GEO-RBAC: a spatially aware RBAC

Securing access to data in location-based services and mobile applications requires the definition of spatially aware access control systems. Even if some approaches have already been proposed either in the context of geographic database systems or context-aware applications, a comprehensive framework, general and flexible enough to cope with spatial aspects in real mobile applications, is still missing. In this paper, we make one step towards this direction and we present GEO-RBAC, an extension of the RBAC model to deal with spatial and location-based information. In GEO-RBAC, spatial entities are used to model objects, user positions, and geographically bounded roles. Roles are activated based on the position of the user. Besides a physical position, obtained from a given mobile terminal or a cellular phone, users are also assigned a logical and device independent position, representing the feature (the road, the town, the region) in which they are located. To make the model more flexible and re-usable, we also introduce the concept of role schema, specifying the name of the role as well as the type of the role spatial boundary and the granularity of the logical position. We then extend GEO-RBAC to cope with hierarchies, modeling permission, user, and activation inheritance.

[1]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[2]  Elisa Bertino,et al.  An authorization model for geographical maps , 2004, GIS '04.

[3]  D. Richard Kuhn,et al.  Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems , 1997, RBAC '97.

[4]  Mustaque Ahamad,et al.  Generalized Role-Based Access Control for Securing Future Applications , 2000 .

[5]  Elisa Bertino,et al.  Access Control and Privacy in Location-Aware Services forMobile Organizations , 2006, 7th International Conference on Mobile Data Management (MDM'06).

[6]  Frédéric Cuppens,et al.  Modelling contexts in the Or-BAC model , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[7]  Andreas Matheus,et al.  Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure , 2005, SACMAT '05.

[8]  Ninghui Li,et al.  On mutually-exclusive roles and separation of duty , 2004, CCS '04.

[9]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[10]  Eliseo Clementini,et al.  A Small Set of Formal Topological Relationships Suitable for End-User Interaction , 1993, SSD.

[11]  Elisa Bertino,et al.  An access control system for a Web map management service , 2004, 14th International Workshop Research Issues on Data Engineering: Web Services for e-Commerce and e-Government Applications, 2004. Proceedings..

[12]  Fabien Robineau,et al.  OpenGIS Simple Features Specification For SQL, Revision 0 , 1997 .

[13]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[14]  Mustaque Ahamad,et al.  Generalized role-based access control , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[15]  Enrico Nardelli,et al.  Region-Based Querz Languages for Spatial Databases in the Topological Data Model , 2003, SSTD.

[16]  Toshiyuki Amagasa,et al.  An Access Control Model for Geographic Data in an XML -based Framework , 2004, WOSIS.

[17]  Mark Strembeck Conflict checking of separation of duty constraints in RBAC - implementation experiences , 2004, IASTED Conf. on Software Engineering.

[18]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[19]  Vijayalakshmi Atluri,et al.  Protecting Privacy from Continuous High-resolution Satellite Surveillance , 2000, DBSec.

[20]  F. Hansen,et al.  Spatial role-based access control model for wireless networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[21]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.

[22]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[23]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[24]  Vladimir A. Oleshchuk,et al.  Spatial role-based access control model for wireless networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[25]  V. Atluri,et al.  A Uniform Indexing Scheme for Geo-spatial Data and Authorizations , 2002 .

[26]  Roy H. Campbell,et al.  Access control for Active Spaces , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[27]  Phokion G. Kolaitis,et al.  Conjunctive-query containment and constraint satisfaction , 1998, PODS.

[28]  Elisa Bertino,et al.  X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control , 2005, TSEC.