SESAME: Scalable, Environment Sensitive Access Management Engine
- 46 Downloads
As computing technology becomes more pervasive and mobile services are deployed, applications will need flexible access control mechanisms. Although lots of researches have been done on access control, these efforts focus on relatively static scenarios where access depends on identity of the subject. They do not address access control issues for pervasive applications where the access privileges of a subject not only depend on its identity but also on its current context and state. In this paper, we present the SESAME dynamic context-aware access control mechanism for pervasive applications. SESAME complements current authorization mechanisms to dynamically grant and adapt permissions to users based on their current context. The underlying dynamic role based access control (DRBAC) model extends the classic role based access control (RBAC). We also present a prototype implementation of SESAME and DRBAC with the Discover computational collaboratory and an experimental evaluation of its overheads.
Keywordssecurity access control context-aware pervasive computing role based
Unable to display preview. Download preview PDF.
- G.D. Abowd and A.K. Dey, The context toolkit: Aiding the development of context-aware applications, in: Human Factors in Computing Systems: CHI 99, ACM Press, eds, Pittsburgh, PA, USA, (May 1999) pp. 434–441.Google Scholar
- V. Bhat and M. Parashar, A middleware substrate for integrating services on the grid, Technical Report Technical Report Number TR-268, ICenter for Advanced Information Processing, Rutgers University, November 2002.Google Scholar
- S. Gavrila, D.R. Kuhn, D.F. Ferraiolo, R. Sandhu and R. Chandramouli, Proposed nist standard for role-based access control, ACM Transactions on Information and System Security 4(3) (2001) 224–274.Google Scholar
- National Science Fundation. National Ecological Observatory Network Project Web Site, http://www.nsf.gov/bio/neon/start.htm.
- L. Giuri and P. Iglio, Role templates for content-based access control, in: Proceedings of the Second ACM Workshop on Role Based Access Control, Virginia, USA (1997).Google Scholar
- G. Tsudik, S. Tuecke, I. Foster and C. Kesselman, A security architecture for computational grids, in: 5th ACM Conference on Computer and Communications Security Conference, San Francisco, CA, USA (1998) pp. 88–92.Google Scholar
- R. Campbell, J.Al-Muhtadi, A. Ranganathan and M.D. Mickunas, A flexible, privacy-presevering authentication framework for ubiquitous computing environments, in: International Workshop on Smart Appliances and Wearable Computing, Vienna, Austria (2002).Google Scholar
- K. Beznosov, J. Barkley and J. Uppal, Supporting relationships in access control using role based access control, 1999.Google Scholar
- J. Elson, H. Wang, D. Maniezzo, R.E. Hudson, K. Yao, J.C. Chen, L. Yip and D. Estrin, Coherent acoustic array processing and localization on wireless sensor network, IEEE Proceedings 91(8), August (2003).Google Scholar
- M.J. Moyer, M.J. Covington and M. Ahamad, Generalized role-based access control for securing future applications, in: 23rd National Information Systems Security Conference. (NISSC 2000), Baltimore, Md, USA (October 2000).Google Scholar
- S. Srinivasan, A. Dey, M. Ahamad, M.J. Covington, W. Long and G. Abowd, Securing context-aware applications using environment roles (May 2001).Google Scholar
- V. Mann and M. Parashar, Engineering an interoperable computational collaboratory on the grid, Special Issue on Grid Computing Environments, Concurrency and Computation: Practice and Experience 14(13/15) (2002) 1569–1593.Google Scholar
- R. Muralidhar and M. Parashar, A distributed object infrastructure for interaction and steering, in: Concurrency and Computation: Practice and Experience, to appear.Google Scholar
- Massachusetts Institute of Technology. The IntelligentRoom Research Project Web Site, http://www.ai.mit.edu/projects/iroom/index.shtml.
- Globus Project. Globus Project Web Site, 2003. http://www.globus.org/.
- H. Feinstein, R. Sandhu, E. Coyne and C. Youman, Role-based access control models, IEEE Computer, 29(2) (1996) 38–47.Google Scholar
- Network Weather Service. University of California, Santa Barbara, Research Project Web Site, 2003. http://nws.cs.ucsb.edu/.
- R. Muralidhar, V. Mann, V. Matossian and M. Parashar, Discover: An environment for web-based interaction and steering of high-performance scientific applications, Concurrency and Computation: Practice and Experience 13(8/9) (2001) 737–754.Google Scholar
- T.Y.C. Woo and Simon S. Lam, Designing a distributed authorization service, in: Proceedings of IEEE INFOCOM, 1998.Google Scholar