A Spatio-Situation-Based Access Control Model for Dynamic Permission on Mobile Applications

Abstract

As users are now able to take their mobile devices from location to location, there has been a transition from a static program running on a PC/laptop to a dynamic application that can adapt based on a variety of conditions and criteria. This highlights an emerging need to support dynamic permissions of mobile applications as a user moves from location to location based and perform different actions in particular situation. This chapter presents a Spatio-Situation-Based Access Control model that extends role-based access control to secure sensitive data for mobile applications with the ability to make dynamic authorization decisions according to the time/location and the particular situation being encountered by a user. To demonstrate the feasibility of the work, a realistic healthcare scenario examines the complex workflow of treating a patient by a physician utilizing a mobile health (mHealth) app to access patient data, as she/he moves among multiple locations at different times throughout the day/week requiring access to different patient data repositories at different times.