Access Control In Ubiquitous Environments-a Literature Search
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Access Control In Ubiquitous Environments-a Literature Search as PDF for free.
More details
- Words: 1,654
- Pages: 4
Access Control in Ubiquitous Environments:A Literature Search Roushdat Elaheebocus School of Electronics and Computer Science University of Southampton [email protected]
Abstract
2.1. Usability
Significant research work is being carried out in the area of access control in ubiquitous computing. In this literature search we provide an overview and reading materials in 1. Ubiquitous computing and access control, 2. challenges involved, 3. main approaches proposed by researchers and finally a list of references and bibliographies on the subject has been included at the end.
1. Introduction The terms Ubiquitous Computing, commonly referred to as Pervasive Computing [1] are used to describe the practice of incorporating computing capabilities into our everyday life's environment to such an extent that users interact with these 'intelligent' entities without consciously being aware of the computing powers behind and therefore focus on the 'what' rather than the 'how' when carrying out a task [2]. The services that these ubiquitous environments provide are subject to security and privacy constraints. "Access control policies and mechanisms are necessary to ensure that users only use the resources (both hardware and software) in an Active Space in authorised ways, and to allow shared use of the space" (pervasive computing environment) [3].
2.
Challenges of Access Control Ubiquitous Environments
in
Due to the pervasive nature of such environments, additional challenges present themselves to researchers when working on access control schemes. We have listed four major issues that should be taken into consideration.
In contrary to conventional computer systems, in pervasive environment, users will be accessing a wide range of services using a multitude variety of devices. Requiring users to authenticate with ubiquitous services one at a time is unacceptable and will make the life of users more complicated than before. Therefore to make sure that accessing these systems are user-friendly, appropriate mechanisms for access control have to be developed[4].
2.2. Privacy According to M. Satyanarayanan [1] , when people start to rely more on these pervasive computing systems, the latter will have access to private data on users. To what extent are we prepared to give away our privacy is a sensitive issue [5]. Preserving privacy was an important aspect in K.Jangseong et al's [6] access control scheme.
2.3. Mobility An inherent characteristic of ubiquitous computer environment is the expectation that users' physical locations will change as well as the devices being used to access pervasive services which may have varying capabilities such as screen resolution and bandwidth [5,7].
2.4. Scalability A major challenge in ubiquitous computing is for protocols to be able to scale appropriately with a large number of devices and physical size of such networks [5]. Users are expected to be accessing many services simultaneously.
3. Approaches adopted by researchers Most approaches for tackling access control in this area can be classified into four main groups that we have listed below although in several cases, researchers have come up with hybrids by combining two or more strategies from the main categories. One example would be the Hybrid Access Control model (HAC) which combines all four categories [8].
3.1. Trust-Based Access Control (TBAC) Trust establishment is a critical phase in TBAC which according to Daoxi Xiu and Zhaoyu Liu [9] presents limitations in existing Trust-Based Systems. Therefore they have come up with a hybrid by using several existing trust-establishment models. Other works include the use of collaborative and reliance on previous interactions for trust evaluation taking privacy requirements into account [10] and also automated resource-constrained trust negotiation [11]. A rewardpunishment strategy has been used to develop a reputation-based trust model to identify 'rogue' nodes in a ubiquitous network [12, 13]. Digital certificates,signatures and proxy signatures have also been used to perform trust checks [14, 15].
used [21]. There has been an attempt to address the issue of privacy in RBAC through the use of privacy policies [22].
3.4. Policy-Based Access Control (PBAC) The dynamic generation and enforcement of policies allows a pervasive environment to interact with users in "different modes" [3]. Polices can also be defined by administrators at the middleware level through a security specification policy language [23] or using Rei policy specification language for flexible access control [24].
4. References [1]
[2] M. Weiser, “The Computer for the 21st Century,” Sci. Amer., Sept., 1991. [3]
Geetanjali Sampemane, Prasad Naldurg, and Roy Campbell, “Access control for active spaces,” http://gaia.cs.uiuc.edu/papers/acsac02-spacesec.pdf.
[4]
Jakob Bardram, “The trouble with login: on usability and computer security in ubiquitous computing,” Personal and Ubiquitous Computing 9, no. 6 (November 6, 2005): 357-367, doi:10.1007/s00779-005-0347-6.
[5]
R.K. Thomas and R. Sandhu, “Models, protocols, and architectures for secure pervasive computing: challenges and research directions,” in Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second IEEE Annual Conference on, 2004, 164-168, doi:10.1109/PERCOMW.2004.1276925.
[6]
Jangseong Kim, Zeen Kim, and Kwangjo Kim, “A Lightweight Privacy Preserving Authentication and Access Control Scheme for Ubiquitous Computing Environment,” in Information Security and Cryptology - ICISC 2007, 2007, 37-48, http://dx.doi.org/10.1007/978-3-540-76788-6_4.
[7]
A. Corradi, R. Montanari, and D. Tibaldi, “Context-based access control for ubiquitous service provisioning,” in Computer Software and Applications Conference, 2004. COMPSAC 2004. Proceedings of the 28th Annual International, 2004, 444-451 vol.1,
3.2. Context-Based Access Control (CBAC) In CBAC, the context of entities consisting mainly of characteristics such as location, posture and expression are taken into account [16]. The properties of a physical channel can be used to validate user location [17]. A. Corradi et al [7] proposed a model in which a user's permissions are obtained by fulling exploiting the context data. Context-
awareness has also been merged with role-based (RBAC) whereby context information is used to determine policies assigned to different membership roles [18]. An specialisation of CBAC has been described as EvidenceBased, controlling access by filtering messages and gathering evidence [19]. Other derivatives include silent login and proximity-based user authentication [4].
3.3. Role-Based Access Control (RBAC) RBAC has been a quite popular access control mechanism in the industry as well as governmental bodies and a number of case studies and experience reports are available online [30]. Unlike traditional access control mechanisms, in RBAC, permissions are not in direct relationship to users, instead roles are used as intermediaries [20]. To adapt RBAC for use in a ubiquitous context, additional parameters such as time and location have been
M. Satyanarayanan, “Pervasive computing: vision and challenges,” Personal Communications, IEEE [see also IEEE Wireless Communications] 8, no. 4 (2001): 10-17, doi:10.1109/98.943998.
doi:10.1109/CMPSAC.2004.1342877. [8]
[9]
Le Hung et al., “A Flexible and Scalable Access Control for Ubiquitous Computing Environments,” in Intelligence and Security Informatics, 2006, 688-689, http://dx.doi.org/10.1007/11760146_91. Daoxi Xiu and Zhaoyu Liu, “A Dynamic Trust Model for Pervasive Computing Environments,” in (presented at the Fourth annual security conference, Las Vegas , NV, 2005), http://coitweb.uncc.edu/~zhliu/Research/Papers/asc .pdf.
[10] Pho Duc Giang et al., “A Trust-Based Approach to Control Privacy Exposure in Ubiquitous Computing Environment,” in (presented at the IEEE International Conference on Pervasive Services, Istanbul, Turkey, 2007), http://icpsconference.org/2007/. [11] Guo Ya-Jun et al., “An Access Control Model for Ubiquitous Computing Application,” in Mobile Technology, Applications and Systems,2nd International Conference on Mobile Technology, Applications and Systems, 2005, Pages 1-6. [12] Azzedine Boukerche and Yonglin Ren, “A trustbased security system for ubiquitous and pervasive computing environments,” Computer Communications In Press, Corrected Proof, doi:10.1016/j.comcom.2008.05.007, http://www.sciencedirect.com/science/article/B6TY P-4SKK2152/2/1430100aea7fb192425153a00b64f00e. [13] Haiyun Luo et al., “URSA: ubiquitous and robust access control for mobile ad hoc networks,” Networking, IEEE/ACM Transactions on 12, no. 6 (2004): 1049-1063, doi:10.1109/TNET.2004.838598. [14] Urs Hengartner and Peter Steenkiste, “Implementing access control to people location information,” in Proceedings of the ninth ACM symposium on Access control models and technologies (Yorktown Heights, New York, USA: ACM, 2004), 11-20, doi:10.1145/990036.990039, http://portal.acm.org/citation.cfm? doid=990036.990039. [15] Jong-Phil Yang and Kyung Hyune Rhee, “Securing Admission Control in Ubiquitous Computing Environment,” in Networking - ICN 2005, 2005, 972-979,
http://www.springerlink.com/content/w3cjck3dbh2 9df18. [16] M Anisetti et al., “OpenAmbient: a Pervasive Access Architecture,” in ETRICS'06 Workshop on Security in Autonomous Systems, vol. 183 (presented at the SecAS '06, Freiburg, Germany, 2006), http://ftp.informatik.rwthaachen.de/Publications/CEUR-WS/Vol183/paper6.pdf. [17] Tim Kindberg and Kan Zhang, “Context Authentication Using Constrained Channels,” In Fourth IEEE Workshop on Mobile Computing Systems and Applications (2002): 14--21, doi:10.1.1.15.7590. [18] Devdatta Kulkarni and Anand Tripathi, “Contextaware role-based access control in pervasive computing systems,” in Proceedings of the 13th ACM symposium on Access control models and technologies (Estes Park, CO, USA: ACM, 2008), 113-122, doi:10.1145/1377836.1377854, http://portal.acm.org/citation.cfm? doid=1377836.1377854. [19] Nishith Khantal et al., “Evidence-Based Access Control for Ubiquitous Web Services,” http://seclab.cs.rice.edu/w2sp/2008/papers/sp1.pdf. [20] David F. Ferraiolo et al., “Proposed NIST standard for role-based access control,” ACM Trans. Inf. Syst. Secur. 4, no. 3 (2001): 224-274, doi:10.1145/501978.501980. [21] Song-hwa Chae, Wonil Kim, and Dong-kyoo Kim, “Role-Based Access Control Model for Ubiquitous Computing Environment,” in Information Security Applications, 2006, 354-363, http://dx.doi.org/10.1007/11604938_28. [22] Sung-Ho Hong et al., “RBAC-Based Access Control Framework for ensuring Privacy in Ubiquitous Computing,” in Proceedings of the 2006 International Conference on Hybrid Information Technology - Volume 01 (IEEE Computer Society, 2006), 278-283, http://portal.acm.org/citation.cfm? id=1193208.1193401&coll=GUIDE&dl=GUIDE. [23] Zhefan Jiang et al., “Design of a Security Management Middleware in Ubiquitous Computing Environments,”. Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, 2005,
Pages
306-308.
[24] Ryusuke Masuoka et al., “Policy-based Access Control for Task Computing Using Rei,” in Proceedings of the Policy Management for the Web Workshop, WWW 2005 (W3C, 2005), 37-43, http://ebiquity.umbc.edu/paper/html/id/220/Policybased-Access-Control-for-Task-Computing-UsingRei-.
5. Bibliography [25] “Computer Science Essays - Ubiquitous Computing: Authentication techniques in ubiquitous computing,” http://www.ukessays.com/ essays/computer-science/ubiquitouscomputing.php. Accessed 24 November 2008 [26] Varuna Godara, Handbook of Research on Assessment and Management in Pervasive Computing, 2008. ISBN:1605662208, 9781605662206. Repository: Google Books
[27] Tim Kindberg, Abigail Sellen, and Erik Geelhoed, “Security and Trust in Mobile Interactions: A Study of Users’ Perceptions and Reasoning,” in UbiComp 2004: Ubiquitous Computing, 2004, 196-213, http://www.springerlink.com/content/elj3jeqknr7ff bpb. [28] Anupam Joshi et al., “Security policies and trust in ubiquitous computing,” Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences 366, no. 1881 (October 28, 2008): 3769-3780, doi:10.1098/rsta.2008.0142. [29] C.A. Patterson, R.R. Muntz, and C.M. Pancake, “Challenges in location-aware computing,” Pervasive Computing, IEEE 2, no. 2 (2003): 8089. [30] “RBAC CASE STUDIES,” http://csrc.nist.gov/groups/SNS/rbac/case_studies.h tml.Accessed on 25 November 2008
Abstract
2.1. Usability
Significant research work is being carried out in the area of access control in ubiquitous computing. In this literature search we provide an overview and reading materials in 1. Ubiquitous computing and access control, 2. challenges involved, 3. main approaches proposed by researchers and finally a list of references and bibliographies on the subject has been included at the end.
1. Introduction The terms Ubiquitous Computing, commonly referred to as Pervasive Computing [1] are used to describe the practice of incorporating computing capabilities into our everyday life's environment to such an extent that users interact with these 'intelligent' entities without consciously being aware of the computing powers behind and therefore focus on the 'what' rather than the 'how' when carrying out a task [2]. The services that these ubiquitous environments provide are subject to security and privacy constraints. "Access control policies and mechanisms are necessary to ensure that users only use the resources (both hardware and software) in an Active Space in authorised ways, and to allow shared use of the space" (pervasive computing environment) [3].
2.
Challenges of Access Control Ubiquitous Environments
in
Due to the pervasive nature of such environments, additional challenges present themselves to researchers when working on access control schemes. We have listed four major issues that should be taken into consideration.
In contrary to conventional computer systems, in pervasive environment, users will be accessing a wide range of services using a multitude variety of devices. Requiring users to authenticate with ubiquitous services one at a time is unacceptable and will make the life of users more complicated than before. Therefore to make sure that accessing these systems are user-friendly, appropriate mechanisms for access control have to be developed[4].
2.2. Privacy According to M. Satyanarayanan [1] , when people start to rely more on these pervasive computing systems, the latter will have access to private data on users. To what extent are we prepared to give away our privacy is a sensitive issue [5]. Preserving privacy was an important aspect in K.Jangseong et al's [6] access control scheme.
2.3. Mobility An inherent characteristic of ubiquitous computer environment is the expectation that users' physical locations will change as well as the devices being used to access pervasive services which may have varying capabilities such as screen resolution and bandwidth [5,7].
2.4. Scalability A major challenge in ubiquitous computing is for protocols to be able to scale appropriately with a large number of devices and physical size of such networks [5]. Users are expected to be accessing many services simultaneously.
3. Approaches adopted by researchers Most approaches for tackling access control in this area can be classified into four main groups that we have listed below although in several cases, researchers have come up with hybrids by combining two or more strategies from the main categories. One example would be the Hybrid Access Control model (HAC) which combines all four categories [8].
3.1. Trust-Based Access Control (TBAC) Trust establishment is a critical phase in TBAC which according to Daoxi Xiu and Zhaoyu Liu [9] presents limitations in existing Trust-Based Systems. Therefore they have come up with a hybrid by using several existing trust-establishment models. Other works include the use of collaborative and reliance on previous interactions for trust evaluation taking privacy requirements into account [10] and also automated resource-constrained trust negotiation [11]. A rewardpunishment strategy has been used to develop a reputation-based trust model to identify 'rogue' nodes in a ubiquitous network [12, 13]. Digital certificates,signatures and proxy signatures have also been used to perform trust checks [14, 15].
used [21]. There has been an attempt to address the issue of privacy in RBAC through the use of privacy policies [22].
3.4. Policy-Based Access Control (PBAC) The dynamic generation and enforcement of policies allows a pervasive environment to interact with users in "different modes" [3]. Polices can also be defined by administrators at the middleware level through a security specification policy language [23] or using Rei policy specification language for flexible access control [24].
4. References [1]
[2] M. Weiser, “The Computer for the 21st Century,” Sci. Amer., Sept., 1991. [3]
Geetanjali Sampemane, Prasad Naldurg, and Roy Campbell, “Access control for active spaces,” http://gaia.cs.uiuc.edu/papers/acsac02-spacesec.pdf.
[4]
Jakob Bardram, “The trouble with login: on usability and computer security in ubiquitous computing,” Personal and Ubiquitous Computing 9, no. 6 (November 6, 2005): 357-367, doi:10.1007/s00779-005-0347-6.
[5]
R.K. Thomas and R. Sandhu, “Models, protocols, and architectures for secure pervasive computing: challenges and research directions,” in Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second IEEE Annual Conference on, 2004, 164-168, doi:10.1109/PERCOMW.2004.1276925.
[6]
Jangseong Kim, Zeen Kim, and Kwangjo Kim, “A Lightweight Privacy Preserving Authentication and Access Control Scheme for Ubiquitous Computing Environment,” in Information Security and Cryptology - ICISC 2007, 2007, 37-48, http://dx.doi.org/10.1007/978-3-540-76788-6_4.
[7]
A. Corradi, R. Montanari, and D. Tibaldi, “Context-based access control for ubiquitous service provisioning,” in Computer Software and Applications Conference, 2004. COMPSAC 2004. Proceedings of the 28th Annual International, 2004, 444-451 vol.1,
3.2. Context-Based Access Control (CBAC) In CBAC, the context of entities consisting mainly of characteristics such as location, posture and expression are taken into account [16]. The properties of a physical channel can be used to validate user location [17]. A. Corradi et al [7] proposed a model in which a user's permissions are obtained by fulling exploiting the context data. Context-
awareness has also been merged with role-based (RBAC) whereby context information is used to determine policies assigned to different membership roles [18]. An specialisation of CBAC has been described as EvidenceBased, controlling access by filtering messages and gathering evidence [19]. Other derivatives include silent login and proximity-based user authentication [4].
3.3. Role-Based Access Control (RBAC) RBAC has been a quite popular access control mechanism in the industry as well as governmental bodies and a number of case studies and experience reports are available online [30]. Unlike traditional access control mechanisms, in RBAC, permissions are not in direct relationship to users, instead roles are used as intermediaries [20]. To adapt RBAC for use in a ubiquitous context, additional parameters such as time and location have been
M. Satyanarayanan, “Pervasive computing: vision and challenges,” Personal Communications, IEEE [see also IEEE Wireless Communications] 8, no. 4 (2001): 10-17, doi:10.1109/98.943998.
doi:10.1109/CMPSAC.2004.1342877. [8]
[9]
Le Hung et al., “A Flexible and Scalable Access Control for Ubiquitous Computing Environments,” in Intelligence and Security Informatics, 2006, 688-689, http://dx.doi.org/10.1007/11760146_91. Daoxi Xiu and Zhaoyu Liu, “A Dynamic Trust Model for Pervasive Computing Environments,” in (presented at the Fourth annual security conference, Las Vegas , NV, 2005), http://coitweb.uncc.edu/~zhliu/Research/Papers/asc .pdf.
[10] Pho Duc Giang et al., “A Trust-Based Approach to Control Privacy Exposure in Ubiquitous Computing Environment,” in (presented at the IEEE International Conference on Pervasive Services, Istanbul, Turkey, 2007), http://icpsconference.org/2007/. [11] Guo Ya-Jun et al., “An Access Control Model for Ubiquitous Computing Application,” in Mobile Technology, Applications and Systems,2nd International Conference on Mobile Technology, Applications and Systems, 2005, Pages 1-6. [12] Azzedine Boukerche and Yonglin Ren, “A trustbased security system for ubiquitous and pervasive computing environments,” Computer Communications In Press, Corrected Proof, doi:10.1016/j.comcom.2008.05.007, http://www.sciencedirect.com/science/article/B6TY P-4SKK2152/2/1430100aea7fb192425153a00b64f00e. [13] Haiyun Luo et al., “URSA: ubiquitous and robust access control for mobile ad hoc networks,” Networking, IEEE/ACM Transactions on 12, no. 6 (2004): 1049-1063, doi:10.1109/TNET.2004.838598. [14] Urs Hengartner and Peter Steenkiste, “Implementing access control to people location information,” in Proceedings of the ninth ACM symposium on Access control models and technologies (Yorktown Heights, New York, USA: ACM, 2004), 11-20, doi:10.1145/990036.990039, http://portal.acm.org/citation.cfm? doid=990036.990039. [15] Jong-Phil Yang and Kyung Hyune Rhee, “Securing Admission Control in Ubiquitous Computing Environment,” in Networking - ICN 2005, 2005, 972-979,
http://www.springerlink.com/content/w3cjck3dbh2 9df18. [16] M Anisetti et al., “OpenAmbient: a Pervasive Access Architecture,” in ETRICS'06 Workshop on Security in Autonomous Systems, vol. 183 (presented at the SecAS '06, Freiburg, Germany, 2006), http://ftp.informatik.rwthaachen.de/Publications/CEUR-WS/Vol183/paper6.pdf. [17] Tim Kindberg and Kan Zhang, “Context Authentication Using Constrained Channels,” In Fourth IEEE Workshop on Mobile Computing Systems and Applications (2002): 14--21, doi:10.1.1.15.7590. [18] Devdatta Kulkarni and Anand Tripathi, “Contextaware role-based access control in pervasive computing systems,” in Proceedings of the 13th ACM symposium on Access control models and technologies (Estes Park, CO, USA: ACM, 2008), 113-122, doi:10.1145/1377836.1377854, http://portal.acm.org/citation.cfm? doid=1377836.1377854. [19] Nishith Khantal et al., “Evidence-Based Access Control for Ubiquitous Web Services,” http://seclab.cs.rice.edu/w2sp/2008/papers/sp1.pdf. [20] David F. Ferraiolo et al., “Proposed NIST standard for role-based access control,” ACM Trans. Inf. Syst. Secur. 4, no. 3 (2001): 224-274, doi:10.1145/501978.501980. [21] Song-hwa Chae, Wonil Kim, and Dong-kyoo Kim, “Role-Based Access Control Model for Ubiquitous Computing Environment,” in Information Security Applications, 2006, 354-363, http://dx.doi.org/10.1007/11604938_28. [22] Sung-Ho Hong et al., “RBAC-Based Access Control Framework for ensuring Privacy in Ubiquitous Computing,” in Proceedings of the 2006 International Conference on Hybrid Information Technology - Volume 01 (IEEE Computer Society, 2006), 278-283, http://portal.acm.org/citation.cfm? id=1193208.1193401&coll=GUIDE&dl=GUIDE. [23] Zhefan Jiang et al., “Design of a Security Management Middleware in Ubiquitous Computing Environments,”. Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, 2005,
Pages
306-308.
[24] Ryusuke Masuoka et al., “Policy-based Access Control for Task Computing Using Rei,” in Proceedings of the Policy Management for the Web Workshop, WWW 2005 (W3C, 2005), 37-43, http://ebiquity.umbc.edu/paper/html/id/220/Policybased-Access-Control-for-Task-Computing-UsingRei-.
5. Bibliography [25] “Computer Science Essays - Ubiquitous Computing: Authentication techniques in ubiquitous computing,” http://www.ukessays.com/ essays/computer-science/ubiquitouscomputing.php. Accessed 24 November 2008 [26] Varuna Godara, Handbook of Research on Assessment and Management in Pervasive Computing, 2008. ISBN:1605662208, 9781605662206. Repository: Google Books
[27] Tim Kindberg, Abigail Sellen, and Erik Geelhoed, “Security and Trust in Mobile Interactions: A Study of Users’ Perceptions and Reasoning,” in UbiComp 2004: Ubiquitous Computing, 2004, 196-213, http://www.springerlink.com/content/elj3jeqknr7ff bpb. [28] Anupam Joshi et al., “Security policies and trust in ubiquitous computing,” Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences 366, no. 1881 (October 28, 2008): 3769-3780, doi:10.1098/rsta.2008.0142. [29] C.A. Patterson, R.R. Muntz, and C.M. Pancake, “Challenges in location-aware computing,” Pervasive Computing, IEEE 2, no. 2 (2003): 8089. [30] “RBAC CASE STUDIES,” http://csrc.nist.gov/groups/SNS/rbac/case_studies.h tml.Accessed on 25 November 2008
Related Documents
Control Access
June 2020 15
Ubiquitous
October 2019 14
Ubiquitous
June 2020 12
Symantec Network Access Control
November 2019 15