Lecture Notes in Computer Science 5185

More documents

Recommendations

Info

56 I. Ray and M. Toahchoodee [R2R Unrestricted Role Delegation]: Here all users assigned to the delegatee role can activate the delegator role at any time and at any place where the user of this delegator role could activate the role. In the case of company reorganization, the manager role can be delegated to the manager successor role in order to train him. Let DelegateR2R Ru(r1,r2) be the predicate that allows role r1 to be delegated to role r2. DelegateR2R Ru(r1,r2) ∧UserRoleActivate(u,r2,d,l) ∧ (d ⊆ RoleEnableDur(r1))∧ (l ⊆ RoleEnableLoc(r1)) ⇒ UserRoleActivate(u,r1,d,l) [R2R Time Restricted Role Delegation]: Here, the delegator places temporal constraints on when the users of the delegatee role can activate the delegator role. No special spatial constraints are placed i.e. the delegatee role’s users can activate the delegator role at any place that the delegator role’s users could do so. The permanent staff role can be delegated to the contract staff role during the contract period. Let DelegateR2R Rt(r1,r2,d ′ ) be the predicate that allows role r1 to be delegated to role r2 for the duration d ′ . DelegateR2R Rt(r1,r2,d ′ )∧UserRoleActivate(u,r2,d ′ ,l)∧(d ⊆ RoleEnableDur(r1))∧ (l ⊆ RoleEnableLoc(r1)) ∧(d ′ ⊆ d) ⇒ UserRoleActivate(u,r1,d ′ ,l) [R2R Location Restricted Role Delegation]: The delegator role can place spatial restrictions on where the users of the delegatee role can activate the delegator role. No special restrictions are placed with respect to time i.e. the delegatee role’s users can activate the delegator role at any time that the delegator role’s users could do so. The researcher role can be delegated to the lab assistant role at the specific area of the lab. Let DelegateR2R Rl(r1,r2,l ′ ) be the predicate that allows role r1 to be delegated to role r2 in the location l ′ . DelegateR2R Rl(r1,r2,l ′ )∧UserRoleActivate(u,r2,d,l ′ )∧(d ⊆RoleEnableDur(r1))∧ (l ⊆ RoleEnableLoc(r1)) ∧(l ′ ⊆ l) ⇒ UserRoleActivate(u,r1,d,l ′ ) [R2R Time Location Restricted Role Delegation]: In this case, the delegator role imposes a limit on the time and the location where the delegatee role’s users could activate the role. The full-time researcher role can be delegated to the part-time researcher role only during the hiring period in the specific lab. Let DelegateR2R Rtl(r1,r2,d ′ ,l ′ ) be the predicate that allows role r1 to be delegated to role r2 in the location l ′ for the duration d ′ . DelegateR2R Rtl(r1,r2,d ′ ,l ′ ) ∧UserRoleActivate(u,r2,d ′ ,l ′ ) ∧(d ′ ⊆ d) ∧ (l ′ ⊆ l)∧ (d ⊆ RoleEnableDur(r1)) ∧(l ⊆ RoleEnableLoc(r1)) ∧ (d ′ ⊆ d) ∧ (l ′ ⊆ l) ⇒ UserRoleActivate(u,r1,d ′ ,l ′ ) 3 Conclusion and Future Work Traditional access control models which do not take into account environmental factors before making access decisions may not be suitable for pervasive computing applications. Towards this end, we proposed a spatio-temporal role based access control model that supports delegation. The behavior of the model is formalized using constraints.
A Spatio-temporal Access Control Model Supporting Delegation 57 An important work that we plan to do is the analysis of the model. We have proposed many different constraints. We are interested in finding conflicts and redundancies among the constraint specification. Such analysis is needed before our model can be used for real world applications. We plan to investigate how to automate this analysis. We also plan to implement our model. We need to investigate how to store location and temporal information and how to automatically detect role allocation and enabling using triggers. References 1. Atluri, V., Chun, S.A.: A geotemporal role-based authorisation system. International Journal of Information and Computer Security 1(1/2), 143–168 (2007) 2. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A Temporal Role-Based Access Control Model. In: Proceedings of the 5th ACM workshop on Role-Based Access Control, Berlin, Germany, July 2000, pp. 21–30. ACM Press, New York (2000) 3. Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, June 2005, pp. 29–37. ACM Press, New York (2005) 4. Chandran, S.M., Joshi, J.B.D.: LoT-RBAC: A Location and Time-Based RBAC Model. In: WISE, pp. 361–375 (2005) 5. Covington, M.J., Fogla, P., Zhan, Z., Ahamad, M.: A Context-Aware Security Architecture for Emerging Applications. In: Proceedings of the Annual Computer Security Applications Conference, Las Vegas, NV, USA, December 2002, pp. 249–260 (2002) 6. Covington, M.J., Long, W., Srinivasan, S., Dey, A., Ahamad, M., Abowd, G.: Securing Context-Aware Applications Using Environment Roles. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, Chantilly, VA, USA, May 2001, pp. 10–20 (2001) 7. Hengartner, U., Steenkiste, P.: Implementing Access Control to People Location Information. In: Proceeding of the 9th Symposium on Access Control Models and Technologies, Yorktown Heights, New York (June 2004) 8. Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J.: Context sensitive access control. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, pp. 111–119. ACM Press, New York (2005) 9. Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005) 10. Leonhardt, U., Magee, J.: Security Consideration for a Distributed Location Service. Imperial College of Science, Technology and Medicine, London, UK (1997) 11. Pu, F., Sun, D., Cao, Q., Cai, H., Yang, F.: Pervasive Computing Context Access Control Based on UCONABC Model. In: International Conference on Intelligent Information Hiding and Multimedia Signal Processing, 2006. IIH-MSP 2006, December 2006, pp. 689–692 (2006) 12. Ray, I., Toahchoodee, M.: A Spatio-Temporal Role-Based Access Control Model. In: Proceedings of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Redondo Beach, CA, July 2007, pp. 211–226 (2007) 13. Ray, I., Kumar, M.: Towards a Location-Based Mandatory Access Control Model. Computers & Security 25(1) (February 2006) 14. Ray, I., Kumar, M., Yu, L.: LRBAC: A Location-Aware Role-Based Access Control Model. In: Proceedings of the 2nd International Conference on Information Systems Security, Kolkata, India, December 2006, pp. 147–161 (2006)
Page 1 and 2:
Lecture Notes in Computer Science 5
Page 3 and 4:
Volume Editors Steven Furnell Unive
Page 5 and 6:
Program Committee General Chairpers
Page 7 and 8:
Invited Lecture Table of Contents B
Page 9 and 10:
Biometrics - How to Put to Use and
Page 11 and 12:
Biometrics-HowtoPuttoUseandHowNotat
Page 13 and 14: Biometrics-HowtoPuttoUseandHowNotat
Page 15 and 16: 7 Outlook Biometrics-HowtoPuttoUsea
Page 17 and 18: A Map of Trust between Trading Part
Page 27 and 28: Implementation of a TCG-Based Trust
Page 37 and 38: A Model for Trust Metrics Analysis
Page 47 and 48: Patterns and Pattern Diagrams for A
Page 51 and 52: Policy Model AC model Patterns and
Page 53 and 54: Broker Investor Doctor Patient 1
Page 57 and 58: A Spatio-temporal Access Control Mo
Page 63: A Spatio-temporal Access Control Mo
Page 67 and 68: A Mechanism for Ensuring the Validi
Page 77 and 78: Multilateral Secure Cross-Community
Page 87 and 88: Fairness Emergence through Simple R
Page 99 and 100: Combining Trust and Reputation Mana
Page 109 and 110: Controlling Usage in Business Proce
Page 115 and 116:
Controlling Usage in Business Proce
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
A Semantics Rules for POLPA-Control
Page 125 and 126:
Page 127 and 128:
Spatiotemporal Connectives for Secu
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
5.2 Expressiveness Spatiotemporal C
Page 135 and 136:
Acknowledgement Spatiotemporal Conn
Page 137 and 138:
BusiROLE: A Model for Integrating B
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
The Problem of False Alarms: Evalua
Page 149 and 150:
The Problem of False Alarms 141 pro
Page 151 and 152:
The Problem of False Alarms 143 To
Page 153 and 154:
The Problem of False Alarms 145 mad
Page 155 and 156:
The Problem of False Alarms 147 Des
Page 157 and 158:
The Problem of False Alarms 149 3.
Page 159 and 160:
A Generic Intrusion Detection Game
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
On the Design Dilemma in Dining Cry
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Obligations: Building a Bridge betw
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
A User-Centric Protocol for Conditi
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Identity Escrow: A User-Centric Pro
Page 201 and 202:
Page 203 and 204:
Preservation of Privacy in Thwartin
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213:
Agudo, Isaac 28 Aich, Subhendu 118
show all

Lecture Notes in Computer Science 5185

Create successful ePaper yourself

Delete template?

Save as template?