Article

Supporting location-based conditions in access control policies

Authors:

Claudio A. Ardagna,

Marco Cremonini,

Ernesto Damiani,

Sabrina De Capitani di Vimercati,

Pierangela SamaratiAuthors Info & Claims

ASIACCS '06: Proceedings of the 2006 ACM Symposium on Information, computer and communications security

Pages 212 - 222

https://doi.org/10.1145/1128817.1128850

Published: 21 March 2006 Publication History

Abstract

Location-based Access Control (LBAC) techniques allow taking users' physical location into account when determining their access privileges. In this paper, we present an approach to LBAC aimed at integrating location-based conditions along with a generic access control model, so that a requestor can be granted or denied access by checking her location as well as her credentials. Our LBAC model includes a novel way of taking into account the limitations of the technology used to ascertain the location of the requester. Namely, we describe how location verification can be encapsulated as a service, representing location technologies underlying it in terms of two semantically uniform service level agreement (SLA) parameters called confidence and timeout. Based on these parameters, we present the formal definition of a number of location-based predicates, their management, evaluation, and enforcement. The challenges that such an extension to traditional access control policies inevitably carries are discussed also with reference to detailed examples of LBAC policies.

References

[1]

I.F. Akyildiz and J.S.M. Ho. Dynamic mobile user location update for wireless pcs networks. Wireless Networks, 1(2):187--196, 1995.

Digital Library

[2]

M. Anisetti, C.A. Ardagna, V. Bellandi, and E. Damiani. Positioning method and system for mobile communications networks, related networks and computer program product. European Patent No. 05425643.3, Deposited in date 15 September 2005.

[3]

C.A. Ardagna, E. Damiani, S. De Capitani di Vimercati, and P. Samarati. Towards privacy-enhanced authorization policies and languages. In Proc. of the 19th IFIP WG11.3 Working Conference on Data and Application Security, Nathan Hale Inn, University of Connecticut, Storrs, USA, August 7--10 2005.

Digital Library

[4]

A. R. Beresford and F. Stajano. Mix zones: User privacy in location-aware services. In Proc. of the 2nd IEEE Annual Conference on Pervasive Computing and Communications Workshops (PERCOMW04), Orlando, Florida, March 2004.

Digital Library

[5]

C. Bettini, X.S. Wang, and S. Jajodia. Protecting privacy against location-based personal identification. In Proc. of the 2nd VLDB Workshop on Secure Data Management, Trondheim, Norway, September 2005.

Digital Library

[6]

P. Bonatti and P. Samarati. A unified framework for regulating access and information release on the web. Journal of Computer Security, 10(3):241--272, 2002.

Digital Library

[7]

E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. Managing and sharing servents' reputations in p2p systems. IEEE Transactions on Knowledge and Data Engineering, 15(4):840--854, July/August 2003.

Digital Library

[8]

D. Faria and D. Cheriton. No long-term secrets: Location-based security in overprovisioned wireless lans. In Proc. of the Third ACM Workshop on Hot Topics in Networks (HotNets-III), San Diego, USA, November 2004.

[9]

S. Garg, M. Kappes, and M. Mani. Wireless access server for quality of service and location based access control in 802.11 networks. In Proc. of the Seventh IEEE Symposium on Computers and Communications (ISCC 2002), Taormina/Giardini Naxos, Italy, July 2002.

Digital Library

[10]

I. Getting. The global positioning system. IEEE Spectrum, 30(12):36--47, December 1993.

Digital Library

[11]

C. Hauser and M. Kabatnik. Towards Privacy Support in a Global Location Service. In Proc. of the IFIP Workshop on IP and ATM Traffic Management (WATM/EUNICE 2001), Paris, France, 2001.

[12]

U. Hengartner and P. Steenkiste. Implementing access control to people location information. In Proc. of the ACM Symposium on Access Control Models and Technologies 2004 (SACMAT 2004), Yorktown Heights, USA, 2004.

Digital Library

[13]

S. Horsmanheimo, H. Jormakka, and J. Lahteenmaki. Location-aided planning in mobile network trial results. Wireless Personal Communications: An International Journal, 30(2--4):207--216, September 2004.

Digital Library

[14]

H. Hu and D.L. Lee. Energy-efficient monitoring of spatial predicates over moving objects. Bulletin of the IEEE Computer Society Technical Committee on Data Engineering, 28(3):19--26, 2005.

[15]

S. Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian. Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26(2):214--260, June 2001.

Digital Library

[16]

U. Leonhardt and J. Magee. Towards a general location service for mobile environments. In Proc. of the 3rd Workshop on Services in Distributed and Networked Environments (SDNE'96), Macau, June 1996.

Digital Library

[17]

N. Marsit, A. Hameurlain, Z. Mammeri, and F. Morvan. Query processing in mobile environments: a survey and open problems. In Proc. of the First International Conference on Distributed Framework for Multimedia Applications (DFMA'05), Besancon, France, February 2005.

Digital Library

[18]

M.F. Mokbel and W.G. Aref. GPAC: Generic and progressive processing of mobile queries over mobile data. In Proc. of the 6th international conference on Mobile data management, Ayia Napa, Cyprus, May 2005.

Digital Library

[19]

J. Myllymaki and S. Edlund. Location aggregation from multiple sources. In Proc. of the 3rd IEEE Intl. Conf. on Mobile Data Management (MDM 02), January 2002.

Digital Library

[20]

J. Nord, K. Synnes, and P. Parnes. An architecture for location aware applications. In Proc. of the 35th Hawaii Intl. Conference on System Sciences, Hawaii, USA, 2002.

Digital Library

[21]

OASIS. eXtensible Access Control Markup Language (XACML) Version 1.0, 2003. http://www.oasis-open.org/committees/xacml.

[22]

B. Parkinson, J. Spilker, P. Axelrad, and P. Enge, editors. Global Positioning System: Theory and Application, Volume II. American Institute of Astronautics and Aeronautics (AIAA), 1996.

[23]

N. Samaan and A. Karmouch. A mobility prediction architecture based on contextual knowledge and spatial conceptual maps. IEEE Transaction on Mobile Computing, 4(6):537--551, November-December 2005.

Digital Library

[24]

N. Sastry, U. Shankar, and S. Wagner. Secure verification of location claims. In Proc. of the ACM Workshop on Wireless Security (WiSe 2003), San Diego, CA, USA, September 2003.

Digital Library

[25]

E. Snekkenes. Concepts for personal location privacy policies. In Proc. of the 3rd ACM conference on Electronic Commerce, Tampa, Florida, USA, 2001.

Digital Library

[26]

T.W. van der Horst, T. Sundelin, K.E. Seamons, and C.D. Knutson. Mobile trust negotiation: Authentication and authorization in dynamic mobile networks. In Proc. of the Eighth IFIP Conference on Communications and Multimedia Security, Lake Windermere, England, September 2004.

[27]

U. Varshney. Location management for mobile commerce applications in wireless internet environment. ACM Transactions on Internet Technology, 3(3):236--255, August 2003.

Digital Library

[28]

T. Yu, M. Winslett, and K.E. Seamons. Supporting structured credentials and sensitive policies trough interoperable strategies for automated trust. ACM Transactions on Information and System Security (TISSEC), 6(1):1--42, February 2003.

Digital Library

[29]

G. Zhang and M. Parashar. Dynamic context-aware access control for grid applications. In Proc. of the 4th International Workshop on Grid Computing (Grid 2003), Phoenix, Arizona, November 2003.

Digital Library

Cited By

Abdunabi RAl Amin MBasnet R(2025)An authorization framework for body area network: A policy verification and smart contract-based integrity assurance approachJournal of Computer Security10.1177/0926227X241296435Online publication date: 21-Feb-2025
https://doi.org/10.1177/0926227X241296435
Zhu SZhang Y(2024)Probabilistic Access Policies with Automated Reasoning SupportComputer Aided Verification10.1007/978-3-031-65633-0_20(443-466)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65633-0_20
Tiwari AAhmad SQurunflah EHelmi MAlmaimani AAlaidroos AHallawani M(2023)Exploring geomasking methods for geoprivacy: a pilot study in an environment with built featuresGeospatial Health10.4081/gh.2023.120518:2Online publication date: 17-Oct-2023
https://doi.org/10.4081/gh.2023.1205
Show More Cited By

Index Terms

Supporting location-based conditions in access control policies

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Spatial Domains for the Administration of Location-based Access Control Policies

In the last few years there has been an increasing interest for a novel category of access control models known as location-based or spatially-aware role-based access control (RBAC) models. Those models advance classical RBAC models in that they ...
Requirements for a location-based access control model
MoMM '08: Proceedings of the 6th International Conference on Advances in Mobile Computing and Multimedia

Location-based access control (LBAC) takes a mobile user's current position into account when making the decision if he should be allowed to access a particular resource like a file or service. For example using LBAC we can enforce that a nurse is only ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '06: Proceedings of the 2006 ACM Symposium on Information, computer and communications security

March 2006

384 pages

ISBN:1595932720

DOI:10.1145/1128817

Conference Chair:
Ferng-Ching Lin
Executive Yuan, Taiwan
,
General Chairs:
Der-Tsai Lee
Academia Sinica, Taiwan
,
Bao-Shuh Lin
ITRI, Taiwan
,
Program Chairs:
Shiuhpyng Shieh
National Chiao Tung University, Taiwan
,
Sushil Jajodia
George Mason University, USA

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 March 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

Asia CCS06

Sponsor:

SIGSAC

Asia CCS06: ACM Symposium on Information, Computer and Communications Security 2006

March 21 - 24, 2006

Taipei, Taiwan

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

101
Total Citations
View Citations
1,757
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)2

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Abdunabi RAl Amin MBasnet R(2025)An authorization framework for body area network: A policy verification and smart contract-based integrity assurance approachJournal of Computer Security10.1177/0926227X241296435Online publication date: 21-Feb-2025
https://doi.org/10.1177/0926227X241296435
Zhu SZhang Y(2024)Probabilistic Access Policies with Automated Reasoning SupportComputer Aided Verification10.1007/978-3-031-65633-0_20(443-466)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65633-0_20
Tiwari AAhmad SQurunflah EHelmi MAlmaimani AAlaidroos AHallawani M(2023)Exploring geomasking methods for geoprivacy: a pilot study in an environment with built featuresGeospatial Health10.4081/gh.2023.120518:2Online publication date: 17-Oct-2023
https://doi.org/10.4081/gh.2023.1205
Panchbudhe SDave M(2023)Study and Implementation of Location-based Access control Mechanism in Cloud services2022 OPJU International Technology Conference on Emerging Technologies for Sustainable Development (OTCON)10.1109/OTCON56053.2023.10113996(1-6)Online publication date: 8-Feb-2023
https://doi.org/10.1109/OTCON56053.2023.10113996
Abdulla ABakiras SShe J(2023)ICMS: A Flexible Location-Based Access Control System for Mobile DevicesIEEE Systems Journal10.1109/JSYST.2022.320269817:1(1536-1547)Online publication date: Mar-2023
https://doi.org/10.1109/JSYST.2022.3202698
Tiago JEisa SPardal MHong JBures MPark JCerny T(2022)SureSpaceProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3508382(164-173)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3508382
Boltz NHahner SWalter MSeifferman SHeinrich RBures THnetynka P(2022)Handling Environmental Uncertainty in Design Time Access Control Analysis2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)10.1109/SEAA56994.2022.00067(382-389)Online publication date: Aug-2022
https://doi.org/10.1109/SEAA56994.2022.00067
Sangeetha SKumar SPorselvi TAbdullah Al-mazroui ZAlNofli IAlmamari A(2022)Location Sensitive Browser App using MIT App Inventor for Blocking Social Media Websites in Educational Institutions2022 International Conference on Power, Energy, Control and Transmission Systems (ICPECTS)10.1109/ICPECTS56089.2022.10047061(1-5)Online publication date: 8-Dec-2022
https://doi.org/10.1109/ICPECTS56089.2022.10047061
Greaves BCoetzee MLeung W(2022)Digital Twin Monitoring for Cyber-Physical Access ControlEmerging Information Security and Applications10.1007/978-3-030-93956-4_9(144-158)Online publication date: 12-Jan-2022
https://doi.org/10.1007/978-3-030-93956-4_9
Singh AChatterjee K(2020)LoBAC: A Secure Location-Based Access Control Model for E-Healthcare SystemAdvances in Machine Learning and Computational Intelligence10.1007/978-981-15-5243-4_58(621-628)Online publication date: 26-Jul-2020
https://doi.org/10.1007/978-981-15-5243-4_58
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten