A Context-Risk-Aware Access Control model for Ubiquitous environments

This paper reports our ongoing work to design a context-risk-aware access control (CRAAC) model for ubiquitous computing (UbiComp) environments. CRAAC is designed to augment flexibility and generality over the current solutions. Risk assessment and authorization level of assurance play a key role in CRAAC. Through risk assessment, resources are classified into groups according to their sensitivity levels and potential impacts should any unauthorized access occurs. The identified risks are mapped onto their required assurance levels, called object level of assurance (OLoA). Upon receiving an object access request, the requesterpsilas run-time contextual information is assessed to establish a requesterpsilas level of assurance (RLoA) denoting the level of confidence in identifying that requester. The access request is granted if RLoA ges OLoA. This paper describes the motivation for, and the design of, the CRAAC model, and reports a case study of further illustrate the model.