Abstract
Ubiquitous environments which embrace the trends of enterprise mobility and the consumerization of IT have an increasing social importance. In these environments, the same device and applications are simultaneously used for both personal and professional purposes. Such usage blurs the boundaries between personal and professional domains and presents many challenges for information security. Context-aware security has been proposed as a solution for many of them. We argue that the existing approaches are limited and mainly deal with targeted use cases. They do not provide a clear and complete understanding of the context relevant for security, and use contextual information with an arbitrary level of abstraction. In order to address these issues, we propose a conceptual model of security context. The model identifies important concepts of security context and takes related social aspects into account. It represents the security context through a set of concepts at the appropriate level of abstraction. We show that our model is suitable to analyze various situations from the perspective of security and compare them with the existing approaches. The model promises to facilitate the specification and management of security policies containing contextual information as well.
Similar content being viewed by others
References
Abowd, G.D., Dey, A.K., Brown, P.J., Davies, N., Smith, M., Steggles, P.: Towards a better understanding of context and context-awareness. In: Gellersen, H.W. (ed.) Handheld and Ubiquitous Computing. Lecture Notes in Computer Science, vol. 1707, pp. 304–307. Springer, Berlin (1999)
Ahmed, A., Zhang, N.: Towards the realisation of context-risk-aware access control in pervasive computing. Telecommun. Syst. 45(2–3), 127–137 (2010)
Al-Muhtadi, J., Ranganathan, A., Campbell, R., Mickunas, M.D.: Cerberus: a context-aware security scheme for smart spaces. In: Proceedings of the IEEE International Conference on Pervasive Computing and Communications, PerCom ’03, pp. 489–496. IEEE Computer Society (2003)
Bai, G., Gu, L., Feng, T., Guo, Y., Chen, X.: Context-aware usage control for android. In: Jajodia, S., Zhou, J. (eds.) Security and Privacy in Communication Networks, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 50, pp. 326–343. Springer, Berlin (2010)
Baldauf, M., Dustdar, S., Rosenberg, F.: A survey on context-aware systems. Int. J. Ad Hoc Ubiquitous Comput. 2(4), 263–277 (2007)
Bandinelli, M., Paganelli, F., Vannuccini, G., Giuli, D.: A context-aware security framework for next generation mobile networks. In: Schmidt, A., Lian, S. (eds.) Security and Privacy in Mobile Information and Communication Systems. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 17, pp. 134–147. Springer, Berlin (2009)
Basole, R.C.: The value and impact of mobile information and communication technologies. In: Proceedings of the IFAC Symposium on Analysis, Modeling & Evaluation of Human-Machine Systems, pp. 1–7 (2004)
Basole, R.C.: The emergence of the mobile enterprise: a value-driven perspective. In: International Conference on the Management of Mobile Business, ICMB 2007, pp. 41–41. IEEE (2007)
Bazire, M., Brézillon, P.: Understanding context before using it. In: Dey, A., Kokinov, B., Leake, D., Turner, R. (eds.) Modeling and Using Context. Lecture Notes in Computer Science, vol. 3554, pp. 29–40. Springer, Berlin (2005)
Bettini, C., Brdiczka, O., Henricksen, K., Indulska, J., Nicklas, D., Ranganathan, A., Riboni, D.: A survey of context modelling and reasoning techniques. Pervasive Mob. Comput. 6(2), 161–180 (2010)
Bishop, M.A.: The Art and Science of Computer Security. Addison-Wesley, Boston (2002)
Buchholz, T., Schiffers, M.: Quality of context: What it is and why we need it. In: Proceedings of the 10th Workshop of the OpenView University Association: OVUA’03 (2003)
Campbell, R., Al-Muhtadi, J., Naldurg, P., Sampemane, G., Mickunas, M.D.: Towards security and privacy for pervasive computing. In: Okada, M., Pierce, B., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) Software Security : Theories and Systems. Lecture Notes in Computer Science, vol. 2609, pp. 1–15. Springer, Berlin (2003)
Chen, G., Kotz, D.: A survey of context-aware mobile computing research. Technical report, Department of Computer Science, Dartmouth College (2000)
Clarke, J., Hidalgo, M.G., Lioy, A., Petkovic, M., Vishik, C., Ward, J.: Consumerization of IT: top risks and opportunities. Technical report, European Network and Information Security Agency (ENISA) (2012)
Covington, M.J., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT ’01, pp. 10–20. ACM (2001)
Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008)
D’Arcy, P.: CIO strategies for consumerization: the future of enterprise mobile computing (2011)
Dey, A.K.: Understanding and using context. Pers. Ubiquitous Comput. 5(1), 4–7 (2001)
Dourish, P.: What we talk about when we talk about context. Pers. Ubiquitous Comput. 8(1), 19–30 (2004)
Engeström, Y., et al.: Activity theory and individual and social transformation. Perspectives on activity theory, pp. 19–38 (1999)
Evesti, A., Pantsar-Syväniemi, S.: Towards micro architecture for security adaptation. In: Proceedings of the European Conference on Software Architecture: Companion Volume, ECSA ’10, pp. 181–188. ACM (2010)
Feth, D., Jung, C.: Context-aware, data-driven policy enforcement for smart mobile devices in business environments. In: Schmidt, A., Russello, G., Krontiris, I., Lian, S. (eds.) Security and Privacy in Mobile Information and Communication Systems. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 107, pp. 69–80. Springer, Berlin (2012)
Frank, K., Kalatzis, N., Roussaki, I., Liampotis, N.: Challenges for context management systems imposed by context inference. In: Proceedings of the International Workshop on Managing Ubiquitous Communications and Services, MUCS ’09, pp. 27–34. ACM (2009)
Ganger, G.R.: Authentication confidences. In: Proceedings of the Workshop on Hot Topics in Operating Systems, HOTOS ’01, p. 169. IEEE Computer Society (2001)
Giessmann, A., Stanoevska-Slabeva, K., De Visser, B.: Mobile enterprise applications: current state and future directions. In: Proceedings of the 45th Hawaii International Conference on System Science, HICSS 2012, pp. 1363–1372. IEEE (2012)
Hachem, S., Toninelli, A., Pathak, A., Issarny, V.: Policy-based access control in mobile social ecosystems. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY ’11, pp. 57–64. IEEE Computer Society (2011)
Haque, M., Ahamed, S.I.: Security in pervasive computing: current status and open issues. Int. J. Netw. Secur. 3(3), 203–214 (2006)
Harris, J., Ives, B., Junglas, I.: IT consumerization: when gadgets turn into enterprise IT tools. MIS Q. Exec. 11(3), 99–111 (2012)
Hines, A., Carbone, C.: The future of knowledge work. Employ. Relat. Today 40(1), 1–17 (2013)
Hulsebosch, R., Bargh, M., Lenzini, G., Ebben, P., Iacob, S.: Context sensitive adaptive authentication. In: Kortuem, G., Finney, J., Lea, R., Sundramoorthy, V. (eds.) Smart Sensing and Context. Lecture Notes in Computer Science, vol. 4793, pp. 93–109. Springer, Berlin (2007)
ISO/IEC: ISO/IEC 27002:2005: Information technology—Security techniques—Code of practice for information security management. Technical Report 27002:2005, ISO/IEC (2005)
ITU-T: Security architecture for open systems interconnection for CCITT applications. Technical Report. Recommendation X.800, International Telecommunications Union (ITU) (1991)
Johnson, G., Shakarian, P., Gupta, N., Agrawala, A.: Towards shrink-wrapped security: practically incorporating context into security services. Procedia Comput. Sci. 5, 782–787 (2011)
Johnson, G.M.: Towards shrink-wrapped security: a taxonomy of security-relevant context. In: Proceedings of the IEEE International Conference on Pervasive Computing and Communications, PerCom ’09, pp. 1–2. IEEE Computer Society (2009)
Ksiezopolski, B., Kotulski, Z.: Adaptable security mechanism for dynamic environments. Comput. Secur. 26(3), 246–255 (2007)
Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT ’08, pp. 113–122. ACM (2008)
La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. Commun. Surv. Tutor. IEEE 15(1), 446–471 (2013)
Lacoste, M., Privat, G., Ramparany, F.: Evaluating confidence in context for context-aware security. In: Ambient Intelligence, pp. 211–229. Springer (2007)
Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2011)
Kouadri-Mostefaoui, G.: Towards a conceptual and software framework for integrating context-based security in pervasive environments. Ph.D. thesis, University of Fribourg (2004)
Niehaves, B., Köffer, S., Ortbach, K.: IT consumerization: a theory and practice review. In: Americas Conference on Information Systems, AMCIS 2012 (2012)
Nissenbaum, H.F.: Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford Law & Politics (2010)
Papadopoulou, E., Gallacher, S., Taylor, N.K., Williams, M.H.: A personal smart space approach to realising ambient ecologies. Pervasive Mob. Comput. 8(4), 485–499 (2012)
Ramakrishna, V., Eustice, K., Schnaider, M.: Approaches for ensuring security and privacy in unplanned ubiquitous computing interactions. In: Reiher, P., Makki, K., Pissinou, N., Makki, S., Makki, S. (eds.) Mob. Wirel. Netw. Secur. Priv., pp. 167–189. Springer, US (2007)
Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: Proceedings of the USENIX Security Symposium, Security ’12, pp. 15–15. USENIX Association (2012)
Robinson, P., Beigl, M.: Trust context spaces: an infrastructure for pervasive security in context-aware environments. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. Lecture Notes in Computer Science, vol. 2802, pp. 157–172. Springer, Berlin (2004)
Rocha, B.P., Costa, D.N., Moreira, R.A., Rezende, C.G., Loureiro, A.A., Boukerche, A.: Adaptive security protocol selection for mobile computing. J. Netw. Comput. Appl. 33(5), 569–587 (2010)
Sabzevar, A., Sousa, J.: Chameleon: a model of identification, authorization and accountability for ubicomp. In: Hsu, C.H., Yang, L., Ma, J., Zhu, C. (eds.) Ubiquitous Intelligence and Computing. Lecture Notes in Computer Science, vol. 6905, pp. 326–339. Springer, Berlin (2011)
Sandhu, R.: Good-enough security. Internet Comput. 7(1), 66–68 (2003)
Saxena, A., Lacoste, M., Jarboui, T., Lücking, U., Steinke, B.: A software framework for autonomic security in pervasive environments. In: McDaniel, P., Gupta, S. (eds.) Information Systems Security. Lecture Notes in Computer Science, vol. 4812, pp. 91–109. Springer, Berlin (2007)
Schmidt, A., Pfleging, B., Alt, F., Sahami, A., Fitzpatrick, G.: Interacting with 21st-century computers. Pervasive Comput. 11(1), 22–31 (2012)
Shirey, R.W: Internet security glossary, version 2. Technical Report RFC: 4949, The Internet Engineering Task Force (IETF) (2007)
Spanoudakis, G., Kokolakis, S., Gomez, A.M.: Security and Dependability for Ambient Intelligence. Springer, Berlin (2009)
Stallings, W., Brown, L.V.: Computer Security: Principles and practice. Prentice-Hall, New Jersey (2008)
Strimpakou, M., Roussaki, I., Pils, C., Angermann, M., Robertson, P., Anagnostou, M.: Context modelling and management in ambient-aware pervasive environments. In: Strang, T., Linnhoff-Popien, C. (eds.) Location- and Context-Awareness. Lecture Notes in Computer Science, vol. 3479, pp. 83–94. Springer, Berlin (2005)
The Australian Signals Directorate: Risk management of enterprise mobility including bring your own device. Technical report, Australian Governament, Department of Defence, Intelligence and Security (2013)
Thomas, R.K., Sandhu, R.: Models, protocols, and architectures for secure pervasive computing: challenges and research directions. In: Proceedings of the IEEE Conference on Pervasive Computing and Communications, PerCom ’04, pp. 164–168. IEEE Computer Society (2004)
Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: Proteus: a semantic context-aware adaptive policy model. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY ’07, pp. 129–140. IEEE Computer Society (2007)
Weiser, M.: The computer for the 21st century. Sci. Am. 265(3), 94–104 (1991)
Ye, J., Dobson, S., McKeever, S.: Situation identification techniques in pervasive computing: a review. Pervasive Mob. Comput. 8(1), 36–66 (2012)
Zhang, R., Giunchiglia, F., Crispo, B., Song, L.: Relation-based access control: an access control model for context-aware computing environment. Wirel. Pers. Commun. 55(1), 5–17 (2010)
Acknowledgments
This work was supported by the Slovenian Research Agency (ARRS).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jovanovikj, V., Gabrijelčič, D. & Klobučar, T. A conceptual model of security context. Int. J. Inf. Secur. 13, 571–581 (2014). https://doi.org/10.1007/s10207-014-0229-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-014-0229-x