Data security in location-aware applications: an approach based on RBAC

Data security in a mobile context is a critical issue. Over the last few years a new category of location-based services, the Enterprise LBS (ELBS), has emerged focusing on the demands of mobility in organisations. These applications pose challenging requirements, including the need of selective access to ELBS based on the position of mobile users and spatially bounded organisational roles. To deal with these requirements a novel access control system, named GEO-RBAC, has been developed. GEO-RBAC extends the NIST RBAC (Role-Based Access Control) standard with the notions of spatial role, role-dependent position, role schema and role instance. Further, roles become enabled/disabled based on the position of the user. In the paper we present GEO-RBAC, a full-fledged RBAC-based model, consisting, like RBAC, of three distinct components: the Core GEO-RBAC, the Hierarchical GEO-RBAC and the Constrained GEO-RBAC. The paper focuses on the innovative aspects that have been introduced in the model to account for the spatial dimension. Further, a rigorous specification of the model (reference model) is presented.

[1]  Mustaque Ahamad,et al.  Generalized Role-Based Access Control for Securing Future Applications , 2000 .

[2]  Jochen Schiller,et al.  Location Based Services , 2004 .

[3]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[4]  Emil C. Lupu,et al.  The uses of role hierarchies in access control , 1999, RBAC '99.

[5]  Pierangela Samarati,et al.  Generalizing Data to Provide Anonymity when Disclosing Information , 1998, PODS 1998.

[6]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[7]  Roy H. Campbell,et al.  Access control for Active Spaces , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[8]  Eliseo Clementini,et al.  A Small Set of Formal Topological Relationships Suitable for End-User Interaction , 1993, SSD.

[9]  Toshiyuki Amagasa,et al.  An Access Control Model for Geographic Data in an XML -based Framework , 2004, WOSIS.

[10]  F. Hansen,et al.  Spatial role-based access control model for wireless networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[11]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[12]  Sarah Spiekermann,et al.  General Aspects of Location Based Services , 2004, Location-Based Services.

[13]  V. Atluri,et al.  A Uniform Indexing Scheme for Geo-spatial Data and Authorizations , 2002 .

[14]  Pierangela Samarati,et al.  Location privacy in pervasive computing , 2008 .

[15]  Frédéric Cuppens,et al.  Modelling contexts in the Or-BAC model , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[16]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[17]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[18]  Vijayalakshmi Atluri,et al.  Protecting Privacy from Continuous High-resolution Satellite Surveillance , 2000, DBSec.

[19]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[20]  Vladimir A. Oleshchuk,et al.  Spatial role-based access control model for wireless networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[21]  Elisa Bertino,et al.  An access control system for a Web map management service , 2004, 14th International Workshop Research Issues on Data Engineering: Web Services for e-Commerce and e-Government Applications, 2004. Proceedings..

[22]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[23]  Marco Gruteser,et al.  USENIX Association , 1992 .

[24]  Elisa Bertino,et al.  X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control , 2005, TSEC.

[25]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[26]  Elisa Bertino,et al.  An authorization model for geographical maps , 2004, GIS '04.

[27]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[28]  Shashi Shekhar,et al.  Navigation Systems: A Spatial Database Perspective , 2004, Location-Based Services.

[29]  Ravi S. Sandhu,et al.  Models, protocols, and architectures for secure pervasive computing: challenges and research directions , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.