Affiliation:
1. University of Milan, Italy and EPFL Lausanne, Milano, Italy
2. Purdue University, West Lafayette, IA
3. University of Genoa, Genova, Italy
4. University of Milan, Milano, Italy
Abstract
Securing access to data in location-based services and mobile applications requires the definition of spatially aware access-control systems. Even if some approaches have already been proposed either in the context of geographic database systems or context-aware applications, a comprehensive framework, general and flexible enough to deal with spatial aspects in real mobile applications, is still missing. In this paper, we make one step toward this direction and present GEO-RBAC, an extension of the RBAC model enhanced with spatial-and location-based information. In GEORBAC, spatial entities are used to model objects, user positions, and geographically bounded roles. Roles are activated based on the position of the user. Besides a physical position, obtained from a given mobile terminal or a cellular phone, users are also assigned a logical and device-independent position, representing the feature (the road, the town, the region) in which they are located. To enhance flexibility and reusability, we also introduce the concept of role schema, specifying the name of the role, as well as the type of the role spatial boundary and the granularity of the logical position. We then extend GEO-RBAC to support hierarchies, modeling permission, user, and activation inheritance, and separation of duty constraints. The proposed classes of constraints extend the conventional ones to deal with different granularities (schema/instance level) and spatial information. We conclude the paper with an analysis of several properties concerning the resulting model.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Cited by
126 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Automated Generation and Update of Structured ABAC Policies;Proceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems;2024-06-19
2. Roles in SQL;Encyclopedia of Cryptography, Security and Privacy;2024
3. Towards Automated Access Control Policy Mining via Structured Attribute-Based Access Control;Lecture Notes in Networks and Systems;2024
4. Towards Automated Policy Predictions via Structured Attribute-Based Access Control;Lecture Notes in Networks and Systems;2024
5. Automatic Conversion of ABAC Policies for RBAC Systems;2023 IEEE Conference on Dependable and Secure Computing (DSC);2023-11-07