Cluster Computing

, Volume 9, Issue 1, pp 19–27 | Cite as

SESAME: Scalable, Environment Sensitive Access Management Engine

  • Guangsen Zhang
  • Manish Parashar


As computing technology becomes more pervasive and mobile services are deployed, applications will need flexible access control mechanisms. Although lots of researches have been done on access control, these efforts focus on relatively static scenarios where access depends on identity of the subject. They do not address access control issues for pervasive applications where the access privileges of a subject not only depend on its identity but also on its current context and state. In this paper, we present the SESAME dynamic context-aware access control mechanism for pervasive applications. SESAME complements current authorization mechanisms to dynamically grant and adapt permissions to users based on their current context. The underlying dynamic role based access control (DRBAC) model extends the classic role based access control (RBAC). We also present a prototype implementation of SESAME and DRBAC with the Discover computational collaboratory and an experimental evaluation of its overheads.


security access control context-aware pervasive computing role based 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    G.D. Abowd and A.K. Dey, The context toolkit: Aiding the development of context-aware applications, in: Human Factors in Computing Systems: CHI 99, ACM Press, eds, Pittsburgh, PA, USA, (May 1999) pp. 434–441.Google Scholar
  2. [2]
    V. Bhat and M. Parashar, A middleware substrate for integrating services on the grid, Technical Report Technical Report Number TR-268, ICenter for Advanced Information Processing, Rutgers University, November 2002.Google Scholar
  3. [3]
    S. Gavrila, D.R. Kuhn, D.F. Ferraiolo, R. Sandhu and R. Chandramouli, Proposed nist standard for role-based access control, ACM Transactions on Information and System Security 4(3) (2001) 224–274.Google Scholar
  4. [4]
    National Science Fundation. National Ecological Observatory Network Project Web Site,
  5. [5]
    L. Giuri and P. Iglio, Role templates for content-based access control, in: Proceedings of the Second ACM Workshop on Role Based Access Control, Virginia, USA (1997).Google Scholar
  6. [6]
    G. Tsudik, S. Tuecke, I. Foster and C. Kesselman, A security architecture for computational grids, in: 5th ACM Conference on Computer and Communications Security Conference, San Francisco, CA, USA (1998) pp. 88–92.Google Scholar
  7. [7]
    R. Campbell, J.Al-Muhtadi, A. Ranganathan and M.D. Mickunas, A flexible, privacy-presevering authentication framework for ubiquitous computing environments, in: International Workshop on Smart Appliances and Wearable Computing, Vienna, Austria (2002).Google Scholar
  8. [8]
    K. Beznosov, J. Barkley and J. Uppal, Supporting relationships in access control using role based access control, 1999.Google Scholar
  9. [9]
    J. Elson, H. Wang, D. Maniezzo, R.E. Hudson, K. Yao, J.C. Chen, L. Yip and D. Estrin, Coherent acoustic array processing and localization on wireless sensor network, IEEE Proceedings 91(8), August (2003).Google Scholar
  10. [10]
    M.J. Moyer, M.J. Covington and M. Ahamad, Generalized role-based access control for securing future applications, in: 23rd National Information Systems Security Conference. (NISSC 2000), Baltimore, Md, USA (October 2000).Google Scholar
  11. [11]
    S. Srinivasan, A. Dey, M. Ahamad, M.J. Covington, W. Long and G. Abowd, Securing context-aware applications using environment roles (May 2001).Google Scholar
  12. [12]
    V. Mann and M. Parashar, Engineering an interoperable computational collaboratory on the grid, Special Issue on Grid Computing Environments, Concurrency and Computation: Practice and Experience 14(13/15) (2002) 1569–1593.Google Scholar
  13. [13]
    R. Muralidhar and M. Parashar, A distributed object infrastructure for interaction and steering, in: Concurrency and Computation: Practice and Experience, to appear.Google Scholar
  14. [14]
    Massachusetts Institute of Technology. The IntelligentRoom Research Project Web Site,
  15. [15]
    Globus Project. Globus Project Web Site, 2003.
  16. [16]
    H. Feinstein, R. Sandhu, E. Coyne and C. Youman, Role-based access control models, IEEE Computer, 29(2) (1996) 38–47.Google Scholar
  17. [17]
    Network Weather Service. University of California, Santa Barbara, Research Project Web Site, 2003.
  18. [18]
    R. Muralidhar, V. Mann, V. Matossian and M. Parashar, Discover: An environment for web-based interaction and steering of high-performance scientific applications, Concurrency and Computation: Practice and Experience 13(8/9) (2001) 737–754.Google Scholar
  19. [19]
    T.Y.C. Woo and Simon S. Lam, Designing a distributed authorization service, in: Proceedings of IEEE INFOCOM, 1998.Google Scholar

Copyright information

© Springer Science + Business Media, Inc. 2006

Authors and Affiliations

  1. 1.The Applied Software Systems Laboratory (TASSL), Dept. of Electrical and Computer EngineeringRutgers UniversityPiscataway

Personalised recommendations