Context-based access control, Ph.D. Progress Report

advertisement
Contexts and Context-based
Access Control Model
PhD Dissertation Progress Report
Candidate: Alvaro E. Escobar
Advisors:
Dr. Maria Petrie
Dr. Eduardo Fernandez
Department of Computer Science and Engineering
Florida Atlantic University, Boca Raton FL.
12/15/2005
Secure Systems Research Group - FAU
Agenda
•
•
•
•
•
•
•
•
What is Context?
Context Models
What is Profile
Profile Models
Policy and Access Control
Access Control Models
Conclusions
Future Work
Secure Systems Research Group - FAU
What is Context?
• The set of facts and/or circumstances that surround a situation or event. [Google].
• The location and identities of nearby people and objects and changes to those
objects. [Sch95]
• The logical set of resources accessible to a client during a service session
depending on several factors, such as client location, access device capabilities,
management policies of the access locality, subscribed services, user
preferences, and level of trust. [Bel03] [Cor04]
• The composition of context elements which belong to either physical or
organizational contexts. The physical context identifies spaces, locations and
devices. The organizational context includes roles, groups, calendars,
activities, processes and applications. [Kir05]
• Is a process of interacting with an ever-changing environment composed of
reconfigurable, mobile and distributed resources. [Cou05].
• Is a distinction between the notion of an instant snapshot of observable
variables (a situation) and the composition of those observable variables over
time (a context) [Cou02].
Secure Systems Research Group - FAU
Context Models
Corradi’s Context and Access Control Model
Secure Systems Research Group - FAU
Context Models
Kirsch-Pinheiro’s Class model for Context – Part 1 (Taken from [Kir05])
Secure Systems Research Group - FAU
Context Models
Kirsch-Pinheiro’s Class model for Context – Part 2
Secure Systems Research Group - FAU
(Taken from [Kir05])
Context Models
Figure 4 Coutaz’s Class model for Context
Secure Systems Research Group - FAU
What is Context made of?
• Critical sub-processes of a context are:
– Collect the set of locally available resources.
(resources potentially visible in the user’s physical
location)
– Filter the visible resources through access control
policies. (refined potentially visible resources)
– Map them onto the users’ goals, preferences and
activities described by profiles. (refine resources
even more)
– Resources vs Observables. (What about time?)
Secure Systems Research Group - FAU
What is a Profile?
• Profiles represent characteristics, capabilities,
and requirements of users, devices, and
service components. [Bel03].
• User profiles: personal preferences, interests, privacy
requirements, and subscribed services.
• Device profiles: hardware/software characteristics of
devices.
• Service component profiles: service interface,
properties for binding management decisions.
• Site profiles: All resources available at one location.
Secure Systems Research Group - FAU
What is a Profile?
• Descriptions of user’s potential contexts and
filtering rules that describe the user’s
preferences, given a context [Kir05]
• Comprehensive Structured Context Profiles
(CSCP); based on the Resource Description
Framework (RDF) [Buc04],[[Bra01]
Secure Systems Research Group - FAU
Profile Models
Corradi’s Profile Model
Secure Systems Research Group - FAU
Profile Models
Kirsch-Pinheiro Class model for a General Profile [Kir05]
Secure Systems Research Group - FAU
Policy and Access Control
 Policies express the choices of a ruling system
behavior, in terms of the actions subjects can/must
operate upon resources.[Bel03]
• Access control policies specify the actions subjects are allowed
to perform on resources depending on various types of
conditions, e.g., subject identity and resource state;
• Obligation policies define the actions subjects must perform on
resources when specified conditions occur.
 The automatic qualification of accessible resources
depends on the client context, the current enforced
management policies and the user’s personal
preferences (profiles). [Cor04]
Secure Systems Research Group - FAU
Access Control Model
Corradi’s Access Control Model
Secure Systems Research Group - FAU
Context and CBAC Model
Unified Context-based Access Control Model.
Secure Systems Research Group - FAU
Conclusions
• Context is a fundamental concept in mobile systems.
• Different researchers use different variations of
context.
• We have tried here to unify and clarify this concept
from three definitions of context.
• We produced a model that summarizes their most
relevant aspects.
• This unified model can be expressed as a pattern and
can be used as a guideline for the design of mobile
systems.
Secure Systems Research Group - FAU
Future Work
• Work on the pattern model and characteristics.
• Paper submission for International Workshop on
Research Challenges in Security and Privacy for
Mobile and Wireless Networks (WSPWN06) - March
15-16, 2006, Miami FL.
• Context-Aware Web Services Distributed and Parallel
Databases Journal - Submission deadline: March 15,
2006.
• AMCIS Minitrack on Mobile Services - Submission
deadline: March 1, 2006.
• Dissertation document completed by end of Summer
’06.
Secure Systems Research Group - FAU
•
Contexts and Context-based Access
Control Model
References:
–
–
–
–
–
–
–
–
–
–
[Bel03] P. Bellavista, A. Corradi, R. Montanari, C. Stefanelli, “Context-Aware Middleware for
Resource Management in the Wireless Internet”, IEEE Transactions on Software Engineering. Vol. 29,
No. 12, December 2003. Page 1086.
[Cor04] A. Corradi, R. Montanari, D. Tibaldi, “Context-Based Access Control Management in
Ubiquitous Environments”, Network Computing and Applications, Proceeding of the Third IEEE
International Symposium on (NCA'04), August 30 - September 01, 2004, Boston, MA.
[Cou05] J. Coutaz, J. L. Crowley, S. Dobson & D. Garlan. “Context is key”. Communications of the
ACM. March 2005/Vol. 48, No. 3. Page 49.
[Cou02] J. Coutaz and G. Rey. “Foundations for a theory of contextors”. Computer Aided Design of
User Interfaces, Springer Verlag, 2002.
[Cro02] J. Crowley, J. Coutaz, G. Rey, and P. Reignier. “Perceptual components for context-aware
computing”. Proceedings of the Fourth International Conference of Ubiquitous Computing, (Göteburg,
Sweden, Sept./Oct. 2002). Springer, 117–134.
[Fer05] E. B. Fernandez, M. M. Larrondo-Petrie, T. Sorgente, and M. VanHilst, "UML as a generalized
access control model ". Florida Atlantic University.
[Kir05] M. Kirsch-Pinheiro, M. Villanova-Oliver, J. Gensel, H. Martin. “Context-Aware Filtering for
Collaborative Web Systems: Adapting the Awareness Information to the User’s Context” 2005 ACM
Symposium on Applied Computing. SAC’05, March 13-17, 2005, Santa Fe, New Mexico, USA.
[Lem04] T. Lemlouma, N. Layaïda, Context-aware adaptation for mobile devices. Proceedings of the
IEEE International Conference on Mobile Data Management (Berkeley, CA, USA, January 19-22,
2004). IEEE, 106-111.
[Mon03] R. Montanari, P. Bellavista, A. Corradi, C.Stefanelli, “Dynamic Binding in Mobile
Applications: a Middleware Approach”, IEEE Internet Computing, Special Issue on “Mobile
Applications”, Vol. 7, No. 2, March/April 2003.
[Sch95] W. N. Schilit. “A System Architecture for Context-Aware Mobile Computing”. PhD thesis
dissertation. Columbia University, 1995.
Secure Systems Research Group - FAU
Download