CAMAC: a context-aware mandatory access control model

Document Type: ORIGINAL RESEARCH PAPER

Authors

Abstract

Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive computing environments. To this aim, we propose a context-aware mandatory access control model (CAMAC) capable of dynamic adaptation of access control policies to context, and of handling context-sensitive class association, in addition to preservation of confidentiality and integrity as specified in traditional mandatory access control models. In order to prevent any ambiguity, a formal specification of the model and its elements such as context predicates, context types, level update rules, and operations is required. High expressiveness of the model allows specification of the traditional mandatory access control models such as BLP, Biba, Dion, and Chinese Wall. The model can also be considered as an information flow control model with context-sensitive association of security classes.

Keywords


[1] Ravi S. Sandhu and Pierangela Samarati. Access Controls: Principles and Practice. IEEE Communications, 32:40-48, 1994.

[2] D. F. C. Brewer and M. J. Nash. The Chinese Wall Security Policy. In Proceedings of the IEEE Symposium Research in Security and Privacy, pages 215-228, Los Alamitos, CA, 1989. IEEE CS Press.

[3] DoD. US Department of Defense Trusted Computer System Evaluation Criteria (The Orange Book). US Department of Defence, Washington DC, 1987.

[4] Silvana Castano, Maria Grazia Fugini, Giancarlo Martella, and Pierangela Samarati. Database Security. Addison-Wesley and ACM Press, 1995.

[5] David E. Bell and Leonard J. LaPadula. Secure Computer System: Uni_ed Exposition and Multics Interpretation. Technical report, MITRE Corporation, 1976.

[6] David E. Bell and Leonard J. LaPadula. Secure Computer Systems: Mathematical Foundations. Technical report, MITRE Corporation, 1976.

[7] K. Biba. Integrity Considerations for Secure Computer Systems. Technical report, 1977.

[8] L. C. Dion. A Complete Protection Model. In Proceedings of the IEEE Symposium on Security and Privacy, pages 49-55, Oakland, CA, 1981.

[9] Bill N. Schilit, Norman I. Adams, and Roy Want. Context-aware Computing Applications. In Proceedings of the Workshop on Mobile Computing Systems and Applications, pages 85-90, Santa Cruz, CA, USA, 1994. IEEE Computer Society.

[10] Matthias Baldauf and Schahram Dustdar. A Survey on Context-Aware Systems. Technical report, Distributed Systems Group, Technical University of Vienna, 2004.

[11] J. Pascoe. Adding Generic Contextual Capabilities to Wearable Computers. In Proceedings of the Second International Symposium on Wearable Computers, pages 92-99, Pittsburgh, PA, USA, 1998. EEE Computer Society Press.

[12] Anind K. Dey. Context-Aware Computing: The CyberDesk Project. In Proceedings of the AAAI Spring Symposium on Intelligent Environments, pages 51-54, Menlo Park, CA, 1998. Technical Report, SS-98-02.

[13] Anind K. Dey and Gregory D. Abowd. Towards a Better Understanding of Context and Context-Awareness. In Proceedings of the 1st International Symposium on Handheld and Ubiquitous Computing (HUC'99), pages 304-307, London, UK, 2000. Springer-Verlag.

[14] Mari Korkea-Aho. Context-Aware Applications Survey, 2000.

[15] Arun Kumar, Neeran Karnik, and Girish Chae. Context Sensitivity in Role Based Access Control. Proceedings of the ACM SIGOPS Operating Systems Review, pages 53-66, 2002.

[16] Mohammad A. Al-Kahtani and Ravi Sandhu. A Model for Attribute-Based User-Role Assignment. In Proceedings of the 18th Annual Computer Security Applications Conference, pages 353-364, Las Vegas, NV, USA, 2002. IEEE Computer Society Press.

[17] M. Covington, M. Moyer, and M. Ahamad. Generalized Role-Based Access Control for Securing Future Applications. In Proceedings of the 23rd National Information Systems Security Conference, Baltimore, MD, USA, 2000.

[18] G. Zhang and M. Parashar. Context-Aware Dynamic Access Control for Pervasive Applications. In Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference, pages 219-225, San Diego, CA, USA, 2004.

[19] C.K. Georgiadis, I. Mavridis, G. Pangalos, and R.K. Thomas. Flexible Team-based Access Control Using Contexts. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pages 21-27, Chantilly, VA, USA, 2001. ACM Press.

[20] J. Hu and A. C. Weaver. A Dynamic, Context-Aware Security Infrastructure for Distributed Healthcare Applications. In Proceedings of the First Workshop on Pervasive Privacy Security, Privacy, and Trust, Boston, MA, USA, 2004.

[21] Indrakshi Ray and Mahendra Kumar. Towards a Location-Based Mandatory Access Control Model. Computers & Security, 25:36-44, 2006.

[22] Manuel Roma'n, Christopher Hess, Renato Cerqueira, and Anand Ranganathan. A Middleware Infrastructure for Active Spaces. IEEE Pervasive Computing, 1(4):74-83, 2002.

[23] Amir Reza Masoumzadeh, Morteza Amini, and Rasool Jalili. Context-Aware Provisional Access Control. In Proceedings of the Second International Conference On Information Systems Security, volume 4332, pages 132-146, Kolkata, India, 2006. Published in Lecture Notes in Computer Science.

[24] Panu Korpipaa, Jani Mantyjarvi, Juha Kela, Heikki Kernen, and Esko-Juhani Malm. Managing Context Information in Mobile Devices. IEEE Pervasive Computing, 2(3):42-51, 2003.

[25] Tao Gu, Xiao HangWang, Hung Keng Pung, and Da Qing Zhang. A Middleware for Building Context-Aware Mobile Services. In Proceedings of the IEEE Vehicular Technology Conference, volume 5, pages 2656{2660, Milan, Italy, 2004.

[26] Patrick Fahy and Siobhan Clarke. CASS: Middleware for Mobile, Context-Aware Applications. In Proceedings of the Workshop on Context Awareness at MobiSys, pages 304-308, Boston, 2004.

[27] Harry Chen, Tim Finn, and Anupam Joshi. Using OWL in a Pervasive Computing Broker. In Proceedings of the Workshop on Ontologies in Open Agent Systems (AAMAS'03), pages 9-16, Melbourne, Australia, 2003.

[28] Anind K. Dey, Daniel Salber, and Gregory D. Abowd. A Conceptual Framework and a Toolkit for Supporting the Rapid Prototyping of Context-Aware Applications. Human-Computer Interaction (HCI) Journal, 16(2-4):97-166, 2001.

[29] Thomas Hofer, Wieland Schwinger, Mario Pichler, Gerhard Leonhartsberger, Josef Altmann, and Werner Retschitzegger. Context-Awareness on Mobile Devices - the Hydrogen Approach. In Proceedings of the 36th Hawaii International Conference on System Sciences, Hawaii, USA, 2003.

[30] Ravi S. Sandhu. A Lattice Interpretation of the Chinese Wall Policy. In Proceedings of the 15th NIST-NCSC National Computer Security Conference, pages 329-339, Washington, D.C., 1992. US Government Printing Office.

[31] Ravi S. Sandhu. Lattice-Based Access Control Models. IEEE Computer, 26(11):9-19, 1993.

[32] Mat Bishop. Computer Security: Art and Science. Addison-Wesley, 2003.

[33] D. Denning. A Lattice Model of Secure Information Flow. Communications of the ACM, 19(5):236-243, 1976.