Access Control in Location-Based Services

Recent enhancements in location technologies reliability and precision are fostering the development of a new wave of applications that make use of the location information of users. Such applications introduces new aspects of access control which should be addressed. On the one side, precise location information may play an important role and can be used to develop Location-based Access Control (LBAC) systems that integrate traditional access control mechanisms with conditions based on the physical position of users. On the other side, location information of users can be considered sensitive and access control solutions should be developed to protect it against unauthorized accesses and disclosures. In this chapter, we address these two aspects related to the use and protection of location information, discussing existing solutions, open issues, and some research directions.

[1]  Ian F. Akyildiz,et al.  Dynamic mobile user location update for wireless PCS networks , 1995, Wirel. Networks.

[2]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[3]  Gregory D. Abowd,et al.  Ubicomp 2001: Ubiquitous Computing , 2001, Lecture Notes in Computer Science.

[4]  Marc Langheinrich,et al.  Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems , 2001, UbiComp.

[5]  Matthias Kabatnik,et al.  Towards Privacy Support in a Global Location Service , 2001 .

[6]  Sachin Garg,et al.  Wireless access server for quality of service and location based access control in 802.11 networks , 2002, Proceedings ISCC 2002 Seventh International Symposium on Computers and Communications.

[7]  Jussi Myllymaki,et al.  Location aggregation from multiple sources , 2002, Proceedings Third International Conference on Mobile Data Management MDM 2002.

[8]  Peter Parnes,et al.  An architecture for location aware applications , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[9]  Lorrie Faith Cranor,et al.  Web Privacy with P3p , 2002 .

[10]  Pierangela Samarati,et al.  A Uniform Framework for Regulating Service Access and Information Release on the Web , 2002, J. Comput. Secur..

[11]  Marco Gruteser,et al.  USENIX Association , 1992 .

[12]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[13]  Uwe Hansmann,et al.  Pervasive Computing , 2003 .

[14]  Nigel Davies,et al.  Preserving Privacy in Environments with Location-Based Applications , 2003, IEEE Pervasive Comput..

[15]  Upkar Varshney,et al.  Location management for mobile commerce applications in wireless Internet environment , 2003, TOIT.

[16]  Peter Steenkiste,et al.  Protecting Access to People Location Information , 2003, SPC.

[17]  Manish Parashar,et al.  Dynamic context-aware access control for grid applications , 2003, Proceedings. First Latin American Web Congress.

[18]  Vijayalakshmi Atluri,et al.  An authorization model for geospatial data , 2004, IEEE Transactions on Dependable and Secure Computing.

[19]  Daniel B. Faria,et al.  No Long-term Secrets : Location-based Security in Overprovisioned Wireless LANs , 2004 .

[20]  Deirdre K. Mulligan,et al.  Geopriv Requirements , 2004, RFC.

[21]  Deirdre K. Mulligan,et al.  Threat Analysis of the Geopriv Protocol , 2004, RFC.

[22]  Peter Steenkiste,et al.  Implementing access control to people location information , 2004, SACMAT '04.

[23]  Andreas Matheus Declaration and enforcement of access restrictions for distributed geospatial information objects , 2005 .

[24]  Jon Peterson,et al.  A Presence-based GEOPRIV Location Object Format , 2005, RFC.

[25]  Lars Kulik,et al.  A Formal Model of Obfuscation and Negotiation for Location Privacy , 2005, Pervasive.

[26]  Zoubir Mammeri,et al.  Query processing in mobile environments: a survey and open problems , 2005, First International Conference on Distributed Frameworks for Multimedia Applications.

[27]  Andreas Matheus,et al.  Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure , 2005, SACMAT '05.

[28]  Mingxuan Yuan,et al.  Dynamic privacy management: a plug-in service for the middleware in pervasive computing , 2005, Mobile HCI.

[29]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[30]  Lichun Bao,et al.  Secure Access Control for Location-Based Applications in WLAN Systems , 2006, 2006 IEEE International Conference on Mobile Ad Hoc and Sensor Systems.

[31]  Lars Kulik,et al.  Location privacy and location-aware computing , 2006 .

[32]  Ernesto Damiani,et al.  Supporting location-based conditions in access control policies , 2006, ASIACCS '06.

[33]  A. Acquisti,et al.  Digital privacy : theory, technologies, and practices , 2007 .

[34]  Mikhail J. Atallah,et al.  Efficient techniques for realizing geo-spatial access control , 2007, ASIACCS '07.

[35]  Panos Kalnis,et al.  PRIVE: anonymous location-based queries in distributed mobile systems , 2007, WWW '07.

[36]  Henning Schulzrinne,et al.  Common Policy: A Document Format for Expressing Privacy Preferences , 2007, RFC.

[37]  Ernesto Damiani,et al.  Location Privacy Protection Through Obfuscation-Based Techniques , 2007, DBSec.

[38]  Pierangela Samarati,et al.  Privacy-Enhanced Location Services Information , 2007 .

[39]  Bryan Hart Handbook of Database Security: Applications and Trends , 2007 .

[40]  Gail-Joon Ahn,et al.  Data and Applications Security XXI , 2007 .

[41]  Sabrina De Capitani di Vimercati,et al.  Privacy-enhanced Location-based Access Control , 2008, Handbook of Database Security.

[42]  Sabrina De Capitani di Vimercati,et al.  Recent Advances in Access Control , 2008, Handbook of Database Security.

[43]  Michael Gertz,et al.  Handbook of Database Security - Applications and Trends , 2007, Handbook of Database Security.

[44]  Vijayalakshmi Atluri,et al.  Efficient security policy enforcement for the mobile environment , 2008, J. Comput. Secur..

[45]  Sabrina De Capitani di Vimercati,et al.  A privacy-aware access control system , 2008, J. Comput. Secur..

[46]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.