A coordinated spatio-temporal access control model for mobile computing in coalition environments

A primary concern in mobile computing is security. Mobile clients often relocate between different networks and connect to different data servers at different times. This poses new challenges to the resource access control in mobile computing. The resource sharing in a coalition environment creates certain temporal and spatial requirements for the accesses by mobile devices. However, there is a lack of formal treatment of the impact of mobility to the shared resource access control. In this paper, we introduce the shared resource access language, SRAL, to model the behavior of mobile devices. The language is structured and compositional so that programs of a mobile device can be constructed recursively from primitive accesses. We prove that SRAL is expressive enough for most resource access patterns. In particular, it is complete in the sense that it can specify any program of regular trace model. A constraint language is defined to specify spatial constraints for shared resource accesses. The problem of checking if a mobile object satisfies a given spatial constraint can be solved in a polynomial-time algorithm. We apply duration calculus to express temporal constraints, and show the temporal constraint satisfaction problem is decidable as well. We extend the role-based access control (RBAC) model to specify and enforce spatio-temporal constraints. This coordinated access control model has been implemented in a mobile agent system, which emulates mobile computing by software agents.