Security Policy Model for Ubiquitous Social Systems
Ubiquitous social systems encompass ubiquitous computing, enterprise mobility and consumerization of IT, amplifying the threats associated to these fields. Context-aware security systems have been proposed as solutions for many of these threats. We argue that policy models used by these systems are not suitable for ubiquitous social systems. They lack of sufficient abstractions for specification and analysis of security policies and unnecessarily burden them with context reasoning rules. This can compromise the correctness of security policies and the performance of security systems. To address these issues, we propose a security policy model for ubiquitous social systems. The model defines all possible contextual information as policy abstractions, enabling clear and precise analysis of how they influence access control. Moreover, it takes into account the social related aspect and introduces an object life cycle. As a result, our model provides more intuitive abstractions and facilitates policy specification and context-aware security provisioning.
KeywordsSecurity Context Security policy Ubiquitous computing Consumerization of IT Mobile devices
- 3.Bonatti, P., Galdi, C., Torres, D.: ERBAC: Event-driven RBAC. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, pp. 125–136. ACM (2013)Google Scholar
- 4.Covington, M.J., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT 2001, pp. 10–20. ACM (2001)Google Scholar
- 9.Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT 2008, pp. 113–122. ACM (2008)Google Scholar
- 10.Mostefaoui, G.K.: Towards a conceptual and software framework for integrating context-based security in pervasive environments. Ph.D. thesis, University of Fribourg (2004)Google Scholar
- 12.Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: Proteus: A semantic context-aware adaptive policy model. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2007, pp. 129–140. IEEE Computer Society (2007)Google Scholar