Enforcing Spatial Constraints with Geo-RBAC

Proposed models for spatially-aware extensions of role-based access control (RBAC) combine the administrative and security advantages of RBAC with the dynamic nature of mobile and pervasive computing systems. However, implementing systems that enforce these models poses a number of challenges. As a solution, we propose an architecture for designing such a system. The architecture is based on an enhanced RBAC model that supports location-based access control policies by incorporating spatial constraints. Enforcing spatially-aware RBAC policies in a mobile environment requires addressing several challenges. First, one must guarantee the integrity of a user's location during an access request. We adopt a proximity-based solution using Near-Field Communication (NFC) technology. The next challenge is to verify the user's position continuously satisfies the location constraints. To capture these policy restrictions, we incorporate elements of the UCON_ABC usage control model in our architecture. In this work, we also propose a number of protocols, describe our prototype implementation, report the performance of our prototype, and evaluate the security guarantees.
Date: June 09, 2010
Book Title: Proc. of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT 2010)
Type: InProceedings
Downloads: 1162

Has 1 soft copy

remote link


  author = "Michael S. Kirkpatrick and Elisa Bertino",
  title = "{Enforcing Spatial Constraints with Geo-RBAC}",
  month = "June",
  year = "2010",
  booktitle = "Proc. of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT 2010)",