Abstract
Access control models generally distinguish between physical access control that mediates access to physical resources such as buildings, sections of buildings or individual rooms, and logical access control that mediates access to logical objects such as information stored in files or databases. All logical access control models make some, more or less implicit, assumptions about the physical access control model, e.g. that servers are locked in a room with restricted access. However, problems arise when a logical object gets a physical representation, e.g. when a file is displayed on a screen or printed, because the logical access control model has no way to ensure, or even to monitor, that the physical access control policies are being enforced.
Traditionally, physical access control policies are enforced by compartmentalization. Users are separated from other users and resources by placing them in different physical locations such as different offices in a building. Access from one to the other is impossible without passing a guard or a door lock, i.e., guards or distribution of keys/access-cards effectively enforce the physical access control policy. However, these mechanisms are generally coarse-grained, inflexible and expensive.
In this paper, we propose a Sensor Enhanced Access Control (SEAC) model that extends existing logical access control models with context-awareness. This allows the model to incorporate information about the physical environment and to explicitly define and enforce physical access control policies for logical objects that have physical representations. A prototype implementation of the SEAC model has been developed for the Unix platform. The prototype protects file data when displayed on a computer screen by managing the visibility of windows in the X Window System. Context-awareness is provided by a simple motion detection system build using cheap web-cameras. However, the system is designed so that the sensor component easily can be replaced, making it possible to deploy advanced sensor technologies.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Department of defence trusted computer system evaluation criteria. The Orange Book (December 1985), http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html
Al-Muhtadi, J., Ranganathan, A., Campbell, R., Dennis Mickunas, M.: Cerberus: A context-aware security scheme for smart spaces. In: PERCOM 2003: Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, p. 489. IEEE Computer Society (2003)
Aziz, B., Jensen, C.: Adaptability in corba: The mobile proxy approach. In: International Symposium on Distributed Objects and Applications, pp. 295–304 (2000)
Berger, J.L., Picciotto, J., Woodward, J.P.L., Cummings, P.T.: Compartmented mode workstation: Prototype highlights. IEEE Trans. Softw. Eng. 16(6), 608–618 (1990)
Bertino, E., Catania, B., Damiani, P.P.M.L.: Geo-rbac: a spatially aware rbac. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, pp. 29–37 (June 2005)
Brewer, D., Nash, M.: The chinese wall security policy. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Computer Society Press (May 1989)
Covington, M.J.: A Flexible Security Architecture for Pervasive Computing Environments. PhD thesis, College of Computing, Georgia Institute of Technology (April 2004)
Covington, M.J., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: SACMAT 2001: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 10–20. ACM Press (2001)
Covington, M.J., Moyer, M.J., Ahamad, M.: Generalized role-based access control for securing future applications. In: Proceedings of the National Information Systems Security Conference, NISSC (2000)
Kilpatrick, C.V.D., Salamon, W.: Securing the x window system with selinux. Technical report, NAI Labs (2003)
Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)
Frank, K., Willemoes-Wissing, I.C.: Combining logical and physical access control for smart environments. Master’s thesis, Informatics and Mathematical Modelling, Technical University of Denmark (2004), http://www.imm.dtu.dk/pubdb/p.php?3401
Hengartner, U., Steenkiste, P.: Access control to information in pervasive computing environments. In: Proceedings of 9th Workshop on Hot Topics in Operating Systems (HotOS IX), Usenix (2003)
Kirschmeyer, M., Hansen, M.S.: Persistent authentication in smart environments. Imm-thesis-2008-16, Department of Informatics & Mathematical Modelling, Technical University of Denmark (2008)
Landwehr, C.E.: Formal models for computer security. ACM Computing Serveys 13(3), 247–278 (1981)
LaPadula, L., Bell, D.E.: Secure computer systems: A mathematical model. MITRE Technical Report 2547, II, May 1973. An electronic reconstruction by Len LaPadula (November 1996)
Loscocco, P.A., Smalley, S.D., Muckelbauer, P.A., Taylor, R.C., Turner, S.J., Farrell, J.F.: The inevitability of failure: The flawed assumption of security in modern computing environments. In: Proceedings of the 21st National Information Systems Security Conference, pp. 303–314 (1998)
Jensen, C.D., Hansen, M.S., Kirshmeyer, M.: Persistent authentication in smart environments. In: Proceedings of the 2nd International Workshop on Combining Context with Trust, Security, and Privacy, Trondheim, Norway, pp. 31–44 (June 2008)
Tistarelli, M., Li, S.Z., Chellappa, R. (eds.): Handbook of Remote Biometrics. Springer, New York (2009)
Rosenthal, D.: Inter-Client Communication Conventions Manual. Sun Microsystems, Inc., version 2.0 edition (1994), ftp://ftp.x.org/pub/R6.6/xc/doc/hardcopy/ICCCM/icccm.PS.gz
Rosenthal, D.S.H.: Evolving the vnode interface. In: Proceedings of the Summer USENIX Technical Conference, pp. 107–118 (1990)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Schilit, B., Adams, N., Want, R.: Context-aware computing applications. In: Proceedings of the 1st International Workshop on Mobile Computing Systems and Applications, pp. 85–90 (1994)
Zadok, E.: FiST: A System for Stackable File System Code Generation. PhD thesis, Computer Science Department, Columbia University (May 2001), http://www.cs.columbia.edu/~ezk/research/thesis
Zadok, E., Nieh, J.: Fist: A language for stackable file systems. In: Proceedings of the Annual USENIX Technical Conference, pp. 55–77 (June 2000)
Zhang, G., Parashar, M.: Context-aware dynamic access control for pervasive applications. In: Communication Networks and Distributed Systems Modeling and Simulation Conference, CNDS 2004 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Jensen, C.D., Geneser, K., Willemoes-Wissing, I.C. (2013). Sensor Enhanced Access Control: Extending Traditional Access Control Models with Context-Awareness. In: Fernández-Gago, C., Martinelli, F., Pearson, S., Agudo, I. (eds) Trust Management VII. IFIPTM 2013. IFIP Advances in Information and Communication Technology, vol 401. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38323-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-38323-6_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38322-9
Online ISBN: 978-3-642-38323-6
eBook Packages: Computer ScienceComputer Science (R0)