Specification, Validation, and Enforcement of a Generalized Spatio-Temporal Role-Based Access Control Model

With the advent of wireless and mobile devices, many new applications are being developed that make use of the spatio-temporal information of a user to provide better functionality. Such applications also necessitate sophisticated authorization models where access to a resource depends on the credentials of the user and also on the location and time of access. Consequently, researchers have extended the traditional access control models, such as role-based access control, to provide spatio-temporal access control. We improve upon these models by providing additional features that allow us to express constraints that were not possible until now. We express our model using the unified modeling language (UML) and the object constraint language that are the de facto specification languages used by the industry. Our model has numerous features that interact in subtle ways. To this end, we show how the UML-based specification environment tool can be used to analyze the spatiotemporal access control model of an application. We propose an architecture for enforcing our model and provide a protocol that demonstrates how access control can be granted and revoked in our approach. We also develop a prototype of this architecture to demonstrate the feasibility of our approach.