Controlling access to pervasive information in the "Solar" system

Pervasive-computing infrastructures necessarily collect a lot of con- text information to disseminate to their context-aware applications. Due to the personal or proprietary nature of much of this context information, however, the infrastructure must limit access to context information to authorized persons. In this paper we propose a new access-control mechanism for event-based context- distribution infrastructures. The core of our approach is based on a conservative information-flow model of access control, but users may express discretionary re- laxation of the resulting access-control list (ACL) by specifying relaxation func- tions. This combination of automatic ACL derivation and user-specified ACL re- laxation allows access control to be determined and enforced in a decentralized, distributed system with no central administrator or central policy maker. It also allows users to express their personal balance between functionality and privacy. Finally, our infrastructure allows access-control policies to depend on context- sensitive roles, allowing great flexibility. We describe our approach in terms of a specific context-dissemination frame- work, the Solar system, although the same principles would apply to systems with similar properties.

[1]  Marc Langheinrich,et al.  Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems , 2001, UbiComp.

[2]  Mahadev Satyanarayanan,et al.  Pervasive computing: vision and challenges , 2001, IEEE Wirel. Commun..

[3]  Guanling Chen,et al.  Supporting Adaptive Ubiquitous Applications with the SOLAR System , 2001 .

[4]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[5]  John Turek,et al.  Challenges in Flexible Aggregation of Pervasive Data , 2001 .

[6]  Mike Spreitzer,et al.  Providing Location Information in a Ubiquitous Computing Environment , 1994, Mobidata.

[7]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[8]  Gaetano Borriello,et al.  Location Systems for Ubiquitous Computing , 2001, Computer.

[9]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[10]  Guerney D. H. Hunt,et al.  Issues for Context Services for Pervasive Computing , 2001 .

[11]  Guanling Chen,et al.  Solar: A pervasive-computing infrastructure for context-aware mobile applications , 2002 .

[12]  Elisa Bertino,et al.  Providing flexibility in information flow control for object oriented systems , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[13]  Guanling Chen,et al.  Context aggregation and dissemination in ubiquitous computing systems , 2002, Proceedings Fourth IEEE Workshop on Mobile Computing Systems and Applications.

[14]  Wei Tao,et al.  Information flow based event distribution middleware , 1999, Proceedings. 19th IEEE International Conference on Distributed Computing Systems. Workshops on Electronic Commerce and Web-based Applications. Middleware.

[15]  LiskovBarbara,et al.  Protecting privacy using the decentralized label model , 2000 .