A Context-Aware Mandatory Access Control Model for Multilevel Security Environments

  • Jafar Haadi Jafarian
  • Morteza Amini
  • Rasool Jalili
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5219)


Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments like military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes may be required in some environments. Moreover, as computing technology becomes more pervasive, flexible access control mechanisms are needed. Unlike traditional approaches for access control, such access decisions depend on the combination of the required credentials of users and the context of the system. Incorporating context-awareness into mandatory access control models results in a model appropriate for handling such context-aware policies and context- sensitive class association mostly needed in multilevel security environments. In this paper, we introduce a context-aware mandatory access control model (CAMAC) capable of dynamic adaptation of access control policies to the context, and handling context-sensitive class association, in addition to preservation of confidentiality and integrity. One of the most significant characteristics of the model is its high expressiveness which allows us to express various mandatory access control models such as Bell-LaPadula, Biba, Dion, and Chinese Wall with it.


Mandatory Access Control Context-Awareness Confidentiality Integrity 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bell, D.E., LaPadula, L.J.: Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report MTR-2997 Rev. 1. MITRE Corporation (1976)Google Scholar
  2. 2.
    Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations. Technical Report MTR-2547. MITRE Corporation (1976)Google Scholar
  3. 3.
    Biba, K.: Integrity Considerations for Secure Computer Systems. In: Corporation, M. (ed.): Technical Report MTR-3153, Bedford, MA (1977)Google Scholar
  4. 4.
    Dion, L.C.: A Complete Protection Model. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 49–55 (1981)Google Scholar
  5. 5.
    Brewer, D.F.C., Nash, M.J.: The Chinese Wall Security Policy. In: IEEE Symposium Research in Security and Privacy, pp. 215–228. IEEE CS Press, Los Alamitos (1989)Google Scholar
  6. 6.
    Sandhu, R.S.: Lattice-Based Access Control Models. IEEE Computer 26(11), 9–19 (1993)Google Scholar
  7. 7.
    Sandhu, R.S., Samarati, P.: Access Controls: Principles and Practice. IEEE Communications 32 (9), 40–48 (1994)CrossRefGoogle Scholar
  8. 8.
    Kumar, A., Karnik, N., Chafle, G.: Context Sensitivity in Role Based Access Control. ACM SIGOPS Operating Systems Review, 53–66 (2002)Google Scholar
  9. 9.
    Al-Kahtani, M.A., Sandhu, R.: A Model for Attribute-Based User-Role Assignment. In: 18th Annual Computer Security Applications Conference, pp. 353–364. IEEE Computer Society Press, Las Vegas (2002)CrossRefGoogle Scholar
  10. 10.
    Covington, M., Moyer, M., Ahamad, M.: Generalized role-based access control for securing future applications. In: 23rd National Information Systems Security Conference, Baltimore, MD, USA (2000),
  11. 11.
    Zhang, G., Parashar, M.: Context-aware dynamic access control for pervasive applications. In: Communication Networks and Distributed Systems Modeling and Simulation conference, San Diego (2000)Google Scholar
  12. 12.
    Georgiadis, C.K., Mavridis, I., Pangalos, G., Thomas, R.K.: Flexible Team-based Access Control Using Contexts. In: Sixth ACM Symposium on Access Control Models and Technologies, pp. 21–27. ACM Press, Chantilly (2001)CrossRefGoogle Scholar
  13. 13.
    Hu, J., Weaver, A.C.: A Dynamic, Context-Aware Security Infrastructure for Distributed Healthcare Applications. In: First Workshop on Pervasive Privacy Security, Privacy, and Trust, Boston, MA, USA (2004),
  14. 14.
    Ray, I., Kumar, M.: Towards a location-based mandatory access control model. Computers & Security 25, 36–44 (2006)CrossRefGoogle Scholar
  15. 15.
    Baldauf, M., Dustdar, S.: A Survey on Context-aware Systems. Technical report TUV-1841-2004-24. Distributed Systems Group, Technical University of Vienna (2004)Google Scholar
  16. 16.
    Korpipää, P., Mäntyjärvi, J., Kela, J., Keränen, H., Malm, E.-J.: Managing Context Information in Mobile Devices. IEEE Pervasive Computing 2 (3), 42–51 (2003)CrossRefGoogle Scholar
  17. 17.
    Tao Gu, X.H.W., Pung, H.K., Zhang, D.Q.: A Middleware for Building Context-Aware Mobile Services. In: IEEE Vehicular Technology Conference, Milan, Italy, vol. 5, pp. 2656–2660 (2004)Google Scholar
  18. 18.
    Fahy, P., Clarke, S.: CASS: Middleware for Mobile, Context-Aware Applications. In: Workshop on Context Awareness at MobiSys., Boston, pp. 304–308 (2004)Google Scholar
  19. 19.
    Chen, H., Finn, T., Joshi, A.: Using OWL in a Pervasive Computing Broker. In: Workshop on Ontologies in Open Agent Systems, AAMAS 2003, Melbourne, Australia, pp. 9–16 (2003)Google Scholar
  20. 20.
    Dey, A.K., Salber, D., Abowd, G.D.: A Conceptual Framework and a Toolkit for Supporting the Rapid Prototyping of Context-Aware Applications. Human-Computer Interaction (HCI) Journal 16(2-4), 97–166 (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jafar Haadi Jafarian
    • 1
  • Morteza Amini
    • 1
  • Rasool Jalili
    • 1
  1. 1.Department of Computer EngineeringSharif University of TechnologyTehranIran

Personalised recommendations