A Policy-based Authorization Scheme for Resource Sharing in Pervasive Environments

  • Roberto Morales
  • Jetzabel Serna
  • Manel Medina


Ubiquitous environments require special properties that traditional computing does not support. The high diversity of mobile devices and the marked rise in ubiquitous resources have originated a great variety of challenges such as a proper resource management which plays a fundamental role in pervasive computing, where adaptation and dynamic re-configuration of resources take place. In previous works [MoGi08], [MoOG10] we have presented CARM (Composable-Adaptive Resource Management), a new adaptive resource management approach that supports adaptation for the required resources. CARM constitutes a component-based model to abstract system’s ubiquitous resources in a transparent and uniform way to the applications. Due to its network heterogeneity and the dynamic population of nomadic users, important security challenges arise; therefore, in this article we address CARM’s primary security concerns towards the development of a “Security module” capable of certifying the eligibility of devices to join a personal network without compromising privacy. Our approach is analyzed in terms of Authentication and Authorization, essentially consisting of an authorization scheme using Attribute Certificates (ACs) and supported by control policies that define all authorization decisions needed among unknown devices. This paper mainly describes ongoing work towards a proof-of-concept implementation in the given scenarios; initially considering two CARM enabled mobile-phones with Bluetooth connectivity and enforcing security without altering the bandwidth efficiency.


Malicious Node Security Module Attribute Certificate Pervasive Environment Authorization Decision 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Morales, R. and Gil, M., CARM: Composable, Adaptive Resource Management System in Ubiquitous Computing Environments. Advances in Soft Computing. J. M. Corchado, D. I. Tapia and J. Bravo, Springer Berlin /Heidelberg. Volume 51/2009: 335–342, 2008.CrossRefGoogle Scholar
  2. Morales, R., Otero, B. and Gil, M., Mobile Resource Management for a Better User Experience: An Audio Case Study, 4th Symposium of Ubiquitous Computing and Ambient Intelligence (UCAmI), 2010.Google Scholar
  3. Roy, W., Trevor, P., Sud, S., Rosario, B., et al. Dynamic Composable Computing, Proceedings of the 9th workshop on Mobile computing systems and applications. Napa Valley, California, ACM, 2008.Google Scholar
  4. Xiang, S. and R. Umakishore, MobiGo: A Middleware for Seamless Mobility, Proceedings of the 13th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, IEEE Computer Society, 2007.Google Scholar
  5. Claycomb, W. and Shin, D. 2007. Towards secure resource sharing for impromptu collaboration in pervasive computing. In Proceedings of the 2007 ACM Symposium on Applied Computing (Seoul, Korea, March 11 - 15, 2007). SAC ’07. ACM, New York, NY, 940–946. DOI= Scholar
  6. OASIS. eXtensible Access Control Markup Language (XACML) Version 2.0, 2005. OASIS Committee Specification: Tim Moses (editor).Google Scholar
  7. S. Farrell. An Internet Attribute Certificate Profile for Authorization. Network Working Group, Request for Comments: 3281, April 2002. RFC-3281. Online. Network Working Group. Available
  8. P. Yee. Attribute Certificate Request Message Format. PKIX Working Group, Internet Draft, March 2002. Online. Available
  9. C. Francis Raytheon and D. Pinkas Bull. Attribute Certificate (AC) Policies Extension. Network Working Group, Request for Comments: 4476, May 2006, RFC-4476. Online. Network Working Group. Available
  10. Patroklos G. Argyroudis and D. O’Mahony. ÆTHER: an Authorization Management Architecture for Ubiquitous Computing. In Proceedings of 1st European PKI Workshop: Research and Applications (EuroPKI04), 246–259, Springer-Verlag 2004.Google Scholar
  11. A. Boukerche and Y. Ren A trust-based security system for ubiquitous and pervasive computing environments. Computers and Communications 31: 4343–4351, 2008.CrossRefGoogle Scholar
  12. L. Kagal, T. Finin and A. Joshi Trust-Based Security in Pervasive Computing Environments. Computer, vol. 34, no. 12, pp. 154–157, Dec. 2001.CrossRefGoogle Scholar
  13. D. Chadwick, Z.Gansen, S. Otenko, R. Laborde, L. Su and T. A. Nguyen. PERMIS: A Modular Authorization Infrastructure. Concurrency and Computation: Practice & Experience – Volume 20 , Issue 11 1341–1357, August 2008.CrossRefGoogle Scholar
  14. W. Zhou and C. Meinel Implement role based access control with attribute certificates. In Proceedings of the 6th International Conference on Advanced Communication Technology - Volume 1, 536–541, Feb. 2004.Google Scholar
  15. U.M. Mbanaso, G.S. Cooper, D.W. Chadwick and S. Proctor Privacy Preserving Trust Authorization Framework Using XACML. In Proceedings of the International Symposium on on World of Wireless, Mobile and Multimedia Networks. 673–678, 2006.Google Scholar

Copyright information

© Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH 2011

Authors and Affiliations

  • Roberto Morales
    • 1
  • Jetzabel Serna
    • 2
  • Manel Medina
    • 3
  1. 1.Computer Architecture DepartmentTechnical University of CataloniaBarcelonaSpain
  2. 2.Computer Architecture DepartmentTechnical University of CataloniaBarcelonaSpain
  3. 3.Computer Architecture DepartmentTechnical University of CataloniaBarcelonaSpain

Personalised recommendations