Context-based access control model for smart space

The smart space is an aggregation of devices, which can share their resources (information and services) and operate in coalitions. This nature of smart space enables of appearance of cyber conflicts between different smart space devices (or participants) which can have different goals and situation understanding but common information space for trusted cyber relationships. Therefore, one of the main security problems of coalition operations in smart spaces is a support of dynamic access control for decreasing cyber risks. In particular, a new access control model for accessing resources is needed. The model should describe the current situation via a context. Therefore, the research and development of the context-based access control mechanisms for smart space resources is an essential task. The paper proposes a model of the context-based access control for the information shared in a smart space. Micro virtualization mechanisms represented by virtual private micro smart spaces are the basis for the model, which is built on the combination of the role-based and attribute-based access control models. Roles are assigned dynamically based on the smart space participant's trust level. The role separation allows simplifying policies and makes them human-readable and easy to configure. The trust level calculation is based on the participant's context, which includes identification attributes; location; current date; device type, etc. Also, three kinds of access control rules have been proposed. These rules are used to calculate the trust level, to assign roles based on the trust level, and to grant permissions to the smart space resources.

[1]  Zhengqiu He,et al.  Semantics-based Access Control Approach for Web Service , 2011, J. Comput..

[2]  Pekka Nikander,et al.  Host Identity Protocol , 2005 .

[3]  Bhavani M. Thuraisingham,et al.  Semantic web-based social network access control , 2011, Comput. Secur..

[4]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[5]  D. Richard Kuhn,et al.  Adding Attributes to Role-Based Access Control , 2010, Computer.

[6]  Roy H. Campbell,et al.  Cerberus: a context-aware security scheme for smart spaces , 2003, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, 2003. (PerCom 2003)..

[7]  Gregory D. Abowd,et al.  A Conceptual Framework and a Toolkit for Supporting the Rapid Prototyping of Context-Aware Applications , 2001, Hum. Comput. Interact..

[8]  Guangyou Xu,et al.  Smart Platform - a software infrastructure for Smart Space (SISS) , 2002, Proceedings. Fourth IEEE International Conference on Multimodal Interfaces.

[9]  Johan Lilius,et al.  A Framework for Context-Aware Applications for Smart Spaces , 2011, 2011 IEEE/IPSJ International Symposium on Applications and the Internet.

[10]  Roy T. Fielding,et al.  Uniform Resource Identifiers (URI): Generic Syntax , 1998, RFC.

[11]  Alexander V. Smirnov,et al.  AGENT-BASED INTELLIGENT SUPPORT TO COALITION OPERATIONS: A CASE STUDY OF HEALTH SERVICE LOGISTICS SUPPORT , 2005 .

[12]  Sergey Balandin,et al.  Smart Spaces and Next Generation Wired/Wireless Networking , 2009, Lecture Notes in Computer Science.

[13]  Michael H. Coen,et al.  Meeting the Computational Needs of Intelligent Environments: The Metaglue System , 2000 .

[14]  Ronald Brown,et al.  Smart-M3 information sharing platform , 2010, The IEEE symposium on Computers and Communications.

[15]  Alexander V. Smirnov,et al.  Smart Logistic Service for Dynamic Ridesharing , 2012, NEW2AN.

[16]  Roy T. Fielding,et al.  Uniform Resource Identifier (URI): Generic Syntax , 2005, RFC.

[17]  Bhavani M. Thuraisingham,et al.  A semantic web based framework for social network access control , 2009, SACMAT '09.

[18]  P. Hanrahan,et al.  The Event Heap : An Enabling Infrastructure for Interactive Workspaces , 2000 .

[19]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[20]  Suresh Kumar,et al.  Comparative analysis of Role Base and Attribute Base Access Control Model in Semantic Web , 2012 .

[21]  Douglas B. Moran,et al.  The Open Agent Architecture: A Framework for Building Distributed Software Systems , 1999, Appl. Artif. Intell..

[22]  Jesus Fernandez Gomez-Pimpollo,et al.  Smart Objects for Intelligent Applications - ADK , 2010, 2010 IEEE Symposium on Visual Languages and Human-Centric Computing.

[23]  G. Kanaan,et al.  Ontology-Based Access Control Model for Semantic Web Services , 2011 .