DYNAMIC CONTEXT-AWARE ACCESS CONTROL - Use of Resource Hierarchies to Define Fine-grained, Adaptable Authorization Policies

Annett Laube, Laurent Gomez

Abstract

Complex access control rules often interfere with the business logic within applications. We show a solution based on strict separation of application and security logic that allows dynamic policy enforcement based on context-information as well as the adaptation of granularity outside the applications. The definition of resource hierarchies driven by application needs and related authorization policies make the granularity for the permissions flexible and adaptable without touching the applications themselves. The explicit notation of authorization policies and the enforcement independent from the application offer a new extensibility.

References

  1. Beznosov, K. (2002). Object security attributes: Enabling application-specific access control in middleware. In 4th International Symposium on Distributed Objects and Applications (DOA), pages 693-710.
  2. Chen, G. and Kotz, D. (2000). A Survey of ContextAware Mobile Computing Research. Technical Report TR2000-381, Dartmouth College, Computer Science, Hanover, NH.
  3. den Bergh, J. V. and Coninx, K. (2005). Towards integrated design of context-sensitive interactive systems. In PERCOMW 7805: Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops.
  4. Galiasso, P., Bremer, O., Hale, J., Shenoi, S., and al. (2000). Policy mediation for multi-enterprise environments. In ACSAC 7800: Proceedings of the 16th Annual Computer Security Applications Conference.
  5. Ilechko, P. and Kagan, M. (2006). Authorization concepts and solutions for j2ee applications.
  6. Kalam, A. A. E., Benferhat, S., Mi├Ęge, A., Baida, R. E., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., and Trouessin, G. (2003). Organization based access control. In POLICY 7803: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, page 120, Washington, DC, USA.
  7. Lachmund, S., Walter, T., Bussard, L., Gomez, L., and Olk, E. (2006). Context-aware access control. In IWUAC'06: Proceedings of the third Annual International Conference on Mobile and Ubiquitous Systems.
  8. Mikalsen, M. and Kofod-Petersen, A. (2004). Representing and Reasoning about Context in a Mobile Environment. In Schulz, S. and Roth-Berghofer, T., editors, Modeling and Retrieval of Context 2004 (MRC), volume 114, pages 25-35.
  9. MOSQUITO (2006). IST 004636 MOSQUITO Project.
  10. Moyer, M., Covington, M., and Ahamad, M. (2000). Generalized role-based access control for securing future applications. In 23rd National Infromation Systems Security Conference (NISSC 2000).
  11. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2):38-47.
  12. W3C (1999). W3C XSL transformations (XSLT) 1.0.
  13. Zhang, G. and Parashar, M. (2004). Context-aware dynamic access control for pervasive computing.
Download


Paper Citation


in Harvard Style

Laube A. and Gomez L. (2007). DYNAMIC CONTEXT-AWARE ACCESS CONTROL - Use of Resource Hierarchies to Define Fine-grained, Adaptable Authorization Policies . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 386-393. DOI: 10.5220/0002122903860393


in Bibtex Style

@conference{secrypt07,
author={Annett Laube and Laurent Gomez},
title={DYNAMIC CONTEXT-AWARE ACCESS CONTROL - Use of Resource Hierarchies to Define Fine-grained, Adaptable Authorization Policies},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={386-393},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002122903860393},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - DYNAMIC CONTEXT-AWARE ACCESS CONTROL - Use of Resource Hierarchies to Define Fine-grained, Adaptable Authorization Policies
SN - 978-989-8111-12-8
AU - Laube A.
AU - Gomez L.
PY - 2007
SP - 386
EP - 393
DO - 10.5220/0002122903860393