A context-sensitive dynamic role-based access control model for pervasive computing environments




Resources and services are accessible in pervasive computing environments from anywhere and at any time. Also, due to ever-changing nature of such environments, the identity of users is unknown. However, users must be able to access the required resources based on their contexts. These and other similar complexities necessitate dynamic and context-aware access control models for such environments. In other words, an efficient access control model for pervasive computing environments should be aware of context information. Changes in context information imply some changes in the users' authorities. Accordingly, an access control model for a pervasive computing environment should control all accesses of unknown users to the resources based upon the participating context information, i.e., contexts of the users, resources and the environment. In this paper, a new context-aware access control model is proposed for pervasive computing environments. Contexts are classified into long-term contexts (which do not change during a session) and short-term contexts (which their steady-state period is less than an average time of a session). The model assigns roles to a user dynamically at the beginning of their sessions considering the long-term contexts. However, during a session the active permission set of the assigned roles are determined based on the short-term context conditions. Formal specification of the proposed model as well as the proposed architecture are presented in this paper. Furthermore, by presenting a real case study, it is shown that the model is applicable, decidable, and dynamic. Expressiveness and complexity of the model is also evaluated.


[1] L. Kagal, T. Finin, and A. Joshi. Trust-based Security in Pervasive Computing Environments. IEEE Computer, 34:154-157, 2001.

[2] D. Saha and A. Mukherjee. Pervasive Computing: A Paradigm for the 21st Century. IEEE Computer, 36(3):25-31, 2003.

[3] J. L. Vivas, C. Fernandez-Gago, J. Lopez, and A. Benjumea. A Security Framework for a Workflow-based Grid Development Platform. Computer Standards and Interfaces (being published by ELSEVIER ), doi:10.1016/j.csi.2009.04.001, 2009.

[4] S. Singh and S. Bawa. A Privacy, Trust and Policy based Authorization Framework for Services in Distributed Environments. The International Journal of Computer Science, 2(2):85-92, 2007.

[5] A. K. Dey. Understanding and Using Context. Personal and Ubiquitous Computing, 5:4-7, 2001.

[6] R. J. Hulsebosch, A. H. Salden, M. S. Bargh, P. W. G. Ebben, and J. Reitsma. Context Sensitive Access Control. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05), pages 111-119, Stockholm, Sweden, 2005.

[7] D. F. Ferraiolo, R. Sandhu, S. Gavrila, and R. Chandramouli. Proposed NIST Standard for Role Based Access Control. ACM Transactions on Information and System Security, 4:224-274, 2001.

[8] A. Kern and C. Walhorn. Rule Support for Role-Based Access Control. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05), pages 130-138, Stockholm, Sweden, 2005.

[9] W. Jih, S. Cheng, J. Y. Hsu, and T. Tsai. Context-aware Access Control on Pervasive Healthcare. In Proceedings of the IEEE Workshop on Mobility, Agents, and Mobile Services (MAM), 2005 IEEE International Conference on e-Technology, e-Commerce, and e-Service, pages 21-28, Hong Kong, 2005.

[10] J. Al-Muhtadi, A. Ranganathan, R. H. Campbell, and M. D. Mickunas. Cerberus: A Context-Aware Security Scheme for Smart Spaces. In Proceedings of the 1st IEEE International Conference on Pervasive Computing and Communications (Per-Com 2003), pages 489-496, Fort Worth, Texas, USA, 2003.

[11] G. Zhang and M. Parashar. Context-Aware Dynamic Access Control for Pervasive Applications. In Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference, pages 219-225, San Diego, USA, 2004.

[12] U. Hengartner and P. Steenkiste. Access Control to Information in Pervasive Computing Environments. In Proceedings of the 9th ACM Workshop on Hot Topics in Operating Systems (HotOSIX), volume 9, pages 157-162, Lihue, Hawaii, 2003. USENIX Association.

[13] F. Pu, D. Sun, Q. Cao, H. Cai, and F. Yang. Pervasive Computing Context Access Control Based on UCONABC Model. In Proceedings of the IEEE International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP'06), pages 689-692, 2006.

[14] M. Roman, C. Hess, R. Cerqueira, A. Ranganathan, R. H. Campbell, and K. Nahrstedt. A Middleware Infrastructure for Active Spaces. IEEE Pervasive Computing, 1(4):74-83, 2002.

[15] H. Shen and F. Hong. A Context-Aware Role- Based Access Control Model for Web Services. In Proceedings of the IEEE International Conference on e-Business Engineering (ICEBE 2005), pages 220-223, 2005.

[16] J. H. Jafarian and M. Amini. CAMAC: A Context- Aware Mandatory Access Control Model. ISeCure: The ISC International Journal of Information Security, 1(1):35-54, 2009.

[17] S. S. Emami, M. Amini, and S. Zokaei. A Context-Aware Access Control Model for Pervasive Computing Environments. In Proceedings of the International Conference on Intelligent Pervasive Computing (IPC 2007), pages 51-56, Jijo Island, Korea, 2007. IEEE Computer Society.

[18] T. Moses. eXtensible Access Control Markup Language (XACML), Version 2.0, 2005. OASIS Standard, Technical Report, Available at http://docs.oasis-open.org Accessed 01, Mar 2009.