Efficient Enforcement of Security Policies Based on Tracking of Mobile Users

Recent advances to mobile communication, Global Positioning System (GPS) and Radio Frequency Identification (RFID) technologies have propelled the growth of a number of mobile services. These require maintaining mobile object's location information and efficiently serving access requests on the past, present and future status of the moving objects. Moreover, these services raise a number of security and privacy challenges. To address this, security policies are specified to ensure controlled access to the mobile user's location and movement trajectories, their profile information, and stationary resources based on the mobile user's spatiotemporal information. Considering the basic authorization specification 〈subject, object, privilege 〉, in a mobile environment, a moving object can be a subject, an object, or both. Serving an access request requires to search for the desired moving objects that satisfy the query, as well as enforce the security policies. Often, enforcing security incurs overhead, and as a result may degrade the performance of a system. To alleviate this problem, recently Atluri and Guo have proposed an unified index structure, STPR-tree, to organize both the moving objects and authorizations specified over them. However, the STPR-tree is not capable supporting security policies based on tracking of mobile users. In this paper, we present an index structure, called SPPF-tree, which maintains past, present and future positions of the moving objects along with authorizations by employing partial persistent storage. We demonstrate how the SPPF-tree can be constructed and maintained, and provide algorithms to process two types of access requests, including moving object requests by stationary subjects such as locate and track, and stationary object requests by moving subjects.

[1]  David J. Scott,et al.  Spatial Security Policies for Mobile Agents in a Sentient Computing Environment , 2003, FASE.

[2]  Vijayalakshmi Atluri,et al.  Unified Index for Mobile Object Data and Authorizations , 2005, ESORICS.

[3]  Cristina Ribeiro,et al.  Query operations for moving objects database systems , 2000, GIS '00.

[4]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[5]  Christian S. Jensen,et al.  Indexing the past, present, and anticipated future positions of moving objects , 2006, TODS.

[6]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[7]  Beng Chin Ooi,et al.  Query and Update Efficient B+-Tree Based Indexing of Moving Objects , 2004, VLDB.

[8]  Bo Xu,et al.  Moving objects databases: issues and solutions , 1998, Proceedings. Tenth International Conference on Scientific and Statistical Database Management (Cat. No.98TB100243).

[9]  Vijayalakshmi Atluri,et al.  An authorization model for geospatial data , 2004, IEEE Transactions on Dependable and Secure Computing.

[10]  Christian S. Jensen,et al.  Indexing the positions of continuously moving objects , 2000, SIGMOD '00.

[11]  Timo Ojala,et al.  Bluetooth and WAP push based location-aware mobile advertising system , 2004, MobiSys '04.

[12]  Vijayalakshmi Atluri,et al.  Preserving mobile customer privacy: an access control system for moving objects and customer profiles , 2005, MDM '05.

[13]  Frank Stajano,et al.  Mix zones: user privacy in location-aware services , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[14]  Vijayalakshmi Atluri,et al.  Towards a Unified Index Scheme for Mobile Data and Customer Profiles in a Location-Based Service Environment , 2003 .

[15]  Beng Chin Ooi,et al.  Efficient indexing of the historical, present, and future positions of moving objects , 2005, MDM '05.

[16]  Jignesh M. Patel,et al.  STRIPES: an efficient index for predicted trajectories , 2004, SIGMOD '04.