Security Policy Model for Ubiquitous Social Systems

  • Vladimir JovanovikjEmail author
  • Dušan Gabrijelčič
  • Tomaž Klobučar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10257)


Ubiquitous social systems encompass ubiquitous computing, enterprise mobility and consumerization of IT, amplifying the threats associated to these fields. Context-aware security systems have been proposed as solutions for many of these threats. We argue that policy models used by these systems are not suitable for ubiquitous social systems. They lack of sufficient abstractions for specification and analysis of security policies and unnecessarily burden them with context reasoning rules. This can compromise the correctness of security policies and the performance of security systems. To address these issues, we propose a security policy model for ubiquitous social systems. The model defines all possible contextual information as policy abstractions, enabling clear and precise analysis of how they influence access control. Moreover, it takes into account the social related aspect and introduces an object life cycle. As a result, our model provides more intuitive abstractions and facilitates policy specification and context-aware security provisioning.


Security Context Security policy Ubiquitous computing Consumerization of IT Mobile devices 


  1. 1.
    Bai, G., Gu, L., Feng, T., Guo, Y., Chen, X.: Context-aware usage control for Android. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICSSITE, vol. 50, pp. 326–343. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-16161-2_19 CrossRefGoogle Scholar
  2. 2.
    Bettini, C., Brdiczka, O., Henricksen, K., Indulska, J., Nicklas, D., Ranganathan, A., Riboni, D.: A survey of context modelling and reasoning techniques. Pervasive Mob. Comput. 6(2), 161–180 (2010)CrossRefGoogle Scholar
  3. 3.
    Bonatti, P., Galdi, C., Torres, D.: ERBAC: Event-driven RBAC. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, pp. 125–136. ACM (2013)Google Scholar
  4. 4.
    Covington, M.J., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT 2001, pp. 10–20. ACM (2001)Google Scholar
  5. 5.
    Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008)CrossRefzbMATHGoogle Scholar
  6. 6.
    Dey, A.K.: Understanding and using context. Pers. Ubiquit. Comput. 5(1), 4–7 (2001)CrossRefGoogle Scholar
  7. 7.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)CrossRefGoogle Scholar
  8. 8.
    Jovanovikj, V., Gabrijelčič, D., Klobučar, T.: A conceptual model of security context. Int. J. Inf. Secur. 13(6), 571–581 (2014)CrossRefGoogle Scholar
  9. 9.
    Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT 2008, pp. 113–122. ACM (2008)Google Scholar
  10. 10.
    Mostefaoui, G.K.: Towards a conceptual and software framework for integrating context-based security in pervasive environments. Ph.D. thesis, University of Fribourg (2004)Google Scholar
  11. 11.
    Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(1), 128–174 (2004)CrossRefGoogle Scholar
  12. 12.
    Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: Proteus: A semantic context-aware adaptive policy model. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2007, pp. 129–140. IEEE Computer Society (2007)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Vladimir Jovanovikj
    • 1
    • 2
    Email author
  • Dušan Gabrijelčič
    • 1
  • Tomaž Klobučar
    • 1
  1. 1.Laboratory for Open Systems and NetworksJožef Stefan InstituteLjubljanaSlovenia
  2. 2.Jožef Stefan International Postgraduate SchoolLjubljanaSlovenia

Personalised recommendations