secure systems research group - fau patterns for location and context-based access control phd...
TRANSCRIPT
Secure Systems Research Group - FAU
Patterns for Location and Context-based access control
PhD Dissertation Progress ReportCandidate: Alvaro E. Escobar
Advisors: Dr. Eduardo Fernandez
Dr. Maria Petrie
Department of Computer Science and Engineering
Florida Atlantic University, Boca Raton FL.
Secure Systems Research Group - FAU
What is not Context?
• Is not simply the state of a predefined environment with a fixed set of interaction resources.
• Is not Attribute/Value pairs that only define or represent or describe user’s state in a static way.
Secure Systems Research Group - FAU
What is Context?• The set of facts and/or circumstances that surround a situation or
event. [Google].
• Context is a process of interacting with an ever-changing environment composed of reconfigurable, migratory, distributed, and multi-scale resources. [Cou05].
• Context is the logical set of resources accessible to a client during a service session depending on several factors, such as client location, access device capabilities, management policies of the access locality, subscribed services, user preferences, and level of trust. [Bel03].
• The view of context-as-process is more flexible than the simpler view of context-as-state.
Secure Systems Research Group - FAU
What is Context made of?
• Two critical sub-processes in context are:[Cou05].
– Recognize users’ goals, preferences and activities (a.k.a.Profiles).
– Map them adaptively onto the population of available services and resources, filtered by access control Policies.
Secure Systems Research Group - FAU
What is Context made of?
• UML Model 1: [Kir05]
Secure Systems Research Group - FAU
What is Context made of?
• UML Model 2: [Kir05]
Secure Systems Research Group - FAU
What is a Profile?
• Profiles represent characteristics, capabilities, and requirements of users, devices, and service components. [Bel03].
• User profiles maintain information about personal preferences, interests, security requirements, and subscribed services.
• Device profiles report the hardware/software characteristics of the supported devices.
• Service component profiles describe the interface of available service components as well as their properties relevant for binding management decisions, e.g., whether a service component can be copied and migrated over the network.
• Site profiles provide a resource group abstraction, by listing all the resources currently available at one location.
Secure Systems Research Group - FAU
What is a Profile?• Profiles are
both: [Kir05]
– Descriptions of user’s potential contexts.
– Filtering rules that reflect user’s preferences, given a context.
Secure Systems Research Group - FAU
What is a Policy?
Policies express the choices of a ruling system behavior, in terms of the actions subjects can/must operate upon resources.[Bel03]
• Access control policies specify the actions subjects are allowed to perform on resources depending on various types of conditions, e.g., subject identity and resource state;
• Obligation policies define the actions subjects must perform on resources when specified conditions occur.
Secure Systems Research Group - FAU
What is a Policy?• Filtering process between profiles and events: [Kir05]
Secure Systems Research Group - FAU
What about Access Control (AC)?
The automatic qualification of accessible resources (AC) depends on the client location, the current enforced management policies in the hosting locality, and the user’s personal preferences (aka profiles). [Bel03]
Secure Systems Research Group - FAU
Patterns for Location and Context-based access control
• References:– [Bel03] P. Bellavista, A. Corradi, R. Montanari, C. Stefanelli,
“Context-Aware Middleware for Resource Management in the Wireless Internet”, IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, Vol. 29, No. 12, December 2003. Page 1086.
– [Cou05] J. Coutaz, J. L. Crowley, S. Dobson & D. Garlan. “Context is key”. COMMUNICATIONS OF THE ACM March 2005/Vol. 48, No. 3. Page 49.
– [Sch95] W. N. Schilit. “A System Architecture for Context-Aware Mobile Computing”. PhD thesis dissertation. COLUMBIA UNIVERSITY 1995.
– [Kir05] M. Kirsch-Pinheiro, M. Villanova-Oliver, J. Gensel, H. Martin. “Context-Aware Filtering for Collaborative Web Systems: Adapting the Awareness Information to the User’s Context” 2005 ACM Symposium on Applied Computing. SAC’05, March 13-17, 2005, Santa Fe, New Mexico, USA.