Skip to main content
SpringerLink
Log in

A formal model for access control with supporting spatial context

  • Published:
Science in China Series F: Information Sciences Aims and scope Submit manuscript

Abstract

There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented, and the role is assigned a logical location domain to specify the spatial boundary. Roles are activated based on the current physical position of the user which obtained from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, constrained SC-RBAC allows express various spatial separations of duty constraints, location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 invariants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Sandhu R, Coyne E, Feinstein H, et al. Role base access control models. IEEE Comp, 1996, 29(2): 38–47

    Google Scholar 

  2. Ferraolo D, Sandhu R, Gavrila S, et al. Proposed NIST standard for role-based access control. ACM Trans Inf Syst Sec, 2001, 4(3): 224–274

    Article  Google Scholar 

  3. Covington M, Long W, Srinivasan S, et al. Securing context-aware applications using environment roles. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies. New York: ACM Press, 2001. 10–20

    Chapter  Google Scholar 

  4. Cuppens F, Miège A. Modelling contexts in the Or-BAC model. In: Proceedings of the 19th Annual Computer Security Applications Conference. Washington: IEEE Computer Society Press, 2003. 416–427

    Chapter  Google Scholar 

  5. Wilikens M, Feriti S, Sanna A, et al. A context-related authorization and access control method based on RBAC: A case study from the health care domain. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies. New York: ACM Press, 2002. 117–124

    Chapter  Google Scholar 

  6. Georgiadis C, Mavridis I, Pangalos G, et al. Flexible team-based access control using contexts. In: Proceedings of 6th ACM symposium on Access Control Models and Technologies. New York: ACM Press, 2001. 21–27

    Chapter  Google Scholar 

  7. Thomas R. Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments. In: Proceedings of 2nd ACM Workshop on Role-based Access Control. New York: ACM Press, 1997. 13–19

    Google Scholar 

  8. Wolf R, Keinz T, Schenider M. A model for context-dependent access control for web-based services with role-based approach. In: Proceedings of 14th International Workshop on Database and Expert Systems Applications. Washington: IEEE Computer Society Press, 2003. 209–214

    Chapter  Google Scholar 

  9. Kumar A, Karnik N, Chafle G. Context sensitivity in role-based access control. ACM SIGPOS Op Syst Rev, 2002, 36(3): 53–66

    Article  Google Scholar 

  10. Covington M, Moyer M, Ahamad M. Generalized role-based access control for securing future applications. In: Proceedings of 23rd National Information Systems Security Conference. Washington: IEEE Computer Society, 2003. 416–427

    Google Scholar 

  11. Cholewka D G, Botha R H, Eloff J. H. P. A context sensitive access control model and prototype implementation. In: Proceedings of the IFIP TC11 15th International Conference on Information Security. Deventer: Kluwer, 2000. 341–350

    Google Scholar 

  12. Hulsebosch R J, Salden A H, Bargh MS, et al. Context-sensitive access control. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies. New York: ACM Press, 2005. 111–119

    Chapter  Google Scholar 

  13. Bertino E, Catania B, Damiani M L, et al. GEO-RBAC: A spatially aware RBAC. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies. New York: ACM Press, 2005. 29–37

    Chapter  Google Scholar 

  14. Hansen F, Oleshchuk V. Spatial role-based access control model for wireless networks. In: Proceedings of IEEE Vehicular Technology Conference (VTC). Washington: IEEE Computer Society Press, 2003. 2093–2097

    Google Scholar 

  15. Ardagna C A, Cremonini M, Damiani E, et al. Supporting location-based conditions in access control policies. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security. New York: ACM Press, 2006. 212–222

    Chapter  Google Scholar 

  16. Denning D E. A lattice model of secure information flow. Comm ACM, 1976, 19(5): 236–243

    Article  MATH  MathSciNet  Google Scholar 

  17. Jiang C, Steenkiste P. A hybrid location model with a computable location identifier for ubiquitous computing. In: Proceedings of the 4th International Conference on Ubiquitous Computing. London: Springer-Verlag, 2002. 246–263

    Google Scholar 

  18. Clementini E, Felice P di, Oosterom P van. A small set of formal topological relationships suitable for end-user interaction. In: Proceedings of the 3rd International Symposium on Advances in Spatial Databases SSD’93. London: Springer-Verlag, 1993. 277–295

    Google Scholar 

  19. Bell D E, Lapadula L J. Secure computer systems: unified exposition and MULTICS interpretation. Technical Report MTR-2997. 1976

  20. Davey B, Priestley H. Introduction to lattices and order. Cambridge: Cambridge University Press, 2002

    MATH  Google Scholar 

  21. Sandhu R S. Lattice-based access control models. IEEE Comp, 1993, 26(11): 9–19

    Google Scholar 

  22. Smith G W. The modeling and representation of security semantics for database applications. Dissertation for the Doctoral Degree. Fairfax: George Mason University, 1990

    Google Scholar 

  23. Gligor V D, Gavrila S I, Ferraiolo D. On the formal definition of separation-of-duty policies and their composition. In: Proceedings of 1998 IEEE Computer Security Symposium on Research in Security and Privacy. Washington: IEEE Computer Society, 1998. 172–183

    Google Scholar 

  24. Kuhn D R. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In: Proceedings of the 2nd ACM Workshop on Role-based Access Control. New York: ACM Press, 1997, 23–30

    Google Scholar 

  25. Osborn S, Sandhu R, Munawer Q. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans Inf Syst Sec, 2000, 3(2): 85–106

    Article  Google Scholar 

  26. Jaeger T, Tidswell J E. Practical safety in flexible access control models. ACM Trans Inf Syst Sec, 2001, 4(2): 158–190

    Article  Google Scholar 

  27. Bertino E, Bettini C, Samarati P. A temporal authorization model. In: Proceedings of the 2nd ACM Conference on Computer and Communication Security. New York: ACM Press, 1994. 126–135

    Chapter  Google Scholar 

  28. Gavrila S I, Barkley J F. Formal specification for role based access control user/role and role/role relationship management. In: Proceedings of the 3rd ACM Workshop on Role-Based Access Control. New York: ACM Press, 1998. 81–90

    Chapter  Google Scholar 

  29. Atluri V, Mazzoleni P. A uniform indexing scheme for geo-spatial data and authorizations. In: Proceedings of the 16th IFIP WG11.3 Working Conference on Data and Applications Security. London: Springer-Verlag, 2002. 207–218

    Google Scholar 

  30. OpenGIS Consortium. OpenGIS simple features specification for SQL. Technical Report OGC 99-049. 1999

Download references

Author information

Authors and Affiliations

  1. Institute of Software, Chinese Academy of Sciences, Beijing, 100080, China

    Zhang Hong, He YePing & Shi ZhiGuo

  2. Graduate School of the Chinese Academy of Sciences, Beijing, 100049, China

    Zhang Hong & Shi ZhiGuo

Authors
  1. Zhang Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. He YePing
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shi ZhiGuo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhang Hong.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zhang, H., He, Y. & Shi, Z. A formal model for access control with supporting spatial context. SCI CHINA SER F 50, 419–439 (2007). https://doi.org/10.1007/s11432-007-0033-6

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11432-007-0033-6

Keywords

Search

Navigation