Towards a location-based mandatory access control model

With the growing use of wireless networks and mobile devices, we are moving towards an era where location information will be necessary for access control. The use of location information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, such as the military, a formal model for location-based access control is needed that increases the security of the application and ensures that the location information cannot be exploited to cause harm. In this paper, we show how the mandatory access control (MAC) model can be extended to incorporate the notion of location. We also show how the different components in the MAC model are related with location and how this location information can be used to determine whether a subject has access to a given object. This model is suitable for military applications consisting of static and dynamic objects, where location of a subject and object must be considered before granting access.

[1]  Roy H. Campbell,et al.  Access control for Active Spaces , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[2]  Peter Steenkiste,et al.  Implementing access control to people location information , 2004, SACMAT '04.

[3]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[4]  Einar Snekkenes,et al.  Concepts for personal location privacy policies , 2001, EC '01.

[5]  Carl A. Gunter,et al.  A Formal Privacy System and Its Application to Location Based Services , 2004, Privacy Enhancing Technologies.

[6]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[7]  Dorothy E. Denning,et al.  Location-based authentication: Grounding cyberspace for better security , 1996 .

[8]  Jianliang Xu,et al.  Data Management in Location-Dependent Information Services , 2002, IEEE Pervasive Comput..

[9]  A. Harter,et al.  A distributed location system for the active office , 1994, IEEE Network.

[10]  Richard Glassey,et al.  SpaceSemantics: an architecture for modeling environments , 2003 .

[11]  Ravi S. Sandhu Lattice-based enforcement of Chinese Walls , 1992, Comput. Secur..

[12]  Roy H. Campbell,et al.  Towards Security and Privacy for Pervasive Computing , 2002, ISSS.

[13]  John A. Stankovic,et al.  Security in wireless sensor networks , 2004, SASN '04.

[14]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[15]  Jeff Magee,et al.  Security Considerations for a Distributed Location Service , 1998, Journal of Network and Systems Management.

[16]  D. Fox,et al.  Bayesian Techniques for Location Estimation , 2003 .

[17]  Mustaque Ahamad,et al.  A context-aware security architecture for emerging applications , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[18]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[19]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[20]  Jeffrey Hightower,et al.  From Position to Place , 2003 .