Download:
by Claudio A. Ardagna, Marco Cremonini, Sabrina De, Capitani Vimercati, Pierangela Samarati, Ernesto Damiani
http://seclab.dti.unimi.it/Papers/asiaccs06.pdf
Add To MetaCart
Abstract:
Location-based Access Control (LBAC) techniques allow taking users ’ physical location into account when determining their access privileges. In this paper, we present an approach to LBAC aimed at integrating location-based conditions along with a generic access control model, so that a requestor can be granted or denied access by checking her location as well as her credentials. Our LBAC model includes a novel way of taking into account the limitations of the technology used to ascertain the location of the requester. Namely, we describe how location verification can be encapsulated as a service, representing location technologies underlying it in terms of two semantically uniform service level agreement (SLA) parameters called confidence and timeout. Based on these parameters, we present the formal definition of a number of location-based predicates, their management, evaluation, and enforcement. The challenges that such an extension to traditional access control policies inevitably carries are discussed also with reference to detailed examples of LBAC policies.
Citations
|
148
|
Flexible Support for Multiple Access Control Policies
– Jajodia, Samarati, et al.
- 2001
|
|
96
|
Secure verification of location claims
– Sastry, Shankar, et al.
|
|
80
|
Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation
– Yu, Winslett, et al.
|
|
77
|
The Global Positioning System
– Getting
- 1993
|
|
56
|
eXtensible Access Control Markup Language (XACML). http://www.oasis-open.org/committees/xacml
– OASIS
|
|
39
|
ªDynamic Mobile User Location Update for Wireless PCS Networks,º ACM/Baltzer Wireless Networks
– Akyildiz, Ho
- 1995
|
|
27
|
A unified framework for regulating access and information release on the web
– Bonatti, Samarati
- 2002
|
|
24
|
Towards A General Location Service For Mobile Environments
– Leonhardt, Magee
- 1996
|
|
23
|
Managing and Sharing Servents’ Reputations in P2P Systems
– Damiani, Vimercati, et al.
- 2003
|
|
22
|
Concepts for personal location privacy policies
– Snekkenes
- 2001
|
|
13
|
Access Control to People Location Information
– Hengartner, Steenkiste
- 2005
|
|
13
|
Dynamic context-aware access control for grid applications
– Zhang, Parashar
- 2003
|
|
12
|
Mix zones: User privacy in location-aware services
– Beresford, Stajano
- 2004
|
|
12
|
Location Aggregation from Multiple Sources
– Myllymaki, Edlund
- 2002
|
|
12
|
2002. An Architecture for Location Aware Applications
– Nord, Synnes, et al.
|
|
11
|
Location management for mobile commerce applications in wireless internet environment
– Varshney
- 2003
|
|
10
|
Protecting privacy against location-based personal identification
– Bettini, Wang, et al.
- 2005
|
|
6
|
Mobile trust negotiation: Authentication and authorization in dynamic mobile networks
– Horst, Sundelin, et al.
- 2004
|
|
5
|
Towards Privacy Support in a Global Location Service
– Hauser, Kabatnik
- 2001
|
|
5
|
GPAC: Generic and progressive processing of mobile queries over mobile data
– Mokbel, Aref
- 2005
|
|
4
|
No longterm secrets: Location-based security in overprovisioned wireless LANs
– Faria, Cheriton
- 2004
|
|
4
|
Query processing in mobile environments: a survey and open problems
– Marsit, Hameurlain, et al.
- 2005
|
|
4
|
A mobility prediction architecture based on contextual knowledge and spatial conceptual maps
– Samaan, Karmouch
- 2005
|
|
3
|
Towards privacy-enhanced authorization policies and languages
– Ardagna, Damiani, et al.
- 2005
|
|
3
|
Wireless access server for quality of service and location based access control in 802.11 networks
– Garg, Kappes, et al.
- 2002
|
|
3
|
Energy-efficient monitoring of spatial predicates over moving objects
– Hu, Lee
|
|
2
|
Location-aided planning in mobile network trial results
– Horsmanheimo, Jormakka, et al.
- 2004
|
|
1
|
Positioning method and system for mobile communications networks, related networks and computer program product. European Patent No. 05425643.3, Deposited in date 15
– Anisetti, Ardagna, et al.
- 2005
|
