Role-Based Access Control Models
Computer
Journal of the ACM (JACM)
Replication is not needed: single database, computationally-private information retrieval
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Supporting location-based conditions in access control policies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
GEO-RBAC: A spatially aware RBAC
ACM Transactions on Information and System Security (TISSEC)
Lessons learned from the deployment of a smartphone-based access-control system
Proceedings of the 3rd symposium on Usable privacy and security
NFC Devices: Security and Privacy
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Private queries in location based services: anonymizers are not necessary
Proceedings of the 2008 ACM SIGMOD international conference on Management of data
STARBAC: spatiotemporal role based access control
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Enforcing spatial constraints for mobile RBAC systems
Proceedings of the 15th ACM symposium on Access control models and technologies
Prox-RBAC: a proximity-based spatially aware RBAC
Proceedings of the 19th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems
LoT-RBAC: a location and time-based RBAC model
WISE'05 Proceedings of the 6th international conference on Web Information Systems Engineering
LRBAC: a location-aware role-based access control model
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Privacy-Preserving Enforcement of Spatially Aware RBAC
IEEE Transactions on Dependable and Secure Computing
Hi-index | 0.00 |
Many organizations require that sensitive information only be accessed on the organization premises or in secure locations. Access to certain information is thus allowed to authorized users, provided that these users are in specific locations when accessing the information. The GEO-RBAC model addresses such requirement. It is based on the notion of a spatial role, that is, a geographically bounded organizational function. The boundary of a role is defined as a geographical feature, such as a hospital or a classified facility; it specifies the spatial extent in which the user must be located in order to use the role. Besides a physical position obtained from a mobile terminal, users are assigned a logical and device independent position, representing the feature where the user is located. Logical positions are computed from real positions by specific mapping functions. If the user is present within the spatial boundary of a role, the role is said to be enabled. The user is allowed to select (activate) a role and exercise the associated permissions only once the role is enabled. The deployment of an access control system based on GEO-RBAC entails addressing several challenges: (1) access policies may require that access be conditioned not only by the user location but also on the presence or absence of other users; (2) enforcing location-based access control requires making the access control server aware of user locations, which may lead to privacy breaches; (3) trustworthy information about user locations must be obtained. This paper elaborates on these challenges and outlines related research directions.