A Context-Aware Access Control Framework for Software Services

In the present age, context-awareness is an important aspect of the dynamic environments and the different types of dynamic context information bring new challenges to access control systems. Therefore, the need for the new access control frameworks to link their decision making abilities with the context-awareness capabilities have become increasingly significant. The main goal of this research is to develop a new access control framework that is capable of providing secure access to information resources or software services in a context-aware manner. Towards this goal, we propose a new semantic policy framework that extends the basic role-based access control (RBAC) approach with both dynamic associations of user-role and role-service capabilities. We also introduce a context model in modelling the basic and high-level context information relevant to access control. In addition, a situation can be determined on the fly so as to combine the relevant states of the entities and the purpose or user’s intention in accessing the services. For this purpose, we can propose a situation model in modelling the purpose-oriented situations. Finally we need a policy model that will let the users to access resources or services when certain dynamically changing conditions (using context and situation information) are satisfied.

[1]  Anna Cinzia Squicciarini,et al.  PriMa: an effective privacy protection mechanism for social networks , 2010, ASIACCS '10.

[2]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[3]  Antonio Corradi,et al.  Context-based access control for ubiquitous service provisioning , 2004, Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004..

[4]  Stephen S. Yau,et al.  A Situation-aware Access Control based Privacy-Preserving Service Matchmaking Approach for Service-Oriented Architecture , 2007, IEEE International Conference on Web Services (ICWS 2007).

[5]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[6]  Jongin Lim,et al.  Dynamic Activation of Role on RBAC for Ubiquitous Applications , 2007, 2007 International Conference on Convergence Information Technology (ICCIT 2007).

[7]  Jun Han,et al.  An Ontology-Based Approach to Context-Aware Access Control for Software Services , 2013, WISE.

[8]  Antonio Corradi,et al.  Context-based access control management in ubiquitous environments , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[9]  Ichiro Satoh,et al.  Modeling and Processing Information for Context-Aware Computing: A Survey , 2009, New Generation Computing.

[10]  Philip W. L. Fong,et al.  Relationship-based access control policies and their policy languages , 2011, SACMAT '11.

[11]  Jun Han,et al.  A Semantic Policy Framework for Context-Aware Access Control Applications , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[12]  Mustaque Ahamad,et al.  A context-aware security architecture for emerging applications , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[13]  Anne H. H Ngu,et al.  Web Information Systems Engineering - WISE 2005, 6th International Conference on Web Information Systems Engineering, New York, NY, USA, November 20-22, 2005, Proceedings , 2005, WISE.

[14]  Luca Catarinucci,et al.  A framework for context-aware home-health monitoring , 2008, Int. J. Auton. Adapt. Commun. Syst..

[15]  Klaus Wehrle,et al.  Modular context-aware access control for medical sensor networks , 2010, SACMAT '10.

[16]  Axel Kern,et al.  Rule support for role-based access control , 2005, SACMAT '05.

[17]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[18]  Mieczyslaw M. Kokar,et al.  Situation Awareness and Cognitive Modeling , 2012, IEEE Intelligent Systems.

[19]  Nora Cuppens-Boulahia,et al.  Dynamic deployment of context-aware access control policies for constrained security devices , 2011, J. Syst. Softw..

[20]  Simon A. Dobson,et al.  Ontology-based models in pervasive computing systems , 2007, The Knowledge Engineering Review.

[21]  Sandeep K. S. Gupta,et al.  Reconfigurable Context-Sensitive Middleware for Pervasive Computing , 2002, IEEE Pervasive Comput..

[22]  Jadwiga Indulska,et al.  A survey of context modelling and reasoning techniques , 2010, Pervasive Mob. Comput..

[23]  Jadwiga Indulska,et al.  Modelling and using imperfect context information , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[24]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[25]  Anand R. Tripathi,et al.  Context-aware role-based access control in pervasive computing systems , 2008, SACMAT '08.

[26]  Zhengqiu He,et al.  Semantics-based Access Control Approach for Web Service , 2011, J. Comput..

[27]  Ravi S. Sandhu,et al.  A model for attribute-based user-role assignment , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[28]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[29]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[30]  Matthias Baldauf,et al.  A survey on context-aware systems , 2007, Int. J. Ad Hoc Ubiquitous Comput..

[31]  Claudio Bettini,et al.  OWL 2 modeling and reasoning with complex human activities , 2011, Pervasive Mob. Comput..

[32]  Alfons H. Salden,et al.  Context sensitive access control , 2005, SACMAT '05.

[33]  Iakovos S. Venieris,et al.  Context-aware service engineering: A survey , 2009, J. Syst. Softw..

[34]  Frédérique Laforest,et al.  A comprehensive approach to model and use context for adapting applications in pervasive environments , 2007, J. Syst. Softw..

[35]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[36]  Yeping He,et al.  Spatial Context in Role-Based Access Control , 2006, ICISC.

[37]  Manoj R. Sastry,et al.  A Contextual Attribute-Based Access Control Model , 2006, OTM Workshops.

[38]  Mark Weiser,et al.  Some computer science issues in ubiquitous computing , 1993, CACM.

[39]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[40]  Stavros A. Koubias,et al.  A dynamic context-aware access control architecture for e-services , 2006, Comput. Secur..

[41]  Tao Gu,et al.  Ontology based context modeling and reasoning using OWL , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[42]  Boris Motik,et al.  Structured objects in owl: representation and reasoning , 2008, WWW.

[43]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[44]  Andy Hopper,et al.  The active badge location system , 1992, TOIS.

[45]  Jun Zheng,et al.  Dynamic Role-Based Access Control Model , 2011, J. Softw..

[46]  Bhavani M. Thuraisingham,et al.  A semantic web based framework for social network access control , 2009, SACMAT '09.

[47]  Marianne Winslett,et al.  The Traust Authorization Service , 2008, TSEC.

[48]  Rashaad E. T. Jones,et al.  Using fuzzy cognitive mapping techniques to model situation awareness for army infantry platoon leaders , 2011, Comput. Math. Organ. Theory.

[49]  Jianping Fan,et al.  A Layered Context Reference Model for Context/Situation Middleware , 2008, 2008 Seventh International Conference on Grid and Cooperative Computing.

[50]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[51]  Joonmyun Cho,et al.  Context Modeling and Reasoning Approach in Context-Aware Middleware for URC System , 2007 .

[52]  Mark Strembeck,et al.  Modelling context-aware RBAC models for mobile business processes , 2013, Int. J. Wirel. Mob. Comput..

[53]  Roy H. Campbell,et al.  Cerberus: a context-aware security scheme for smart spaces , 2003, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, 2003. (PerCom 2003)..

[54]  Anind K. Dey,et al.  Understanding and Using Context , 2001, Personal and Ubiquitous Computing.

[55]  Kurt Geihs,et al.  A Comprehensive Context Modeling Framework for Pervasive Computing Systems , 2008, DAIS.

[56]  Linda Dimitropoulos Privacy and security solutions for interoperable health information exchange: Nationwide summary , 2007 .

[57]  Vijay Varadharajan,et al.  Role-based access control and the access control matrix , 2001, OPSR.

[58]  Roshan K. Thomas,et al.  Flexible team-based access control using contexts , 2001, SACMAT '01.

[59]  Tao Gu,et al.  A service-oriented middleware for building context-aware services , 2005, J. Netw. Comput. Appl..

[60]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[61]  Jun Han,et al.  ICAF: A Context-Aware Framework for Access Control , 2012, ACISP.

[62]  Serena Villata,et al.  Context-Aware Access Control for RDF Graph Stores , 2012, ECAI.

[63]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.

[64]  J. Davenport Editor , 1960 .

[65]  Stephen S. Yau,et al.  Development of Situation-Aware Applications in Services and Cloud Computing Environments , 2013, Int. J. Softw. Informatics.

[66]  Harry Chen,et al.  SOUPA: standard ontology for ubiquitous and pervasive applications , 2004, The First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004..

[67]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[68]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[69]  Ting Li,et al.  Context-Aware Environment-Role-Based Access Control Model for Web Services , 2008, 2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008).

[70]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[71]  Lalana Kagal,et al.  A Semantic Context-Aware Access Control Framework for Secure Collaborations in Pervasive Computing Environments , 2006, SEMWEB.

[72]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[73]  Guangyan Huang,et al.  Web Information Systems Engineering – WISE 2013 , 2013, Lecture Notes in Computer Science.

[74]  Pascal Hitzler,et al.  A better uncle for OWL: nominal schemas for integrating rules and ontologies , 2011, WWW.

[75]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[76]  Martin J. O'Connor,et al.  SQWRL: A Query Language for OWL , 2009, OWLED.

[77]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[78]  Tai-Myung Chung,et al.  Context-Role Based Access Control for Context-Aware Application , 2006, HPCC.

[79]  Klara Nahrstedt,et al.  Gaia: A Middleware Infrastructure to Enable Active Spaces1 , 2002 .

[80]  Alan C. O'Connor,et al.  2010 economic analysis of role-based access control. Final report , 2010 .

[81]  Fausto Giunchiglia,et al.  Relation-Based Access Control: An Access Control Model for Context-Aware Computing Environment , 2010, Wirel. Pers. Commun..

[82]  Gregory D. Abowd,et al.  A Conceptual Framework and a Toolkit for Supporting the Rapid Prototyping of Context-Aware Applications , 2001, Hum. Comput. Interact..

[83]  Mica R. Endsley,et al.  Design and Evaluation for Situation Awareness Enhancement , 1988 .

[84]  Jadwiga Indulska,et al.  Modeling Context Information in Pervasive Computing Systems , 2002, Pervasive.

[85]  Jun Han,et al.  PO-SAAC: A Purpose-Oriented Situation-Aware Access Control Framework for Software Services , 2014, CAiSE.

[86]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[87]  David M. Nicol,et al.  A framework integrating attribute-based policies into role-based access control , 2012, SACMAT '12.

[88]  Jerome H. Saltzer,et al.  Protection and the control of information sharing in multics , 1974, CACM.

[89]  Elisa Bertino,et al.  X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control , 2005, TSEC.

[90]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[91]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.