Role-Based Access Control Models
Computer
Rationale for the RBAC96 family of access control models
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
A locking protocol for resource coordination in distributed databases
ACM Transactions on Database Systems (TODS)
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Writing Secure Code
Role-Based Authorization Constraints Specification Using Object Constraint Language
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and Iterative Development (3rd Edition)
GEO-RBAC: a spatially aware RBAC
Proceedings of the tenth ACM symposium on Access control models and technologies
Unified Modeling Language User Guide, The (2nd Edition) (Addison-Wesley Object Technology Series)
Unified Modeling Language User Guide, The (2nd Edition) (Addison-Wesley Object Technology Series)
A Role-Based Access Control Policy Verification Framework for Real-Time Systems
WORDS '05 Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
On spatio-temporal constraints and inheritance in role-based access control
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Scenario-Based Static Analysis of UML Class Models
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
Security Analysis of Temporal-RBAC Using Timed Automata
IAS '08 Proceedings of the 2008 The Fourth International Conference on Information Assurance and Security
Role Based Access Control with Spatiotemporal Context for Mobile Applications
Transactions on Computational Science IV
Ensuring spatio-temporal access control for real-world applications
Proceedings of the 14th ACM symposium on Access control models and technologies
Language-based security on Android
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
A role-based XACML administration and delegation profile and its enforcement architecture
Proceedings of the 2009 ACM workshop on Secure web services
A public safety application of GPS-enabled smartphones and the android operating system
SMC'09 Proceedings of the 2009 IEEE international conference on Systems, Man and Cybernetics
DTCOT: distributed timeout based transaction commit protocol for mobile database systems
Proceedings of the International Conference and Workshop on Emerging Trends in Technology
A spatio-temporal role-based access control model
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
STARBAC: spatiotemporal role based access control
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Enforcing spatial constraints for mobile RBAC systems
Proceedings of the 15th ACM symposium on Access control models and technologies
Location-Based Services Handbook: Applications, Technologies, and Security
Location-Based Services Handbook: Applications, Technologies, and Security
Modeling partial attacks with ALLOY
Proceedings of the 15th international conference on Security protocols
On the formalization and analysis of a spatio-temporal role-based access control model
Journal of Computer Security - DBSEC 2008
Rigorous Analysis of UML Access Control Policy Models
POLICY '11 Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks
LRBAC: a location-aware role-based access control model
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Systematic Scenario-Based Analysis of UML Design Class Models
ICECCS '12 Proceedings of the 2012 IEEE 17th International Conference on Engineering of Complex Computer Systems
| Hi-index | 0.00 |
Mobile application technology is quickly evolving and being progressively utilized in the commercial and public sectors. Such applications make use of spatio-temporal information to provide better services and functionalities. Authorization to such services often depends on the credentials of the user and also on the location and time. Although researchers have proposed spatio-temporal access control models for such applications, not much has been done with respect to enforcement of spatio-temporal access control. Towards this end, we provide a practical framework that allows one to enforce spatio-temporal policies in mobile applications. Our policy enforcement mechanism illustrates the practical viability of spatio-temporal authorization models and discusses potential challenges with possible solutions. Specifically, we propose an architecture for enforcing spatio-temporal access control and demonstrate its feasibility by developing a prototype. We also provide a number of protocols for granting and revoking access and formally analyze these protocols using the Alloy constraint solver to provide assurance that our proposed approach is indeed secure.