Abstract
High heterogeneity and dynamicity of pervasive computing environments introduces requirement of more flexible and functional access control policies. The notion of provisional actions has been defined previously to overcome the insufficient grant/denial response to an access request and has been incorporated in the provision-based access control model (PBAC). Based on PBAC, we propose a context-aware provision-based access control model, capable of dynamic adaptation of access control policy according to the changing context. In particular, the model facilitates the definition of context-aware policies and enriches the access control by enforcing provisional actions in addition to common permissions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Korkea-aho, M.: Context-aware applications survey. Technical report, Helsinki University of Technology (2000)
Dey, A.K.: Understanding and using context. Personal and Ubiquitous Computing 5(1), 4–7 (2001)
Thomas, R.K., Sandhu, R.S.: Models, protocols, and architectures for secure pervasive computing: Challenges and research directions. In: 2nd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), Orlando, FL, USA, pp. 164–170 (2004)
McDaniel, P.D.: On context in authorization policy. In: 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), Villa Gallia, Como, Italy. ACM Press, New York (2003)
Jajodia, S., Kudo, M., Subrahmanian, V.S.: Provisional authorizations. In: 1st Workshop on Security and Privacy in E-Commerce, Athens, Greece (2000)
Kudo, M.: Pbac: Provision-based access control model. International Journal of Information Security 1(2), 116–130 (2002)
Bettini, C., Jajodia, S., Sean Wang, X., Wijesekera, D.: Provisions and obligations in policy management and security applications. In: Bressan, S., Chaudhri, A.B., Li Lee, M., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, pp. 502–513. Springer, Heidelberg (2003)
Park, J., Sandhu, R.S.: The uconabc usage control model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)
Han, W., Zhang, J., Yao, X.: Context-sensitive access control model and implementation. In: Fifth International Conference on Computer and Information Technology (CIT 2005), Shanghai, China, pp. 757–763. IEEE Computer Society, Los Alamitos (2005)
Kouadri Mostéfaoui, G., Brézillon, P.: Modeling context-based security policies with contextual graphs. In: 2nd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), Orlando, FL, USA, pp. 28–32. IEEE Computer Society, Los Alamitos (2004)
Al-Kahtani, M.A., Sandhu, R.S.: A model for attribute-based user-role assignment. In: 18th Annual Computer Security Applications Conference (ACSAC 2002), Las Vegas, NV, USA, pp. 353–364. IEEE Computer Society, Los Alamitos (2002)
Moyer, M.J., Ahamad, M.: Generalized role-based access control. In: 21st International Conference on Distributed Computing Systems, pp. 391–398 (2001)
Zhang, G., Parashar, M.: Context-aware dynamic access control for pervasive applications. In: Communication Networks and Distributed Systems Modeling and Simulation Conference, San Diego, USA (2004)
Roman, M., Hess, C., Cerqueira, R., Ranganathan, A., Campbell, R.H., Nahrstedt, K.: A middleware infrastructure for active spaces. IEEE Pervasive Computing 1(4), 74–83 (2002)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 31–42. IEEE Computer Society, Los Alamitos (1997)
Dunlop, N., Indulska, J., Raymond, K.: Methods for conflict resolution in policy-based management systems. In: 7th IEEE International Enterprise Distributed Object Computing Conference, Brisbane, Australia, pp. 98–109. IEEE Computer Society, Los Alamitos (2003)
ITU-T: Security Frameworks for Open Systems: Access Control Framework. ITU-T Recommendation X.812 (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Masoumzadeh, A.R., Amini, M., Jalili, R. (2006). Context-Aware Provisional Access Control. In: Bagchi, A., Atluri, V. (eds) Information Systems Security. ICISS 2006. Lecture Notes in Computer Science, vol 4332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11961635_9
Download citation
DOI: https://doi.org/10.1007/11961635_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68962-1
Online ISBN: 978-3-540-68963-8
eBook Packages: Computer ScienceComputer Science (R0)