Skip to main content
SpringerLink
Log in

Access Control in Location-Based Services

  • Chapter
Book cover Privacy in Location-Based Applications

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5599))

Abstract

Recent enhancements in location technologies reliability and precision are fostering the development of a new wave of applications that make use of the location information of users. Such applications introduces new aspects of access control which should be addressed. On the one side, precise location information may play an important role and can be used to develop Location-based Access Control (LBAC) systems that integrate traditional access control mechanisms with conditions based on the physical position of users. On the other side, location information of users can be considered sensitive and access control solutions should be developed to protect it against unauthorized accesses and disclosures. In this chapter, we address these two aspects related to the use and protection of location information, discussing existing solutions, open issues, and some research directions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Varshney, U.: Location management for mobile commerce applications in wireless internet environment. ACM Transactions on Internet Technology (TOIT) 3(3), 236–255 (2003)

    Article  Google Scholar 

  2. Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: Privacy-enhanced location services information. In: Acquisti, De Capitani di Vimercati, Gritzalis, Lambrinoudakis (eds.) Digital Privacy: Theory, Technologies and Practices. Auerbach Publications (2007)

    Google Scholar 

  3. Enhanced 911: Wireless Services, http://www.fcc.gov/911/enhanced/

  4. Chicago Tribune: Rental firm uses GPS in speeding fine, p.9. Associated Press, Chicago (July 2, 2001)

    Google Scholar 

  5. Duckham, M., Kulik, L.: Location privacy and location-aware computing. In: Drummond, J., Billen, R., Forrest, D., Joao, D. (eds.) Dynamic & Mobile GIS: Investigating Change in Space and Time, pp. 34–51. CRC Press, Boca Raton (2006)

    Google Scholar 

  6. Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: Location privacy protection through obfuscation-based techniques. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 47–60. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Duckham, M., Kulik, L.: A formal model of obfuscation and negotiation for location privacy. In: Gellersen, H.-W., Want, R., Schmidt, A. (eds.) Pervasive 2005. LNCS, vol. 3468, pp. 152–170. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  8. Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Ardagna, C., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: A privacy-aware access control system. Journal of Computer Security 16(4), 369–392 (2008)

    Article  Google Scholar 

  10. De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Recent advances in access control. In: Gertz, M., Jajodia, S. (eds.) Handbook of Database Security: Applications and Trends, Springer, Heidelberg (2008)

    Google Scholar 

  11. eXtensible Access Control Markup Language (XACML): Version 2.0 (February 2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

  12. Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security 10(3), 241–272 (2002)

    Article  Google Scholar 

  13. Akyildiz, I., Ho, J.: Dynamic mobile user location update for wireless PCS networks. Wireless Networks, vol. 1 (1995)

    Google Scholar 

  14. Faria, D., Cheriton, D.: No long-term secrets: Location-based security in overprovisioned wireless lans. In: Proc. of the 3rd ACM Workshop on Hot Topics in Networks (HotNets-III), San Diego, CA, USA (November 2004)

    Google Scholar 

  15. Garg, S., Kappes, M., Mani, M.: Wireless access server for quality of service and location based access control in 802.11 networks. In: Proc. of the 7th IEEE Symposium on Computers and Communications (ISCC 2002), Taormina/Giardini Naxos, Italy (July 2002)

    Google Scholar 

  16. Myllymaki, J., Edlund, S.: Location aggregation from multiple sources. In: Proc. of the 3rd IEEE International Conference on Mobile Data Management (MDM 2002), Singapore (January 2002)

    Google Scholar 

  17. Cho, Y., Bao, L., Goodrich, M.: Secure access control for location-based applications in WLAN systems. In: Proc. of the 3rd IEEE International Conference on Mobile Adhoc and Sensor Systems, Vancouver, Canada (October 2006)

    Google Scholar 

  18. Nord, J., Synnes, K., Parnes, P.: An architecture for location aware applications. In: Proc. of the 35th Hawaii International Conference on System Sciences, Hawaii, USA (2002)

    Google Scholar 

  19. Sastry, N., Shankar, U., Wagner, S.: Secure verification of location claims. In: Proc. of the ACM Workshop on Wireless Security (WiSe 2003), San Diego, CA, USA (September 2003)

    Google Scholar 

  20. Zhang, G., Parashar, M.: Dynamic context-aware access control for grid applications. In: Proc. of the 4th International Workshop on Grid Computing (Grid 2003), Phoenix, AZ, USA (November 2003)

    Google Scholar 

  21. Atallah, M., Blanton, M., Frikken, K.: Efficient techniques for realizing geo-spatial access control. In: Proc. of the 2nd ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS 2007), Singapore (March 2007)

    Google Scholar 

  22. Atluri, V., Shin, H., Vaidya, J.: Efficient security policy enforcement for the mobile environment. Journal of Computer Security 16(4), 439–475 (2008)

    Article  Google Scholar 

  23. Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: Supporting location-based conditions in access control policies. In: Proc. of the ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS 2006), Taipei, Taiwan (March 2006)

    Google Scholar 

  24. Open Geospatial Consortium: Geospatial eXtensible Access Control Markup Language (GeoXACML) Version 1.0 (February 2008), http://portal.opengeospatial.org/

  25. Marsit, N., Hameurlain, A., Mammeri, Z., Morvan, F.: Query processing in mobile environments: a survey and open problems. In: Proc. of the 1st International Conference on Distributed Framework for Multimedia Applications (DFMA 2005), Besancon, France (February 2005)

    Google Scholar 

  26. Ardagna, C., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: Privacy-enhanced location-based access control. In: Gertz, M., Jajodia, S. (eds.) The Handbook of Database Security: Applications and Trends, Springer, Heidelberg (2007)

    Google Scholar 

  27. Matheus, A.: Declaration and Enforcement of Access Restrictions for Distributed Geospatial Information Objects. Ph.D Thesis (2005)

    Google Scholar 

  28. Geographic Location/Privacy (geopriv), http://www.ietf.org/html.charters/geopriv-charter.html

  29. Cuellar, J., Morris, J., Mulligan, D., Peterson, J., Polk, J.: Geopriv Requirements. IETF RFC 3693 (February 2004)

    Google Scholar 

  30. Danley, M., Mulligan, D., Morris, J., Peterson, J.: Threat Analysis of the Geopriv Protocol. IETF RFC 3694 (February 2004)

    Google Scholar 

  31. Cuellar, J.: A Presence-based GEOPRIV Location Object Format. IETF RFC 4119 (December 2005)

    Google Scholar 

  32. Schulzrinne, H., Tschofenig, H., Morris, J., Cuellar, J., Polk, J., Rosenberg, J.: Common Policy: A Document Format for Expressing Privacy Preferences. IETF RFC 4745 (February 2007)

    Google Scholar 

  33. Hong, D., Yuan, M., Shen, V.Y.: Dynamic privacy management: a plug-in service for the middleware in pervasive computing. In: Proc. of the 7th International Conference on Human Computer Interaction with Mobile Devices & Services (MobileHCI 2005), Salzburg, Austria (2005)

    Google Scholar 

  34. Langheinrich, M.: Privacy by design-principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, p. 273. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  35. Myles, G., Friday, A., Davies, N.: Preserving privacy in environments with location-based applications. IEEE Pervasive Computing 2(1), 56–64 (2003)

    Article  Google Scholar 

  36. Cranor, L.: Web Privacy with P3P. O’Reilly & Associates, Sebastopol (2002)

    Google Scholar 

  37. World Wide Web Consortium (W3C): Platform for privacy preferences (P3P) project (April 2002), http://www.w3.org/TR/P3P/

  38. World Wide Web Consortium (W3C): A P3P Preference Exchange Language 1.0 (APPEL1.0) (April 2002), http://www.w3.org/TR/P3P-preferences/

  39. Hauser, C., Kabatnik, M.: Towards Privacy Support in a Global Location Service. In: Proc. of the IFIP Workshop on IP and ATM Traffic Management (WATM/EUNICE 2001), Paris, France (September 2001)

    Google Scholar 

  40. Hengartner, U., Steenkiste, P.: Protecting access to people location information. Security in Pervasive Computing (March 2003)

    Google Scholar 

  41. Hengartner, U., Steenkiste, P.: Implementing access control to people location information. In: Proc. of the ACM Symposium on Access Control Models and Technologies 2004 (SACMAT 2004), Yorktown Heights, New York, USA (2004)

    Google Scholar 

  42. Atluri, V., Chun, S.: An authorization model for geospatial data. IEEE Transactions on Dependable and Secure Computing 1(4), 238–254 (2004)

    Article  Google Scholar 

  43. Bettini, C., Wang, X., Jajodia, S.: Protecting privacy against location-based personal identification. In: Jonker, W., Petković, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 185–199. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  44. Ghinita, G., Kalnis, P., Skiadopoulos, S.: Privè: Anonymous location-based queries in distributed mobile systems. In: Proc. of the International World Wide Web Conference (WWW 2007), Banff, Canada (May 2007)

    Google Scholar 

  45. Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proc. of the 1st International Conference on Mobile Systems, Applications, and Services, San Francisco, CA, USA (May 2003)

    Google Scholar 

  46. Mokbel, M., Chow, C.Y., Aref, W.: The new casper: Query processing for location services without compromising privacy. In: Proc. of the 32nd International Conference on Very Large Data Bases, Seoul, Korea (September 2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Via Bramante, 65, Crema, Italy

    Claudio A. Ardagna, Marco Cremonini, Sabrina De Capitani di Vimercati & Pierangela Samarati

Authors
  1. Claudio A. Ardagna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marco Cremonini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sabrina De Capitani di Vimercati
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pierangela Samarati
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica e Comunicazione (DICO), Universita’ degli Studi di Milano, Via Comelico 39, 20135, Milano, Italy

    Claudio Bettini

  2. George Mason University, 4400 University Drive, 22030-4444, Fairfax, VA, USA

    Sushil Jajodia

  3. Dipartimento di Tecnologie dell’ Informazione, Universita’ degli Studi di Milano, Via Bramante 65, 26013, Crema, Italy

    Pierangela Samarati

  4. Department of Computer Science, University of Vermont, 33 Colchester Avenue, 05405, Burlington, VT, USA

    X. Sean Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P. (2009). Access Control in Location-Based Services. In: Bettini, C., Jajodia, S., Samarati, P., Wang, X.S. (eds) Privacy in Location-Based Applications. Lecture Notes in Computer Science, vol 5599. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03511-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03511-1_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03510-4

  • Online ISBN: 978-3-642-03511-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation