Location-based Access Control (LBAC) systems are based on applications whose access control policies include location predicates. The enforcement of location predicates is performed by an Access Control Engine (ACE) and requires complex location services integrating sensing technologies able to gather users’ physical location and components that process this information according to LBAC specifications. A specialized Location Middleware (LM) provides such location services. In this paper, we consider that the quality of such particular location services could be adjusted according to different Service Level Agreements (SLAs) expressed through the exchange of specific metadata. To this end, we address the issue of negotiating location service attributes between an ACE and a LM and introduce some protocols to carry out this coordination process. We start from a basic negotiation protocol that shows the core aspects of our proposal, to introduce an enhanced protocol that takes into account a cost/benefit analysis and some service requirements. Finally, we present an extension to the enhanced protocol to consider possible time validity constraints on access control decisions.
Negotiation protocols for LBAC systems / C. Ardagna, M. Cremonini, E. Damiani, S. De Capitani di Vimercati, P. Samarati - In: Proceedings of the International conference on information security and computer forensics : ISCF-2006 : december 6-8, 2006 / [a cura di] [S. Rajendran]. - New Delhi : Allied publishers, 2006. - ISBN 8184241410. - pp. 205-213 (( convegno International Conference on Information Security and Computer Forensics (ISCF) tenutosi a Chennai, India nel 2006.
Negotiation protocols for LBAC systems
C. ArdagnaPrimo
;M. CremoniniSecondo
;E. Damiani;S. De Capitani di VimercatiPenultimo
;P. SamaratiUltimo
2006
Abstract
Location-based Access Control (LBAC) systems are based on applications whose access control policies include location predicates. The enforcement of location predicates is performed by an Access Control Engine (ACE) and requires complex location services integrating sensing technologies able to gather users’ physical location and components that process this information according to LBAC specifications. A specialized Location Middleware (LM) provides such location services. In this paper, we consider that the quality of such particular location services could be adjusted according to different Service Level Agreements (SLAs) expressed through the exchange of specific metadata. To this end, we address the issue of negotiating location service attributes between an ACE and a LM and introduce some protocols to carry out this coordination process. We start from a basic negotiation protocol that shows the core aspects of our proposal, to introduce an enhanced protocol that takes into account a cost/benefit analysis and some service requirements. Finally, we present an extension to the enhanced protocol to consider possible time validity constraints on access control decisions.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
