A Semantic Policy Framework for Context-Aware Access Control Applications

Due to the rapid advancement of communication technologies, the ability to support access control to resources in open and dynamic environments is crucial. On the one hand, users demand access to resources and services in an anywhere, anytime fashion. On the other hand, additional challenges arise when ensuring privacy and security requirements of the stakeholders in dynamically changing environments. Conventional Role-based Access Control (RBAC) systems evaluate access permissions depending on the identity/role of the users who are requesting access to resources. However, this approach does not incorporate dynamically changing context information which could have an impact on access decisions in open and dynamic environments. In such environments, an access control model with both dynamic associations of user-role and role-permission capabilities is needed. In order to achieve the above goal, this paper proposes a novel policy framework for context-aware access control (CAAC) applications that extends the RBAC model with dynamic attributes defined in an ontology. We introduce a formal language for specifying our framework including its basic elements, syntax and semantics. Our policy framework uses the relevant context information in order to enable user-role assignment, while using purpose-oriented situation information to enable role-permission assignment. We have developed a prototype to realize the framework and demonstrated the framework through a healthcare case study.

[1]  Alfons H. Salden,et al.  Context sensitive access control , 2005, SACMAT '05.

[2]  David M. Nicol,et al.  A framework integrating attribute-based policies into role-based access control , 2012, SACMAT '12.

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  Linda Dimitropoulos Privacy and security solutions for interoperable health information exchange: Nationwide summary , 2007 .

[5]  Tao Gu,et al.  Ontology based context modeling and reasoning using OWL , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[6]  Serena Villata,et al.  Context-Aware Access Control for RDF Graph Stores , 2012, ECAI.

[7]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[8]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[9]  Antonio Corradi,et al.  Context-based access control management in ubiquitous environments , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[10]  Anind K. Dey,et al.  Understanding and Using Context , 2001, Personal and Ubiquitous Computing.

[11]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[12]  Jun Han,et al.  ICAF: A Context-Aware Framework for Access Control , 2012, ACISP.

[13]  Jadwiga Indulska,et al.  A survey of context modelling and reasoning techniques , 2010, Pervasive Mob. Comput..

[14]  Zhengqiu He,et al.  Semantics-based Access Control Approach for Web Service , 2011, J. Comput..

[15]  Claudio Bettini,et al.  OWL 2 modeling and reasoning with complex human activities , 2011, Pervasive Mob. Comput..

[16]  Martin J. O'Connor,et al.  SQWRL: A Query Language for OWL , 2009, OWLED.

[17]  Anand R. Tripathi,et al.  Context-aware role-based access control in pervasive computing systems , 2008, SACMAT '08.

[18]  Alan C. O'Connor,et al.  2010 economic analysis of role-based access control. Final report , 2010 .

[19]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.