Securing access to data in location-based services and mobile applications requires the definition of spatially aware access-control systems. Even if some approaches have already been proposed either in the context of geographic database systems or context-aware applications, a comprehensive framework, general and flexible enough to deal with spatial aspects in real mobile applications, is still missing. In this paper, we make one step toward this direction and present GEO-RBAC, an extension of the RBAC model enhanced with spatial-and location-based information. In GEORBAC, spatial entities are used to model objects, user positions, and geographically bounded roles. Roles are activated based on the position of the user. Besides a physical position, obtained from a given mobile terminal or a cellular phone, users are also assigned a logical and device-independent position, representing the feature (the road, the town, the region) in which they are located. To enhance flexibility and reusability, we also introduce the concept of role schema, specifying the name of the role, as well as the type of the role spatial boundary and the granularity of the logical position. We then extend GEO-RBAC to support hierarchies, modeling permission, user, and activation inheritance, and separation of duty constraints. The proposed classes of constraints extend the conventional ones to deal with different granularities (schema/instance level) and spatial information. We conclude the paper with an analysis of several properties concerning the resulting model.

GEO-RBAC : a spatially aware RBAC / M.L. Damiani, E. Bertino, B. Catania, P. Perlasca. - In: ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY. - ISSN 1094-9224. - 10:1(2007 Feb), pp. 2.1-2.42. ((Intervento presentato al 10. convegno ACM Symposium on Access Control Models and Technologies : June, 01-03 tenutosi a Stockholm (Sweden) nel 2005.

GEO-RBAC : a spatially aware RBAC

M.L. Damiani
Primo
Conceptualization
;
E. Bertino
Secondo
;
P. Perlasca
Ultimo
2007

Abstract

Securing access to data in location-based services and mobile applications requires the definition of spatially aware access-control systems. Even if some approaches have already been proposed either in the context of geographic database systems or context-aware applications, a comprehensive framework, general and flexible enough to deal with spatial aspects in real mobile applications, is still missing. In this paper, we make one step toward this direction and present GEO-RBAC, an extension of the RBAC model enhanced with spatial-and location-based information. In GEORBAC, spatial entities are used to model objects, user positions, and geographically bounded roles. Roles are activated based on the position of the user. Besides a physical position, obtained from a given mobile terminal or a cellular phone, users are also assigned a logical and device-independent position, representing the feature (the road, the town, the region) in which they are located. To enhance flexibility and reusability, we also introduce the concept of role schema, specifying the name of the role, as well as the type of the role spatial boundary and the granularity of the logical position. We then extend GEO-RBAC to support hierarchies, modeling permission, user, and activation inheritance, and separation of duty constraints. The proposed classes of constraints extend the conventional ones to deal with different granularities (schema/instance level) and spatial information. We conclude the paper with an analysis of several properties concerning the resulting model.
access-control model; GIS; location-based services
Settore INF/01 - Informatica
Settore ING-INF/05 - Sistemi di Elaborazione delle Informazioni
feb-2007
Association Computing Machinery (ACM)
Article (author)
File in questo prodotto:
File Dimensione Formato  
p1-damiani- pubblicato.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 762.54 kB
Formato Adobe PDF
762.54 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/30398
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 194
  • ???jsp.display-item.citation.isi??? 117
social impact