Role-Based Access Control Models
Computer
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
TRBAC: a temporal role-based access control model
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Design Methods for Software Systems: YOURDON, Statemate and Uml
Design Methods for Software Systems: YOURDON, Statemate and Uml
Secure verification of location claims
WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Access-Control Language for Multidomain Environments
IEEE Internet Computing
Context sensitive access control
Proceedings of the tenth ACM symposium on Access control models and technologies
A Trust-Based Context-Aware Access Control Model for Web-Services
Distributed and Parallel Databases
Preventing bots from playing online games
Computers in Entertainment (CIE) - Theoretical and Practical Computer Applications in Entertainment
Proximity Based Access Control in Smart-Emergency Departments
PERCOMW '06 Proceedings of the 4th annual IEEE international conference on Pervasive Computing and Communications Workshops
Short Paper: Towards a Location-Aware Role-Based Access Control Model
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Supporting location-based conditions in access control policies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Inverting sensor networks and actuating the environment for spatio-temporal access control
Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks
Audit-based compliance control
International Journal of Information Security
Continuous Verification Using Multimodal Biometrics
IEEE Transactions on Pattern Analysis and Machine Intelligence
Ciphertext-Policy Attribute-Based Encryption
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
A programming environment for ubiquitous computing environment
ACM SIGPLAN Notices
Location constraints in digital rights management
Computer Communications
On the Formal Analysis of a Spatio-temporal Role-Based Access Control Model
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Spatial Domains for the Administration of Location-based Access Control Policies
Journal of Network and Systems Management
Approach to Supporting Continuity of Usage in Location-Based Access Control
FTDCS '08 Proceedings of the 2008 12th IEEE International Workshop on Future Trends of Distributed Computing Systems
Requirements for a location-based access control model
Proceedings of the 6th International Conference on Advances in Mobile Computing and Multimedia
Towards movement-aware access control
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
Spatio-temporal access control: challenges and applications
Proceedings of the 14th ACM symposium on Access control models and technologies
Law-aware access control for international financial environments
Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access
Context-sensitive authorization in interaction patterns
Mobility '09 Proceedings of the 6th International Conference on Mobile Technology, Application & Systems
A spatio-temporal role-based access control model
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Portunes: representing attack scenarios spanning through the physical, digital and social domain
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Countering identity theft through digital uniqueness, location cross-checking, and funneling
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
LoT-RBAC: a location and time-based RBAC model
WISE'05 Proceedings of the 6th international conference on Web Information Systems Engineering
Distributed processing of context-aware authorization in ubiquitous computing environments
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part II
ISWC'06 Proceedings of the 5th international conference on The Semantic Web
Context-Aware access control mechanism for ubiquitous applications
AWIC'05 Proceedings of the Third international conference on Advances in Web Intelligence
LRBAC: a location-aware role-based access control model
ICISS'06 Proceedings of the Second international conference on Information Systems Security
ISPA'07 Proceedings of the 2007 international conference on Frontiers of High Performance Computing and Networking
Information Security Tech. Report
Hi-index | 0.00 |
Location-based access control (LBAC) has been suggested as a means to improve IT security. By `grounding' users and systems to a particular location, attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been investigated thoroughly. To this end, we perform a structured literature review, and examine the goals that LBAC can potentially fulfill, the specific LBAC systems that realize these goals and the context on which LBAC depends. Our paper has four main contributions: first we propose a theoretical framework for LBAC evaluation, based on goals, systems and context. Second, we formulate and apply criteria for evaluating the usefulness of an LBAC system. Third, we identify four usage scenarios for LBAC: open areas and systems, hospitals, enterprises, and finally data centers and military facilities. Fourth, we propose directions for future research: (i) assessing the tradeoffs between location-based, physical and logical access control, (ii) improving the transparency of LBAC decision making, and (iii) formulating design criteria for facilities and working environments for optimal LBAC usage.