Role-Based Access Control for Mobile Computing and Applications

Abstract

The proliferation of mobile devices has changed the way that individuals access digital information with desktop applications now performed seamlessly in mobile applications. Mobile applications related to healthcare, finance/banking, etc., have highly sensitive data where unsecure access could have serious consequences. This chapter demonstrates an approach to Role-Based Access Control (RBAC) for mobile applications that allows an information owner to define who can do what by role, which is then enforced within a mobile application's infrastructure (UI, API, server/database). Towards this objective, the chapter: motivates the usage of RBAC for mobile applications; generalizes the structure and components of a mobile application so that it can be customized by role; defines a configurable framework of locations where RBAC can be realized in a mobile application's infrastructure; and, proposes an approach that realizes RBAC for mobile security. To demonstrate, the proposed RBAC approach is incorporated into the Connecticut Concussion Tracker mobile application.