Supporting location-based conditions in access control policies

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Supporting location-based conditions in access control policies

Full text

Pdf (347 KB)

Source

ASIAN ACM Symposium on Information, Computer and Communications Security archive
Proceedings of the 2006 ACM Symposium on Information, computer and communications security table of contents

Taipei, Taiwan

SESSION: Access control and authorization table of contents

Pages: 212 - 222

Year of Publication: 2006

ISBN:1-59593-272-0

Authors

Claudio A. Ardagna	DTI - Università di Milano, Crema - Italy
Marco Cremonini	DTI - Università di Milano, Crema - Italy
Ernesto Damiani	DTI - Università di Milano, Crema - Italy
Sabrina De Capitani di Vimercati	DTI - Università di Milano, Crema - Italy
Pierangela Samarati	DTI - Università di Milano, Crema - Italy

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 15, Downloads (12 Months): 219, Citation Count: 5

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1128817.1128850 What is a DOI?

ABSTRACT

Location-based Access Control (LBAC) techniques allow taking users' physical location into account when determining their access privileges. In this paper, we present an approach to LBAC aimed at integrating location-based conditions along with a generic access control model, so that a requestor can be granted or denied access by checking her location as well as her credentials. Our LBAC model includes a novel way of taking into account the limitations of the technology used to ascertain the location of the requester. Namely, we describe how location verification can be encapsulated as a service, representing location technologies underlying it in terms of two semantically uniform service level agreement (SLA) parameters called confidence and timeout. Based on these parameters, we present the formal definition of a number of location-based predicates, their management, evaluation, and enforcement. The challenges that such an extension to traditional access control policies inevitably carries are discussed also with reference to detailed examples of LBAC policies.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Ian F. Akyildiz , Joseph S. M. Ho, Dynamic mobile user location update for wireless PCS networks, Wireless Networks, v.1 n.2, p.187-196, 1995 [doi>10.1007/BF01202541]
	2	M. Anisetti, C.A. Ardagna, V. Bellandi, and E. Damiani. Positioning method and system for mobile communications networks, related networks and computer program product. European Patent No. 05425643.3, Deposited in date 15 September 2005.
	3	C.A. Ardagna, E. Damiani, S. De Capitani di Vimercati, and P. Samarati. Towards privacy-enhanced authorization policies and languages. In Proc. of the 19th IFIP WG11.3 Working Conference on Data and Application Security, Nathan Hale Inn, University of Connecticut, Storrs, USA, August 7--10 2005.
	4	Alastair R. Beresford , Frank Stajano, Mix Zones: User Privacy in Location-aware Services, Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, p.127, March 14-17, 2004
	5	C. Bettini, X.S. Wang, and S. Jajodia. Protecting privacy against location-based personal identification. In Proc. of the 2nd VLDB Workshop on Secure Data Management, Trondheim, Norway, September 2005.
	6	Piero A. Bonatti , Pierangela Samarati, A uniform framework for regulating service access and information release on the web, Journal of Computer Security, v.10 n.3, p.241-271, 2002
	7	E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. Managing and sharing servents' reputations in p2p systems. IEEE Transactions on Knowledge and Data Engineering, 15(4):840--854, July/August 2003.
	8	D. Faria and D. Cheriton. No long-term secrets: Location-based security in overprovisioned wireless lans. In Proc. of the Third ACM Workshop on Hot Topics in Networks (HotNets-III), San Diego, USA, November 2004.
	9	Sachin Garg , Martin Kappes , Mahalingam Mani, Wireless Access Server for Quality of Service and Location Based Access Control in 802.11 Networks, Proceedings of the Seventh International Symposium on Computers and Communications (ISCC'02), p.819, July 01-04, 2002
	10	I. Getting. The global positioning system. IEEE Spectrum, 30(12):36--47, December 1993.
	11	C. Hauser and M. Kabatnik. Towards Privacy Support in a Global Location Service. In Proc. of the IFIP Workshop on IP and ATM Traffic Management (WATM/EUNICE 2001), Paris, France, 2001.
	12	Urs Hengartner , Peter Steenkiste, Implementing access control to people location information, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA [doi>10.1145/990036.990039]
	13	Seppo Horsmanheimo , Henryka Jormakka , Jaakko Lähteenmäki, Location-Aided Planning in Mobile Network—Trial Results, Wireless Personal Communications: An International Journal, v.30 n.2-4, p.207-216, September 2004 [doi>10.1023/B:WIRE.0000049400.25243.fd]
	14	H. Hu and D.L. Lee. Energy-efficient monitoring of spatial predicates over moving objects. Bulletin of the IEEE Computer Society Technical Committee on Data Engineering, 28(3):19--26, 2005.
	15	Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001 [doi>10.1145/383891.383894]
	16	U. Leonhardt , J. Magee, Towards a General Location Service for Mobile Environments, Proceedings of the 3rd Workshop on Services in Distributed and Networked Environments (SDNE '96), p.43, June 03-04, 1996
	17	N. Marsit , A. Hameurlain , Z. Mammeri , F. Morvan, Query Processing in Mobile Environments: A Survey and Open Problems, Proceedings of the First International Conference on Distributed Frameworks for Multimedia Applications (DFMA'05), p.150-157, February 06-09, 2005 [doi>10.1109/DFMA.2005.44]
	18	Mohamed F. Mokbel , Walid G. Aref, GPAC: generic and progressive processing of mobile queries over mobile data, Proceedings of the 6th international conference on Mobile data management, May 09-13, 2005, Ayia Napa, Cyprus [doi>10.1145/1071246.1071270]
	19	Jussi Myllymaki , Stefan Edlund, Location Aggregation from Multiple Sources, Proceedings of the Third International Conference on Mobile Data Management, p.131-138, January 08-11, 2002
	20	J. Nord , K. Synnes , P. Parnes, An Architecture for Location Aware Applications, Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9, p.293, January 07-10, 2002
	21	OASIS. eXtensible Access Control Markup Language (XACML) Version 1.0, 2003. http://www.oasis-open.org/committees/xacml.
	22	B. Parkinson, J. Spilker, P. Axelrad, and P. Enge, editors. Global Positioning System: Theory and Application, Volume II. American Institute of Astronautics and Aeronautics (AIAA), 1996.
	23	Nancy Samaan , Ahmed Karmouch, A Mobility Prediction Architecture Based on Contextual Knowledge and Spatial Conceptual Maps, IEEE Transactions on Mobile Computing, v.4 n.6, p.537-551, November 2005 [doi>10.1109/TMC.2005.74]
	24	Naveen Sastry , Umesh Shankar , David Wagner, Secure verification of location claims, Proceedings of the 2003 ACM workshop on Wireless security, September 19-19, 2003, San Diego, CA, USA [doi>10.1145/941311.941313]
	25	Einar Snekkenes, Concepts for personal location privacy policies, Proceedings of the 3rd ACM conference on Electronic Commerce, p.48-57, October 14-17, 2001, Tampa, Florida, USA [doi>10.1145/501158.501164]
	26	T.W. van der Horst, T. Sundelin, K.E. Seamons, and C.D. Knutson. Mobile trust negotiation: Authentication and authorization in dynamic mobile networks. In Proc. of the Eighth IFIP Conference on Communications and Multimedia Security, Lake Windermere, England, September 2004.
	27	Upkar Varshney, Location management for mobile commerce applications in wireless Internet environment, ACM Transactions on Internet Technology (TOIT), v.3 n.3, p.236-255, August 2003 [doi>10.1145/857166.857169]
	28	Ting Yu , Marianne Winslett , Kent E. Seamons, Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.1-42, February 2003 [doi>10.1145/605434.605435]
	29	Guangsen Zhang , Manish Parashar, Dynamic Context-aware Access Control for Grid Applications, Proceedings of the Fourth International Workshop on Grid Computing, p.101, November 17-17, 2003

CITED BY 5

	Liang Chen , Jason Crampton, On spatio-temporal constraints and inheritance in role-based access control, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
	Mikhail J. Atallah , Marina Blanton , Keith B. Frikken, Efficient techniques for realizing geo-spatial access control, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	C. A. Ardagna , M. Cremonini , S. De Capitani di Vimercati , P. Samarati, A privacy-aware access control system, Journal of Computer Security, v.16 n.4, p.369-397, September 2008
	Vijayalakshmi Atluri , Heechang Shin , Jaideep Vaidya, Efficient security policy enforcement for the mobile environment, Journal of Computer Security, v.16 n.4, p.439-475, September 2008
	Bechara Al Bouna , Richard Chbeir, MC^SE: a multimedia context-based security engine, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France