Efficiently enforcing spatiotemporal access control under uncertain location information

In a mobile environment, user's physical location plays an important role in determining access to resources. However, because current moving object databases do not keep the exact location of the moving objects, but rather maintain their approximate location for reasons of minimizing the updates, the access request evaluation cannot always guarantee the intended access control policy requirements. This may be risky to the system's security, especially for highly sensitive resources. In this paper, we introduce an authorization model that takes the uncertainty of location measures into consideration for specifying and evaluating access control policies. An access request is granted only if the confidence level of the location predicate exceeds the predefined uncertainty threshold level specified in the policy. However, this access request evaluation is computationally expensive as it requires to evaluate a location predicate condition and may also require evaluating the entire moving object database. For reducing the cost of evaluation, in this paper, we compute lower and upper bounds (R min and R max) on the region that minimize the region to be evaluated, thereby allowing unneeded moving objects to be discarded from evaluation. To further minimize the region of evaluation, we propose to compute R′ min and R′ max that have smaller filter size so that filtering more objects out for evaluation. In addition, we extend our approach such that it does not require assumptions on the probability distribution functions. We show how these filters R min, R max, R′ min, and R′ max can be computed and maintained, and provide algorithms to process access requests.

[1]  Vijayalakshmi Atluri,et al.  Efficient security policy enforcement for the mobile environment , 2008, J. Comput. Secur..

[2]  Jeffrey Scott Vitter,et al.  Efficient Indexing Methods for Probabilistic Threshold Queries over Uncertain Data , 2004, VLDB.

[3]  Timothy W. Finin,et al.  Communications - Trust-Based Security in Pervasive Computing Environments , 2001, Computer.

[4]  Peter Steenkiste,et al.  Access control to people location information , 2005, TSEC.

[5]  Vijayalakshmi Atluri,et al.  Efficient Security Policy Enforcement in a Location Based Service Environment , 2007, DBSec.

[6]  Manachai Toahchoodee,et al.  A Spatio-temporal Role-Based Access Control Model , 2007, DBSec.

[7]  Vijayalakshmi Atluri,et al.  Preserving mobile customer privacy: an access control system for moving objects and customer profiles , 2005, MDM '05.

[8]  Vijayalakshmi Atluri,et al.  STAR-Tree: An Index Structure for Efficient Evaluation of Spatiotemporal Authorizations , 2004, DBSec.

[9]  Ouri Wolfson,et al.  Accuracy and Resource Concumption in Tracking and Location Prediction , 2003, SSTD.

[10]  Vijayalakshmi Atluri,et al.  Unified Index for Mobile Object Data and Authorizations , 2005, ESORICS.

[11]  Yufei Tao,et al.  Indexing Multi-Dimensional Uncertain Data with Arbitrary Probability Density Functions , 2005, VLDB.

[12]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[13]  Sunil Prabhakar,et al.  Evaluating probabilistic queries over imprecise data , 2003, SIGMOD '03.

[14]  Vijayalakshmi Atluri,et al.  A geotemporal role-based authorisation system , 2007, Int. J. Inf. Comput. Secur..

[15]  Vijayalakshmi Atluri,et al.  An authorization model for geospatial data , 2004, IEEE Transactions on Dependable and Secure Computing.

[16]  A. Prasad Sistla,et al.  Querying the Uncertain Position of Moving Objects , 1997, Temporal Databases, Dagstuhl.

[17]  Ouri Wolfson,et al.  The Geometry of Uncertainty in Moving Objects Databases , 2002, EDBT.

[18]  Dieter Pfoser,et al.  Capturing the Uncertainty of Moving-Object Representations , 1999, SSD.

[19]  Elisa Bertino,et al.  Towards location-based access control in healthcare emergency response , 2009, SPRINGL '09.

[20]  V. Atluri,et al.  A Uniform Indexing Scheme for Geo-spatial Data and Authorizations , 2002 .