Lecture Notes in Computer Science 5185

More documents

Recommendations

Info

Spatiotemporal Connectives for Security Policy in the Presence of Location Hierarchy Subhendu Aich 1 , Shamik Sural 1 ,andA.K.Majumdar 2 1 School of Information Technology 2 Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur, India {subhendu@sit,shamik@sit,akmj@cse}.iitkgp.ernet.in Abstract. Security of a computer system frequently considers location and time of requesting an access as important factors for granting or denying the request. The security policy specified for such systems should include formalism for representing spatial and temporal facts. Existing security policy specifications already consider useful temporal facts like Monday, Weekends, College hours, etc. We have taken a new approach for representing real world spatial objects in security policy. The proposed representation uses six policy connectives at, inside, neighbor, is, crosses, overlapping for expressing useful relations existing between practical spatial entities like office, department, roads, etc. The expressiveness of the connectives has been discussed and a formalism for combined spatiotemporal interaction has also been proposed in this paper. Keywords: Spatiotemporal event, Policy connectives, Location hierarchy, RBAC. 1 Introduction Access control decision of the currently available security systems depends on context factors of both subject and object involved in a particular access request. The context information includes user location, object location, access time, etc. Some examples of security requirements that the current security systems are supposed to handle are as follows: – Students are allowed to download bulk data from the Internet only at night. – Students can access resources only from laboratory computers. – During weekends, any professor can access resources from his home. For the above security requirements, we need a security policy which conveniently represents both real world locations and time. Capturing occurrence of event in a particular place and at a particular time, has recently drawn interest of information security researchers. A formalism for combined space and time representation is thus considered to be important and useful. Spatiotemporal interaction has also been found relevant in various disciplines including spatial and temporal databases as well as different GIS services. S.M. Furnell, S.K. Katsikas, and A. Lioy (Eds.): TrustBus 2008, LNCS 5185, pp. 118–127, 2008. c○ Springer-Verlag Berlin Heidelberg 2008
Spatiotemporal Connectives for Security Policy 119 Several attempts have been made to formally specify time and space [1]. The different approaches by different parties have already raised the inter operability issue. Standard bodies have been formed so that all can work together for a common format [2]. Nonetheless, till now the aspect of representation of space and time interacting with each other has got less attention in existing security policy literature. On the other hand, we believe that occurrence of an event is what is fundamentally relevant to any access control system. Any event normally takes place at precise time and space points. So a formalism for space and time is necessary. Abstract representation of space and time in mathematics (especially in Geometry) is well known. However, a similar abstract representation makes the job of writing spatiotemporal events quite difficult. So what we need is a representation which uses natural language keywords for representing these two interrelated dimensions. At the same time, we should be careful that such a representation does not leave any ambiguity that occurs frequently in the use of natural language. In this paper we present an approach for formalizing space time interaction using spatiotemporal connectives evolved from natural phenomena. In doing so we have modeled spatial objects hierarchically related to each other. We discuss related work done in this area in the next section. Then we explain the notion of space time interaction in Section3.InSection4,weputourspace time formalism in place. Section 5 presents the proposed policy connectives in detail. Some examples of requirements in access control have been expressed using our specification in Section 6 and we conclude in Section 7. 2 Related Work Niezette and Stevenne [1] pointed out that storing and handling of temporal information has been a topic of interest in database technology for many years. The earlier models could not handle the infinite nature of time properly. Without prior knowledge of upper and lower bounds, storing information in a database which repeats, say every month, was difficult or it used to consume a large amount of space. The concept of generalized database by Kabanza et al. [3] first proposed linear repeating point for finite representation of infinite temporal data. A generalized tuple represents a possibly infinite set of classical tuples. The symbolic representation of periodic time was proposed by Niezette and Stevenne [1]. This representation uses a natural calender for expressing periodic time and was found to be very useful in the context of expressing access requirements. Based on this symbolism, Bertino et al. [4] proposed a temporal authorization system for databases. The same symbolism was subsequently found suitable for expressing temporal constraints for Role Based Access Control model [5]. For formalizing spatial entities, there is an open standard group of body called Open Geospatial Consortium (OGC) [2]. OGC recognizes features as the core component for capturing geographic objects of interest [6]. There is another set of documents related to implementation of OGC features which is based on the abstract specification. Such a standard body formalizes the representation of spatial objects. On the other hand, the recent access control models already
Page 1 and 2:
Lecture Notes in Computer Science 5
Page 3 and 4:
Volume Editors Steven Furnell Unive
Page 5 and 6:
Program Committee General Chairpers
Page 7 and 8:
Invited Lecture Table of Contents B
Page 9 and 10:
Biometrics - How to Put to Use and
Page 11 and 12:
Biometrics-HowtoPuttoUseandHowNotat
Page 13 and 14:
Biometrics-HowtoPuttoUseandHowNotat
Page 15 and 16:
7 Outlook Biometrics-HowtoPuttoUsea
Page 17 and 18:
A Map of Trust between Trading Part
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Implementation of a TCG-Based Trust
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
A Model for Trust Metrics Analysis
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Patterns and Pattern Diagrams for A
Page 49 and 50:
Page 51 and 52:
Policy Model AC model Patterns and
Page 53 and 54:
Broker Investor Doctor Patient 1
Page 55 and 56:
Page 57 and 58:
A Spatio-temporal Access Control Mo
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
A Mechanism for Ensuring the Validi
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76: A Mechanism for Ensuring the Validi
Page 77 and 78: Multilateral Secure Cross-Community
Page 87 and 88: Fairness Emergence through Simple R
Page 99 and 100: Combining Trust and Reputation Mana
Page 109 and 110: Controlling Usage in Business Proce
Page 123 and 124: A Semantics Rules for POLPA-Control
Page 125: Controlling Usage in Business Proce
Page 129 and 130: Spatiotemporal Connectives for Secu
Page 131 and 132: Spatiotemporal Connectives for Secu
Page 133 and 134: 5.2 Expressiveness Spatiotemporal C
Page 135 and 136: Acknowledgement Spatiotemporal Conn
Page 137 and 138: BusiROLE: A Model for Integrating B
Page 147 and 148: The Problem of False Alarms: Evalua
Page 149 and 150: The Problem of False Alarms 141 pro
Page 151 and 152: The Problem of False Alarms 143 To
Page 153 and 154: The Problem of False Alarms 145 mad
Page 155 and 156: The Problem of False Alarms 147 Des
Page 157 and 158: The Problem of False Alarms 149 3.
Page 159 and 160: A Generic Intrusion Detection Game
Page 171 and 172: On the Design Dilemma in Dining Cry
Page 177 and 178:
On the Design Dilemma in Dining Cry
Page 179 and 180:
On the Design Dilemma in Dining Cry
Page 181 and 182:
Obligations: Building a Bridge betw
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
A User-Centric Protocol for Conditi
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Identity Escrow: A User-Centric Pro
Page 201 and 202:
Page 203 and 204:
Preservation of Privacy in Thwartin
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213:
Agudo, Isaac 28 Aich, Subhendu 118
show all

Lecture Notes in Computer Science 5185

Create successful ePaper yourself

Delete template?

Save as template?