18. Springer, 2008.
I. F. Cruz, R. Tamassia, and D. Yao. Privacy-Preserving Schema Matching Using Mutual Information. In IFIP Conference on Data and Applications Security (DBSec), volume 4602 of LNCS, pages 93–94. Springer, 2007.
M. L. Damiani and E. Bertino. Access Control and Privacy in Location-Aware Services for Mobile Organizations. In International Conference on Mobile Data Management (MDM), page 11. IEEE Computer Society, 2006.
D. Ferraiolo and R. Kuhn. Role-Based Access Control. In NIST-NCSC National Computer Security Conference, pages 554–563, 1992.
R. Ferrini and E. Bertino. Supporting RBAC with XACML+OWL. In Symposium on Access Control Models and Technologies (SACMAT), pages 145–154. ACM, 2009.
T. W. Finin, A. Joshi, L. Kagal, J. Niu, R. S. Sandhu, W. H. Winsborough, and B. M. Thuraisingham. ROWLBAC: Representing Role Based Access Control in OWL. In ACM Symposium on Access Control Models and Technologies (SACMAT), pages 73–82. ACM, 2008.
J. B. Joshi, R. Bhatti, E. Bertino, and A. Ghafoor. Access-Control Language for Multidomain Environments. IEEE Internet Computing, 8:40–50, 2004.
B. Parducci, H. Lockhart, R. Levinson, and J. B. Clark. OASIS eXtensible Access Control Markup Language (XACML) TC, 2005. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.
E. Prud’hommeaux and A. Seaborne. SPARQL Query Language for RDF. Technical report, World Wide Web Consortium, 2007. http://www.w3.org/TR/2007/WD-rdf-sparql-query-20070326/.
I. Ray and M. Toahchoodee. A Spatio-temporal Role-Based Access Control Model. In Data and Applications Security XXI, volume 4602 of LNCS, pages 211–226. Springer Berlin / Heidelberg, 2007.
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-Based Access Control Models. Computer, 29(2):38–47, 1996.
R. S. Sandhu, D. F. Ferraiolo, and D. R. Kuhn. The NIST model for Role-based Access Control: Towards a Unified Standard. In ACM Workshop on Role-Based Access Control, pages 47–63, 2000.
B. Shafiq, J. B. D. Joshi, E. Bertino, and A. Ghafoor. Secure Interoperation in a Multidomain Environment Employing RBAC Policies. IEEE Transactions on Knowledge and Data Engineering, 17(11):1557–1577, 2005.
A. Toninelli, R. Montanari, L. Kagal, and O. Lassila. Proteus: A Semantic Context-Aware Adaptive Policy Model. In International Workshop on Policies for Distributed Systems and Networks (POLICY), pages 129–140. IEEE Computer Society, 2007.
Vincent C. Hu and David F. Ferraiolo and D. Rick Kuhn. Assessment of Access Control Systems, 2006. http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf.
C. Zhao, N. Heilili, S. Liu, and Z. Lin. Representation and Reasoning on RBAC: A Description Logic Approach. In International Colloquium on Theoretical Aspects of Computing (ICTAC), volume 3722 of LNCS, pages 381–393. Springer, 2005.
Acknowledgements
This work was supported in part by NSF Awards IIS-0513553 and IIS-0812258. We would also like to thank Greg Jarzab for his contributions to the prototype implementation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Gjomemo, R., Cruz, I.F. (2011). Location-Based Access Control Using Semantic Web Technologies. In: Ashish, N., Sheth, A. (eds) Geospatial Semantics and the Semantic Web. Semantic Web and Beyond, vol 12. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-9446-2_6
Download citation
DOI: https://doi.org/10.1007/978-1-4419-9446-2_6
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-9445-5
Online ISBN: 978-1-4419-9446-2
eBook Packages: Computer ScienceComputer Science (R0)