Protecting Access to People Location Information

  • Urs Hengartner
  • Peter Steenkiste
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2802)


Ubiquitous computing provides new types of information for which access needs to be controlled. For instance, a person’s current location is a sensitive piece of information, and only authorized entities should be able to learn it. We present several challenges that arise for the specification and implementation of policies controlling access to location information. For example, there can be multiple sources of location information, policies need to be flexible, conflicts between policies might occur, and privacy issues need to be taken into account. Different environments handle these challenges in a different way. We discuss the challenges in the context of a hospital and a university environment. We show how our design of an access control mechanism for a system providing people location information addresses the challenges. Our mechanism can be deployed in different environments. We demonstrate feasibility of our design with an example implementation based on digital certificates.


Access Control Location Information Location System Central Authority Location Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Garlan, D., Siewiorek, D., Smailagic, A., Steenkiste, P.: Project Aura: Towards Distraction-Free Pervasive Computing. IEEE Pervasive Computing 1, 22–31 (2002)CrossRefGoogle Scholar
  2. 2.
    Bahl, P., Padmanabhan, V.: RADAR: An In-Building RF-Based User Location and Tracking System. In: Proceedings of IEEE Infocom 2000, pp. 775–784 (2000)Google Scholar
  3. 3.
    Priyantha, N., Chakraborty, A., Balakrishnan, H.: The Cricket Location-Support System. In: Proceedings of the Sixth Annual International Conference on Mobile Computing and Networking (MobiCom 2000) (2000) Google Scholar
  4. 4.
    Spreitzer, M., Theimer, M.: Providing Location Information in a Ubiquitous Computing Environment. In: Proceedings of SIGOPS 1993, pp. 270–283 (1993)Google Scholar
  5. 5.
    Leonhardt, U., Magee, J.: Security Considerations for a Distributed Location Service. Journal of Network and Systems Management 6, 51–70 (1998)CrossRefGoogle Scholar
  6. 6.
    Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory. RFC 2693 (1999)Google Scholar
  7. 7.
    Judd, G., Steenkiste, P.: Providing Contextual Information to Ubiquitous Computing Applications. To appear in Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom 2003) (2003) Google Scholar
  8. 8.
    Howell, J., Kotz, D.: End-to-end authorization. In: Proceedings of the 4th Symposium on Operating System Design & Implementation (OSDI 2000), pp. 151–164 (2000)Google Scholar
  9. 9.
    Harter, A., Hopper, A.: A Distributed Location System for the Active Office. IEEE Network 8, 62–70 (1994)CrossRefGoogle Scholar
  10. 10.
    Ward, A., Jones, A., Hopper, A.: A New Location Technique for the Active Office. IEEE Personal Communications 4, 42–47 (1997)CrossRefGoogle Scholar
  11. 11.
    Day, M., Aggarwal, S., Mohr, G., Vincent, J.: Instant Messaging / Presence Protocol Requirements. RFC 2779 (2000) Google Scholar
  12. 12.
    Greening, D.: Location Privacy (2002),
  13. 13.
    Cuellar, J., Morris, J.B., Mulligan, D.: Geopriv requirements. Internet Draft (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Urs Hengartner
    • 1
  • Peter Steenkiste
    • 1
    • 2
  1. 1.Computer Science Department 
  2. 2.Department of Electrical and Computer EngineeringCarnegie Mellon University 

Personalised recommendations