As mobile computing devices are becoming increasingly dominant in enterprise and government organizations, the need for fine-grained access control in these environments continues to grow. Specifically, advanced forms of access control can be deployed to ensure authorized users can access sensitive resources only when in trusted locations. One technique that has been proposed is to augment role-based access control (RBAC) with spatial constraints. In such a system, an authorized user must be in a designated location in order to exercise the privileges associated with a role. In this work, we extend spatially aware RBAC systems by defining the notion of proximity-based RBAC. In our approach, access control decisions are not based solely on the requesting user's location. Instead, we also consider the location of other users in the system. For instance, a policy in a government application could prevent access to a sensitive document if any civilians are present. We introduce our spatial model and the notion of proximity constraints. We define the syntax and semantics for the Prox-RBAC language, which can be used to specify these policy constraints. We introduce our enforcement architecture, including the protocols and algorithms for enforcing Prox-RBAC policies, and give a proof of functional correctness. Finally, we describe our work toward a Prox-RBAC prototype and present an informal security analysis.
Prox-RBAC: a proximity-based spatially aware RBAC / M.S. Kirkpatrick, M.L. Damiani, E. Bertino - In: GIS '11 : proceedingsNew York : ACM, 2011. - ISBN 9781450310314. - pp. 339-348 (( Intervento presentato al 19. convegno International Conference on Advances in Geographic Information Systems tenutosi a Chicago nel 2011 [10.1145/2093973.2094018].
Prox-RBAC: a proximity-based spatially aware RBAC
M.L. DamianiSecondo
Conceptualization
;
2011
Abstract
As mobile computing devices are becoming increasingly dominant in enterprise and government organizations, the need for fine-grained access control in these environments continues to grow. Specifically, advanced forms of access control can be deployed to ensure authorized users can access sensitive resources only when in trusted locations. One technique that has been proposed is to augment role-based access control (RBAC) with spatial constraints. In such a system, an authorized user must be in a designated location in order to exercise the privileges associated with a role. In this work, we extend spatially aware RBAC systems by defining the notion of proximity-based RBAC. In our approach, access control decisions are not based solely on the requesting user's location. Instead, we also consider the location of other users in the system. For instance, a policy in a government application could prevent access to a sensitive document if any civilians are present. We introduce our spatial model and the notion of proximity constraints. We define the syntax and semantics for the Prox-RBAC language, which can be used to specify these policy constraints. We introduce our enforcement architecture, including the protocols and algorithms for enforcing Prox-RBAC policies, and give a proof of functional correctness. Finally, we describe our work toward a Prox-RBAC prototype and present an informal security analysis.
| File | Dimensione | Formato | |
|---|---|---|---|
|
p339-kirkpatrick-pubblico.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
446.73 kB
Formato
Adobe PDF
|
446.73 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
