A location aware role and attribute based access control system

Cruz, Isabel F.; Gjomemo, Rigel; Lin, Benjamin; Orsini, Mirko

doi:10.1145/1463434.1463530

Cited by 18 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Theorem 3: Assuming communication between RM, AS, and FMS is asynchronous, it is impossible for a deployment with feature monitors to guarantee correct evaluation of proximity constraints, even if the monitors have synchronous access to FMS. 7 Proof: Similar to the preceding Lemma, except the consensus protocol is now to be executed between the principals of our architecture. That is, as communication between RM, AS, and FMS is asynchronous, these three principals cannot achieve consensus.…”

Section: Properties Of Protocolsmentioning

confidence: 92%

“…Several extensions to RBAC have been proposed that attempt to incorporate various contextual factors while making access decisions. Previous works have incorporated location [8], [16], [13], [1], [19], [3], [2], [7], [4] and time [1], [3] of the user requesting access as a factor in decision making. Prox-RBAC [17] extended the notion of spatially aware RBAC to consider the relative locations of other users within an indoor space model [15], [14], and is the closest paper to the current work.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Formal Proximity Model for RBAC Systems

Gupta¹,

Kirkpatrick²,

Bertino³

2012

Proceedings of the 8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

View full text Add to dashboard Cite

To combat the threat of information leakage through pervasive access, researchers have proposed several extensions to the popular role-based access control (RBAC) model. Such extensions can incorporate contextual features, such as location, into the policy decision in an attempt to restrict access to trustworthy settings. In many cases, though, such extensions fail to reflect the true threat, which is the presence or absence of other users, rather than absolute locations. For instance, for locationaware separation of duty, it is more important to ensure that two people are in the same room, rather than in a designated, pre-defined location. Prox-RBAC was proposed as an extension to consider the relative proximity of other users with the help of a pervasive monitoring infrastructure. However, that work offered only an informal view of proximity, and unnecessarily restricted the domain to spatial concerns. In this work, we present a more rigorous definition of proximity based on formal topological relations. In addition, we show that this definition can be applied to several additional domains, such as social networks, communication channels, attributes, and time; thus, our policy model and language is more flexible and powerful than the previous work. In addition to proposing the model, we present a number of theoretical results for such systems, including a complexity analysis, templates for cryptographic protocols, and proofs of security features.

show abstract

Section: Properties Of Protocolsmentioning

confidence: 92%

Section: Related Workmentioning

confidence: 99%

A Formal Proximity Model for RBAC Systems

Gupta¹,

Kirkpatrick²,

Bertino³

2012

Proceedings of the 8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

View full text Add to dashboard Cite

show abstract

“…Generic location-based access control models [27,11,34,21,30] have been proposed as extensions to the Role-based Access Control (RBAC) [35]. Bertino et al proposed GEO-RBAC [11] to enable RBAC to incorporate spatial restrictions.…”

Section: Related Workmentioning

confidence: 99%

“…There has been a growing body of literature on spatially aware access control models [19,5,33,42,27,10,11,16,34,2,6,21,1,30]. Building on these insights, this study of GSCSs aspires to further our understanding of spatiallyaware access control in two areas.…”

Section: Introductionmentioning

confidence: 99%

Access control models for geo-social computing systems

Tarameshloo

Fong

2014

Proceedings of the 19th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

A Geo-Social Computing System (GSCS) allows users to declare their current locations, and uses these declared locations to make authorization decisions. Recent years have seen the emergence of a new generation of social computing systems that are GSCSs.This paper proposes a protection model for GSCSs. The protection system tracks the current locations of users and a knowledge base of primitive spatial relations between locations. Access control policies can be formulated by the composition of primitive spatial relations. The model is extended to account for Geo-Social Network Systems (GSNSs), which track both a spatial knowledge base and a social network. A policy language for GSNSs is proposed for specifying policies that combine both social and spatial constraints.

show abstract

“…SRBAC supports spatial constraints on enabling and disabling of roles, and can be used to constrain the set of permissions available to the roles that a user may activate at a given location. The authors in [5] proposed a location mapping function between physical and logical locations allows roles depending on the user's logical location. They based on the Google Maps API to get the location of users.…”

Section: B Role Based Authorizationmentioning

confidence: 99%

A spatial role-based authorization framework for sensor network-assisted indoor WLANs

Ren

Oleshchuk

2009

2009 1st International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace &Amp; Elect

View full text Add to dashboard Cite

Abstract-In this paper, we propose a spatial role-based authorization framework which specifies authorization based on both role and location constrains in a wireless local area network with assistance from a sensor network. The framework performs a location-restricted verification scheme before granting a user with privileges for crucial resources access. Analysis and simulation results show that our framework can provide doublecheck safeguard to confidential information, so that potential attackers cannot access the resource outside the permitted region, even though their role is verified.

show abstract

A location aware role and attribute based access control system

Cited by 18 publications

References 5 publications

A Formal Proximity Model for RBAC Systems

A Formal Proximity Model for RBAC Systems

Access control models for geo-social computing systems

A spatial role-based authorization framework for sensor network-assisted indoor WLANs

Contact Info

Product

Resources

About