Article

Implementing access control to people location information

Authors:

Urs Hengartner,

Peter SteenkisteAuthors Info & Claims

SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies

Pages 11 - 20

https://doi.org/10.1145/990036.990039

Published: 02 June 2004 Publication History

Abstract

Ubiquitous computing uses a variety of information for which access needs to be controlled. For instance, a person's current location is asensitive piece of information, which only authorized entities should be able to learn. Several challenges arise in the specification and implementation of policies controlling access to location information. For example, there can be multiple sources of location information, the sources can be within different administrative domains, different administrative domains might allow different entities to specify policies, and policies need to be flexible. Weaddress these issues in our design of an access control mechanism for a people location system. Our design encodes policies as digital certificates. We present an example implementation based on SPKI/SDSI certificates. Using measurements, we quantify the influence of access control on query processing time. We also discuss trade-offs between RSA-based and DSA-based signature schemes for digital certificates.

References

[1]

T. Aura and C. Ellison. Privacy and Accountability in Certificate Systems. Technical Report A61, Laboratory for Theoretical Computer Science, Helsinki University of Technology, April 2000.]]

[2]

P. Bahl and V. Padmanabhan. RADAR: An In-Building RF-Based User Location and Tracking System. In Proceedings of IEEE Infocom 2000, pages 775--784, March 2000.]]

[3]

E. Bertino, P.A. Bonatti, and E. Ferrari. TRBAC: A Temporal Role-based Access Control Model. ACM Transactions on Information and System Security, 4(3):191--233, August 2001.]]

Digital Library

[4]

E. Bertino, E. Ferrari, and A. C. Squicciarini. Trust-χ :An XML Framework for Trust Negotations. In Proceedings of Communications and Multimedia Security 2003, pages 146--157, 2003.]]

[5]

M. Blaze, J. Ioannidis, and A. Keromytis. The KeyNote Trust-Management System Version 2. RFC 2704, September 1999.]]

Digital Library

[6]

M. J. Covington, W. Long, S. Srinivasan, A. Dey, M. Ahamad, and G. Abowd. Securing Context-Aware Applications Using Environment Roles. In Proceedings of 6th ACM Symposium on Access Control Models and Technologies (SACMAT '01), pages 10--20, May 2001.]]

Digital Library

[7]

W. Diffie, P.C. van Oorschot, and M.J. Wiener. Authentication and Authenticated Key Exchanges. Designs, Codes and Cryptography, 2:107--125, 1992.]]

Digital Library

[8]

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI Certificate Theory. RFC 2693, September 1999.]]

Digital Library

[9]

D. Garlan, D. Siewiorek, A. Smailagic, and P. Steenkiste. Project Aura: Towards Distraction-Free Pervasive Computing. IEEE Pervasive Computing, 1(2):22--31, April-June 2002.]]

Digital Library

[10]

A. Harter and A. Hopper. A Distributed Location System for the Active Office. IEEE Network, 8(1):62--70, January 1994.]]

[11]

J. Howell and D. Kotz. End-to-end authorization. In Proceedings of 4th Symposium on Operating System Design & Implementation (OSDI 2000), pages 151--164, October 2000.]]

Digital Library

[12]

ftp://ftp.scriptics.com/pub/tcl/apps/ical/.]]

[13]

G. Judd and P. Steenkiste. Providing Contextual Information to Ubiquitous Computing Applications. In Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom 2003), pages 133--142, March 2003.]]

Digital Library

[14]

T. Kagal, L. Finin and A. Josh. Trust-Based Security in Pervasive Computing Environments. IEEE Computer, pages 154--157, December 2001.]]

Digital Library

[15]

U. Leonhardt and J. Magee. Security Considerations for a Distributed Location Service. Journal of Network and Systems Management, 6(1):51--70, March 1998.]]

Digital Library

[16]

P. McDaniel. On Context in Authorization Policy. In Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pages 80--89, June 2003.]]

Digital Library

[17]

B.C. Neuman. Proxy-Based Authorization and Accounting for Distributed Systems. In Proceedings of International Conference on Distributed Computing Systems, pages 283--291, May 1993.]]

[18]

National Institute of Standards and NIST FIPS PUB 186 Technology. Digital Signature Standard. U.S. Department of Commerce, May 1994.]]

[19]

N.B. Priyantha, A. Chakraborty, and H. Balakrishnan. The Cricket Location-Support System. In Proceedings of the Sixth Annual International Conference on Mobile Computing and Networking (MobiCom 2000), August 2000.]]

Digital Library

[20]

B. Shand, N. Dimmock, and J. Bacon. Trust for Ubiquitous, Transparent Collaboration. In Proccedings of IEEE International Conference on Pervasive Computing and Communications (PerCom 2003), pages 153--160, March 2003.]]

Digital Library

[21]

K. R. Sollins. Cascaded Authentication. In Proceedings of IEEE Symposium on Security and Privacy, pages 156--163, May 1988.]]

[22]

M. Spreitzer and M. Theimer. Providing Location Information in a Ubiquitous Computing Environment. In Proceedings of SIGOPS '93, pages 270--283, Dec 1993.]]

Digital Library

[23]

A. Ward, A. Jones, and A. Hopper. A New Location Technique for the Active Office. IEEE Personal Communications, 4(5):42--47, October 1997.]]

Cited By

Abdulla ABakiras SShe J(2023)ICMS: A Flexible Location-Based Access Control System for Mobile DevicesIEEE Systems Journal10.1109/JSYST.2022.320269817:1(1536-1547)Online publication date: Mar-2023
https://doi.org/10.1109/JSYST.2022.3202698
Patil SSchlegel RKapadia ALee AJones MPalanque PSchmidt AGrossman T(2014)Reflection or action?Proceedings of the SIGCHI Conference on Human Factors in Computing Systems10.1145/2556288.2557121(101-110)Online publication date: 26-Apr-2014
https://dl.acm.org/doi/10.1145/2556288.2557121
Palanisamy BLiu L(2014)Effective mix-zone anonymization techniques for mobile travelersGeoinformatica10.1007/s10707-013-0194-y18:1(135-164)Online publication date: 1-Jan-2014
https://dl.acm.org/doi/10.1007/s10707-013-0194-y
Show More Cited By

Index Terms

Implementing access control to people location information

Recommendations

Access control to people location information

Ubiquitous computing uses a variety of information for which access needs to be controlled. For instance, a person's current location is a sensitive piece of information that only authorized entities should be able to learn. Several challenges arise in ...
Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Access control and trust in the use of widely distributed services
Special issue: Middleware

OASIS is a role-based access control (RBAC) architecture for achieving secure interoperation of independently managed services in an open, distributed environment. OASIS differs from other RBAC schemes in a number of ways: role management is ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies

June 2004

182 pages

ISBN:1581138725

DOI:10.1145/990036

General Chair:
Trent Jaeger
IBM Research
,
Program Chair:
Elena Ferrari
University of Insubria, Italy

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SACMAT04

Sponsor:

SACMAT04: 9th ACM Symposium on Access Control Models and Technologies 2004

June 2 - 4, 2004

New York, Yorktown Heights, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

48
Total Citations
View Citations
1,388
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Abdulla ABakiras SShe J(2023)ICMS: A Flexible Location-Based Access Control System for Mobile DevicesIEEE Systems Journal10.1109/JSYST.2022.320269817:1(1536-1547)Online publication date: Mar-2023
https://doi.org/10.1109/JSYST.2022.3202698
Patil SSchlegel RKapadia ALee AJones MPalanque PSchmidt AGrossman T(2014)Reflection or action?Proceedings of the SIGCHI Conference on Human Factors in Computing Systems10.1145/2556288.2557121(101-110)Online publication date: 26-Apr-2014
https://dl.acm.org/doi/10.1145/2556288.2557121
Palanisamy BLiu L(2014)Effective mix-zone anonymization techniques for mobile travelersGeoinformatica10.1007/s10707-013-0194-y18:1(135-164)Online publication date: 1-Jan-2014
https://dl.acm.org/doi/10.1007/s10707-013-0194-y
Pandit AKumar A(2012)Conceptual Framework and a Critical Review for Privacy Preservation in Context Aware SystemsProceedings of the 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery10.1109/CyberC.2012.79(435-442)Online publication date: 10-Oct-2012
https://dl.acm.org/doi/10.1109/CyberC.2012.79
Toahchoodee MRay I(2011)On the formalization and analysis of a spatio-temporal role-based access control modelJournal of Computer Security10.5555/2011016.201101919:3(399-452)Online publication date: 1-Aug-2011
https://dl.acm.org/doi/10.5555/2011016.2011019
Terrovitis M(2011)Privacy preservation in the dissemination of location dataACM SIGKDD Explorations Newsletter10.1145/2031331.203133413:1(6-18)Online publication date: 31-Aug-2011
https://dl.acm.org/doi/10.1145/2031331.2031334
WEAVER SGAHEGAN M(2010)CONSTRUCTING, VISUALIZING, AND ANALYZING A DIGITAL FOOTPRINT*Geographical Review10.1111/j.1931-0846.2007.tb00509.x97:3(324-350)Online publication date: 21-Apr-2010
https://doi.org/10.1111/j.1931-0846.2007.tb00509.x
Li LChou W(2010)Efficient Authorization of Rich Presence Using Secure and Composed Web ServicesWeb Information Systems and Technologies10.1007/978-3-642-12436-5_4(44-57)Online publication date: 2010
https://doi.org/10.1007/978-3-642-12436-5_4
Ardagna CCremonini MVimercati SSamarati P(2010)Managing Privacy in Location‐Based Access Control SystemsMobile Intelligence10.1002/9780470579398.ch19(437-467)Online publication date: 22-Feb-2010
https://doi.org/10.1002/9780470579398.ch19
Poolsappasit NRay I(2009)Towards Achieving Personalized Privacy for Location-Based ServicesTransactions on Data Privacy10.5555/1556406.15564112:1(77-99)Online publication date: 1-Apr-2009
https://dl.acm.org/doi/10.5555/1556406.1556411
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents