Protecting Access to People Location Information
- 701 Downloads
Ubiquitous computing provides new types of information for which access needs to be controlled. For instance, a person’s current location is a sensitive piece of information, and only authorized entities should be able to learn it. We present several challenges that arise for the specification and implementation of policies controlling access to location information. For example, there can be multiple sources of location information, policies need to be flexible, conflicts between policies might occur, and privacy issues need to be taken into account. Different environments handle these challenges in a different way. We discuss the challenges in the context of a hospital and a university environment. We show how our design of an access control mechanism for a system providing people location information addresses the challenges. Our mechanism can be deployed in different environments. We demonstrate feasibility of our design with an example implementation based on digital certificates.
KeywordsAccess Control Location Information Location System Central Authority Location Policy
Unable to display preview. Download preview PDF.
- 2.Bahl, P., Padmanabhan, V.: RADAR: An In-Building RF-Based User Location and Tracking System. In: Proceedings of IEEE Infocom 2000, pp. 775–784 (2000)Google Scholar
- 3.Priyantha, N., Chakraborty, A., Balakrishnan, H.: The Cricket Location-Support System. In: Proceedings of the Sixth Annual International Conference on Mobile Computing and Networking (MobiCom 2000) (2000) Google Scholar
- 4.Spreitzer, M., Theimer, M.: Providing Location Information in a Ubiquitous Computing Environment. In: Proceedings of SIGOPS 1993, pp. 270–283 (1993)Google Scholar
- 6.Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory. RFC 2693 (1999)Google Scholar
- 7.Judd, G., Steenkiste, P.: Providing Contextual Information to Ubiquitous Computing Applications. To appear in Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom 2003) (2003) Google Scholar
- 8.Howell, J., Kotz, D.: End-to-end authorization. In: Proceedings of the 4th Symposium on Operating System Design & Implementation (OSDI 2000), pp. 151–164 (2000)Google Scholar
- 11.Day, M., Aggarwal, S., Mohr, G., Vincent, J.: Instant Messaging / Presence Protocol Requirements. RFC 2779 (2000) Google Scholar
- 12.Greening, D.: Location Privacy (2002), http://www.openmobilealliance.org/lif/
- 13.Cuellar, J., Morris, J.B., Mulligan, D.: Geopriv requirements. Internet Draft (2002)Google Scholar