Abstract. With the growing advancement of pervasive computing technologies, we are moving towards an era where spatio-temporal information will be necessary for access control. The use of such information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, a formal model for spatio-temporal-based access control is needed that increases the security of the application and ensures that the location information cannot be exploited to cause harm. In this paper, we propose a spatio-temporal access control model, based on the Role-Based Access Control (RBAC) model, that is suitable for pervasive computing applications. We show the association of each component of RBAC with spatio-temporal information. We formalize the model by enumerating the constraints. This model can be used for applications where spatial and temporal information of a subject and an object must be taken into account before granting or denying access.
Traditional access control models, such as Role-Based Access Control (RBAC), do not take into account contextual information, such as location and time, for making access decisions. Consequently, they are inadequate for specifying the access control needs of many complex real-world applications, such as the Dengue Decision Support (DDS) that we discuss in this paper. We need to ensure that such applications are adequately protected using emerging access control models. This requires us to represent the application and its access control requirements in a formal specification language. We choose the Unified Modeling Language (UML) for this purpose, since UML is becoming the defacto specification language in the software industry. We need to analyze this formal specification to get assurance that the application is adequately protected. Manual analysis is error-prone and tedious. Thus, we need automated tools for verification of UML models. Towards this end, we propose that the UML models be converted to Alloy. Alloy is based on first-order logic, has a software infrastructure that supports automated analysis, and has been used for the verification of real-world applications. We show how to convert the UML models to Alloy and verify the resulting model using the Alloy Analyzer which has embedded SAT-solvers. The results from the Alloy Analyzer will help uncover the flaws in the specification and help us refine the application and its access control requirements.
With the growing use of wireless networks and mobile devices, we are moving towards an era of pervasive computing. Such environments will spawn new applications that use contextual information to provide enhanced services. Traditional access control models cannot protect such applications because the access requirements may be contingent upon the location of the user and the time of access. Consequently, we propose a new spatio-temporal role-based access control model that supports delegation for use in such applications. The model can be used by any application where the access is contingent not only on the role of the user, but also on the locations of the user and the object and the time of access. We describe how each entity in the role-based access control model is affected by time and location and propose constraints to express this. We also show how the formal semantics of our model can be expressed using graphtheoretic notation. The various features of our model give rise to numerous constraints that may interact with each other and result in conflicts. Thus, for any given application using our model, it is important to analyze the interaction of constraints to ensure that conflicts or security breaches do not occur. Manual analysis is tedious and error-prone. Towards this end, we show how the analysis can be automated using Coloured Petri Nets. Since automated analysis for large applications is time consuming, we propose an approach that reduces the analysis time. Keywords: Access control model, security, requirements specification, model analysis and verification 0926-227X/11/$27.50 © 2011 -IOS Press and the authors. All rights reserved 402 M. Toahchoodee and I. Ray / Spatio-temporal role-based access control model analysis Other extensions to RBAC include the Temporal Role-Based Access Control Model (TRBAC) proposed by Bertino et al. [9] that adds the time dimension to the RBAC model. The authors in this paper introduce the concept of role enabling and disabling. Temporal constraints determine when the roles can be enabled or disabled. A role can be activated only if it has been enabled. Joshi et al. [24] extend this work by proposing the Generalized Temporal Role-Based Access Control Model (GTR-BAC) that introduces the concept of time-based role hierarchy and time-based separation of duty. In another work, Joshi and Bertino [25] extend the GTRBAC model to support fine-grained delegation.Although the authors support various forms of delegation, they do not discuss the effect of temporal constraints or the delegation chain in this paper. The formal analysis of the different types of time-based hybrid hierarchies, introduced in the earlier works [24,25], is proposed by Joshi et al. in [26]. Here, the authors introduce the notion of uniquely activable set (UAS), which is a set of roles that can be activated by the user assigned to the senior-most role in the hierarchy. This information can be used by the system administrator to determine the access capabilities of a user within a session. The authors also...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.