DocumentCode :
593675
Title :
A formal proximity model for RBAC systems
Author :
Gupta, Arpan ; Kirkpatrick, Michael ; Bertino, Elisa
Author_Institution :
Dept. of Comput. Sci., Purdue Univ., West Lafayette, IN, USA
fYear :
2012
fDate :
14-17 Oct. 2012
Firstpage :
1
Lastpage :
10
Abstract :
To combat the threat of information leakage through pervasive access, researchers have proposed several extensions to the popular role-based access control (RBAC) model. Such extensions can incorporate contextual features, such as location, into the policy decision in an attempt to restrict access to trustworthy settings. In many cases, though, such extensions fail to reflect the true threat, which is the presence or absence of other users, rather than absolute locations. For instance, for location-aware separation of duty, it is more important to ensure that two people are in the same room, rather than in a designated, pre-defined location. Prox-RBAC was proposed as an extension to consider the relative proximity of other users with the help of a pervasive monitoring infrastructure. However, that work offered only an informal view of proximity, and unnecessarily restricted the domain to spatial concerns. In this work, we present a more rigorous definition of proximity based on formal topological relations. In addition, we show that this definition can be applied to several additional domains, such as social networks, communication channels, attributes, and time; thus, our policy model and language is more flexible and powerful than the previous work. In addition to proposing the model, we present a number of theoretical results for such systems, including a complexity analysis, templates for cryptographic protocols, and proofs of security features.
Keywords :
authorisation; cryptographic protocols; RBAC system; communication channels; complexity analysis; contextual features; cryptographic protocols; formal proximity model; formal topological relation; information leakage; language; location aware separation; pervasive access; pervasive monitoring infrastructure; policy decision; policy model; popular role based access control model; security features; social networks; templates; access control; context awareness; mobility; security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2012 8th International Conference on
Conference_Location :
Pittsburgh, PA
Print_ISBN :
978-1-4673-2740-4
Type :
conf
Filename :
6450887
Link To Document :
بازگشت