Location-based Access Control (LBAC) techniques allow taking users' physical location into account when determining their access privileges. In this paper, we present an approach to LBAC aimed at integrating location-based conditions along with a generic access control model, so that a requestor can be granted or denied access by checking her location as well as her credentials. Our LBAC model includes a novel way of taking into account the limitations of the technology used to ascertain the location of the requester. Namely, we describe how location verification can be encapsulated as a service, representing location technologies underlying it in terms of two semantically uniform service level agreement (SLA) parameters called confidence and timeout. Based on these parameters, we present the formal definition of a number of location-based predicates, their management, evaluation, and enforcement. The challenges that such an extension to traditional access control policies inevitably carries are discussed also with reference to detailed examples of LBAC policies.

Supporting location-based conditions in access control policies / C.A. Ardagna, M. Cremonini, E. Damiani, S. De Capitani di Vimercati, P. Samarati - In: Proceedings of the 2006 ACM symposium on information, computer and communications security : Taipei, Taiwan, March 21 - 24, 2006 / [a cura di] Ferng-Ching Lin...[et al.]. - New York : ACM press, 2006. - ISBN 1595932720. - pp. 212-222 (( convegno ACM Symposium on information, computer and communications security tenutosi a Taipei nel 2006 [10.1145/1128817.1128850].

Supporting location-based conditions in access control policies

C.A. Ardagna
Primo
;
M. Cremonini
Secondo
;
E. Damiani;S. De Capitani di Vimercati
Penultimo
;
P. Samarati
Ultimo
2006

Abstract

Location-based Access Control (LBAC) techniques allow taking users' physical location into account when determining their access privileges. In this paper, we present an approach to LBAC aimed at integrating location-based conditions along with a generic access control model, so that a requestor can be granted or denied access by checking her location as well as her credentials. Our LBAC model includes a novel way of taking into account the limitations of the technology used to ascertain the location of the requester. Namely, we describe how location verification can be encapsulated as a service, representing location technologies underlying it in terms of two semantically uniform service level agreement (SLA) parameters called confidence and timeout. Based on these parameters, we present the formal definition of a number of location-based predicates, their management, evaluation, and enforcement. The challenges that such an extension to traditional access control policies inevitably carries are discussed also with reference to detailed examples of LBAC policies.
Access control; Location-based services; Mobile system
Settore INF/01 - Informatica
2006
Book Part (author)
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/22941
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 126
  • ???jsp.display-item.citation.isi??? ND
social impact