Location-based Access Control (LBAC) systems are based on applications whose access control policies include location predicates. The enforcement of location predicates is performed by an Access Control Engine (ACE) and requires complex location services integrating sensing technologies able to gather users’ physical location and components that process this information according to LBAC specifications. A specialized Location Middleware (LM) provides such location services. In this paper, we consider that the quality of such particular location services could be adjusted according to different Service Level Agreements (SLAs) expressed through the exchange of specific metadata. To this end, we address the issue of negotiating location service attributes between an ACE and a LM and introduce some protocols to carry out this coordination process. We start from a basic negotiation protocol that shows the core aspects of our proposal, to introduce an enhanced protocol that takes into account a cost/benefit analysis and some service requirements. Finally, we present an extension to the enhanced protocol to consider possible time validity constraints on access control decisions.

Negotiation protocols for LBAC systems / C. Ardagna, M. Cremonini, E. Damiani, S. De Capitani di Vimercati, P. Samarati - In: Proceedings of the International conference on information security and computer forensics : ISCF-2006 : december 6-8, 2006 / [a cura di] [S. Rajendran]. - New Delhi : Allied publishers, 2006. - ISBN 8184241410. - pp. 205-213 (( convegno International Conference on Information Security and Computer Forensics (ISCF) tenutosi a Chennai, India nel 2006.

Negotiation protocols for LBAC systems

C. Ardagna
Primo
;
M. Cremonini
Secondo
;
E. Damiani;S. De Capitani di Vimercati
Penultimo
;
P. Samarati
Ultimo
2006

Abstract

Location-based Access Control (LBAC) systems are based on applications whose access control policies include location predicates. The enforcement of location predicates is performed by an Access Control Engine (ACE) and requires complex location services integrating sensing technologies able to gather users’ physical location and components that process this information according to LBAC specifications. A specialized Location Middleware (LM) provides such location services. In this paper, we consider that the quality of such particular location services could be adjusted according to different Service Level Agreements (SLAs) expressed through the exchange of specific metadata. To this end, we address the issue of negotiating location service attributes between an ACE and a LM and introduce some protocols to carry out this coordination process. We start from a basic negotiation protocol that shows the core aspects of our proposal, to introduce an enhanced protocol that takes into account a cost/benefit analysis and some service requirements. Finally, we present an extension to the enhanced protocol to consider possible time validity constraints on access control decisions.
Location-based access control ; Negotiation.
Settore INF/01 - Informatica
Book Part (author)
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/40330
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact