Sentential access control

We propose a novel access control approach for pervasive computing environments. Sentential Access Control uses a constructed language similar to rudimentary English as the basis for intuitive context-aware security policy specification. The elements of sentences in this language map directly to fundamental security abstractions that allow us to apply our approach to many different access control implementations while still being sufficiently expressive and understandable for the user. We describe our model both informally and formally, and show a prototype application for smartphones that uses our approach to implement reactive access control.

[1]  Debora Shaw,et al.  Handbook of usability testing: How to plan, design, and conduct effective tests , 1996 .

[2]  Jonathan Jacky,et al.  The Way of Z: Practical Programming with Formal Methods , 1996 .

[3]  Alessio Malizia,et al.  Interfaces for the ordinary user: can we hide too much? , 2012, CACM.

[4]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[5]  Pietro Iglio,et al.  A formal model for role-based access control with constraints , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[6]  Edward J. Coyne Role engineering , 1996, RBAC '95.

[7]  Etienne J. Khayat,et al.  Formal Z Specifications of Several Flat Role-Based Access Control Models , 2006, 2006 30th Annual IEEE/NASA Software Engineering Workshop.

[8]  Kasper Hornbæk,et al.  Measuring usability: are effectiveness, efficiency, and satisfaction really correlated? , 2000, CHI.

[9]  Jeffrey Rubin,et al.  Handbook of Usability Testing: How to Plan, Design, and Conduct Effective Tests , 1994 .

[10]  Mark Strembeck,et al.  A scenario-driven role engineering process for functional RBAC roles , 2002, SACMAT '02.

[11]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[12]  G. A. Miller THE PSYCHOLOGICAL REVIEW THE MAGICAL NUMBER SEVEN, PLUS OR MINUS TWO: SOME LIMITS ON OUR CAPACITY FOR PROCESSING INFORMATION 1 , 1956 .

[13]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[14]  Lujo Bauer,et al.  Lessons learned from the deployment of a smartphone-based access-control system , 2007, SOUPS '07.

[15]  Lujo Bauer,et al.  Expandable grids for visualizing and authoring computer security policies , 2008, CHI.

[16]  Etienne J. Khayat,et al.  A formal model for flat role-based access control , 2003 .

[17]  Lujo Bauer,et al.  A user study of policy creation in a flexible access-control system , 2008, CHI.

[18]  Lujo Bauer,et al.  Access Control for Home Data Sharing: Attitudes, Needs and Practices , 2010, CHI.

[19]  Xiang Cao,et al.  Intentional access management: making access control usable for end-users , 2006, SOUPS '06.

[20]  Anand R. Tripathi,et al.  Context-aware role-based access control in pervasive computing systems , 2008, SACMAT '08.

[21]  D. Norman The psychology of everyday things", Basic Books Inc , 1988 .

[22]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[23]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[24]  Hassan Takabi,et al.  Exploring reactive access control , 2010, CHI Extended Abstracts.

[25]  Ravi S. Sandhu A Perspective on Graphs and Access Control Models , 2004, ICGT.