Enforcing subscription-based authorization policies in cloud scenarios
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Specification and analysis of access control policies for mobile applications
Proceedings of the 18th ACM symposium on Access control models and technologies
Hi-index | 0.00 |
With the growing use of wireless networks and mobile devices, we are moving towards an era of pervasive computing. Such environments will spawn new applications that use contextual information to provide enhanced services. Traditional access control models cannot protect such applications because the access requirements may be contingent upon the location of the user and the time of access. Consequently, we propose a new spatio-temporal role-based access control model that supports delegation for use in such applications. The model can be used by any application where the access is contingent not only on the role of the user, but also on the locations of the user and the object and the time of access. We describe how each entity in the role-based access control model is affected by time and location and propose constraints to express this. We also show how the formal semantics of our model can be expressed using graph-theoretic notation. The various features of our model give rise to numerous constraints that may interact with each other and result in conflicts. Thus, for any given application using our model, it is important to analyze the interaction of constraints to ensure that conflicts or security breaches do not occur. Manual analysis is tedious and error-prone. Towards this end, we show how the analysis can be automated using Coloured Petri Nets. Since automated analysis for large applications is time consuming, we propose an approach that reduces the analysis time.