Abstract
The recent proliferation of e-services on the Internet (e.g. e-commerce, e-health) and the increasing attacks on them by malicious individuals have highlighted the need for e-service security. E-services on the mobile Internet (mi-services) are no exception. However, for mi-services, the level and type of security may depend on the user’s security preferences for the service, the power of the mobile platform, and the location of the mobile platform (we label these UPL). For example, if the user is traveling through a particularly dangerous area known for previous attacks, the security protection should be adjusted to use mechanisms that are resilient to these attacks. We propose the use of a security policy that allows for various security options commensurate with UPL, in conjunction with a context-aware security policy agent that notifies the service provider to activate new security appropriate to a change in UPL.
NRC Paper Number: NRC 48236
Chapter PDF
Similar content being viewed by others
References
Chae, M. and Kim, J. (December 2003), What’s So Different About the Mobile Internet?, Communications of the ACM, Vol. 46, No. 12.
Dinsmore, P. et al, 2000, Policy-Based Security Management for Large Dynamic Groups: An Overview of the DCCM Project, proceedings, DARPA Information Survivability Conference and Exposition, 2000 (DISCEX’00), Vol. 1, pp. 64–73.
Duflos, S., 2002, An Architecture for Policy-Based Security Management for Distributed Multimedia Services, proceedings, Multimedia’ 02, Juan-les-Pins, France.
Ghosh, A.K. and Swaminatha, T.M. (February 2001), Software Security and Privacy Risks in Mobile E-Commerce, Communications of the ACM, Vol. 44, No. 2, pp. 51–57.
Ho, S.Y. and Kwok, S.H. (January 2003), The Attraction of Personalized Service for Users in Mobile Commerce: An Empirical Study, ACM SIGecom Exchanges, Vol. 3, No. 4, pp. 10–18.
International Organization for Standardization, ISO 7498-2, Information Processing Systems — Open Systems Interconnection — Basic Reference Model — Part 2: Security Architecture; http://www.iso.org/
International Telecommunication Union Telecommunication Standardization Sector (ITU-T), Recommendation X.800, Security Architecture for OSI; http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.800-199103-I
Josang, A. and Sanderud, G., 2003, Security in Mobile Communications: Challenges and Opportunities. Australasian Information Security Workshop (AISW2003), Conferences in Research and Practice in Information Technology, Vol. 21, C. Johnson, P. Montague and C. Steketee, Eds.
Joshi, J. et al (February 2001), Security Models for Web-Based Applications, Communications of the ACM, Vol. 44, No. 2, pp. 38–44.
Mallat, N., Rossi, M., and Tuunainen, V.K. (May 2004), Mobile Banking Services, Communications of the ACM, Vol. 47, No. 5, pp. 42–46.
OASIS, extensible Access Control Markup Language; http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Varadharajan, V., 1990, A Multilevel Security Policy Model for Networks, proceedings, Ninth Annual Joint Conference of the IEEE Computer and Communication Societies (INFOCOM 90), Vol. 2, pp. 710–718.
Ventuneac, M., Coffey, T., Salomie, I., 2003, A Policy-Based Security Framework for Web-Enabled Applications, proceedings, 1 st International Symposium on Information and Communication Technologies, pp. 487–492, Dublin, Ireland.
Yee, G. and Korba, L., 2005, Negotiated Security Policies for E-Services and Web Services, proceedings of the 2005 IEEE International Conference on Web Services (ICWS 2005), San Diego, California.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Yee, G., Korba, L. (2005). Context-Aware Security Policy Agent for Mobile Internet Services. In: Glitho, R., Karmouch, A., Pierre, S. (eds) Intelligence in Communication Systems. INTELLCOMM 2005. IFIP — The International Federation for Information Processing, vol 190. Springer, Boston, MA. https://doi.org/10.1007/0-387-32015-6_23
Download citation
DOI: https://doi.org/10.1007/0-387-32015-6_23
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-29121-5
Online ISBN: 978-0-387-32015-1
eBook Packages: Computer ScienceComputer Science (R0)