Abstract
Securing access to data in location-based services and mobile applications requires the definition of spatially aware access-control systems. Even if some approaches have already been proposed either in the context of geographic database systems or context-aware applications, a comprehensive framework, general and flexible enough to deal with spatial aspects in real mobile applications, is still missing. In this paper, we make one step toward this direction and present GEO-RBAC, an extension of the RBAC model enhanced with spatial-and location-based information. In GEORBAC, spatial entities are used to model objects, user positions, and geographically bounded roles. Roles are activated based on the position of the user. Besides a physical position, obtained from a given mobile terminal or a cellular phone, users are also assigned a logical and device-independent position, representing the feature (the road, the town, the region) in which they are located. To enhance flexibility and reusability, we also introduce the concept of role schema, specifying the name of the role, as well as the type of the role spatial boundary and the granularity of the logical position. We then extend GEO-RBAC to support hierarchies, modeling permission, user, and activation inheritance, and separation of duty constraints. The proposed classes of constraints extend the conventional ones to deal with different granularities (schema/instance level) and spatial information. We conclude the paper with an analysis of several properties concerning the resulting model.
- Atluri, V. and Mazzoleni, P. 2002. A uniform indexing scheme for geo-spatial data and authorizations. In Proceedings of the 16th IFIP WG 11.3 Conference on Data and Application Security. Kluwer Academic Publ., Boston, MA. 207--218.Google Scholar
- Belussi, A., Bertino, E., Catania, B., Damiani, M., and Nucita, A. 2004. An authorization model for geographical maps. In Proceedings of the 12th Annual ACM International Workshop on Geographic Information Systems. ACM Press, New York. 82--91. Google Scholar
Digital Library
- Bertino, E., Damiani, M., and Momini, D. 2004. An access-control system for a web map management service. In Proceedings of the 14th International Workshop on Research Issues on Data Engineering (RIDE'04). IEEE Computer Society, Washington, D.C. 33--39. Google Scholar
Digital Library
- Bhatti, R., Ghafoor, A., Bertino, E., and Joshi, J. 2005. X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access-control. ACM Transactions on Information and System Security (TISSEC) 8, 2 (May), 187--227. Google Scholar
Digital Library
- Chandran, S. and Joshi, J. 2005. LoT RBAC: A location and time-based RBAC model. In Proceedings of the 6th International Conference on Web Information Systems Engineering (WISE'05). Springer-Verlag, New York. 361--375. Google Scholar
Digital Library
- Chun, S. and Atluri, V. 2000. Protecting privacy from continuous high-resolution satellite surveillance. In Proceedings of the 14th IFIP 11.3 Annual Working Conference on Database Security. Schoorl, The Netherlands. 233--244. Google Scholar
Digital Library
- Clementini, E., Felice, P. D., and van Oosterom, P. 1993. A small set of formal topological relationships suitable for end-user interaction. In Proceedings of the 3rd International Symposium on Advances in Spatial Databases. Lecture Notes in Computer Science, vol. 692. Springer-Verlag, New York. 277--295. Google Scholar
Digital Library
- Covington, M., Moyer, M., and Ahamad, M. 2000. Generalized role-based access-control for securing future applications. In Proceedings of the 23rd National Information Systems Security Conference.Google Scholar
- Covington, M., Long, W., Srinivasan, S., Dev, A., Ahamad, M., and Abowd, G. 2001. Securing context-aware applications using environment roles. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT'01). ACM Press, New York. 10--20. Google Scholar
Digital Library
- Damiani, M. and Bertino, E. 2006. Access control and privacy in location-aware services for mobile organizations. In Proceedings of 7th Conference on Mobile Data Management (MDM'06). IEEE Computer Society, Washington, D.C. 11. Google Scholar
Digital Library
- Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., and Chandramouli, R. 2001. Proposed NIST standard for role-based access-control. ACM Transactions on Information and System Security (TISSEC) 4, 3 (Aug.), 224--274. Google Scholar
Digital Library
- Forlizzi, L., Kuijpers, B., and Nardelli, E. 2003. Region-based query languages for spatial databases in the topological data model. In Proceedings of the 8th International Symposium on Spatial and Temporal Databases (SSTD'03). Lecture Notes in Computer Science, vol. 2750. Springer-Verlag, New York. 344--361.Google Scholar
- Hansen, F. and Oleshchuk, V. 2003a. Spatial role-based access-control model for wireless networks. In Proceedings of the 58th IEEE Vehicular Technology Conference (VTC'03). Vol. 3. IEEE Computer Society, Washington, D.C. 2093--2097.Google Scholar
- Hansen, F. and Oleshchuk, V. 2003b. SRBAC: a spatial role-based access-control model for mobile systems. In Proceedings of the 7th Nordic Workshop on Secure IT Systems (NORDSEC'03). Gj‘vik, Norway, 129--141.Google Scholar
- Joshi, J., Bertino, E., Latif, U., and Ghafoor, A. 2005. A generalized temporal role-based access-control model. IEEE Transactions on Knowledge and Data Engineering 17, 1 (Jan.), 4--23. Google Scholar
Digital Library
- Kolaitis, P. and Vardi, M. 1998. Conjunctive-query containment and constraint satisfaction. In Proceedings of the 17th ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems (PODS'98). ACM Press, New York. 205--213. Google Scholar
Digital Library
- Kuhn, D. 1997. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In Proceedings of the 2nd ACM Workshop on Role-Based Access Control (RBAC'97). ACM Press, New York. 23--30. Google Scholar
Digital Library
- Li, N., Bizri, Z., and Tripunitara, M. 2004. On mutually-exclusive roles and separation of duty. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS'04). Washington D.C. 42--51. Google Scholar
Digital Library
- Matheus, A. 2005. Declaration and enforcement of fine grained access restrictions for a service-based geospatial data infrastructure. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05). ACM Press, New York. 21--28. Google Scholar
Digital Library
- Open GIS Consortium. 1999. Open GIS simple features specification for SQL. Revision 1.1.Google Scholar
- Open GIS Consortium. 2001. The open GIS abstract specification. topic 1: Feature geometry (ISO 19107 spatial schema). Version 5.Google Scholar
- Open GIS Consortium. 2003. Open GIS geography markup language (GML) implementation specification. Version 3.00.Google Scholar
- Purevjii, B., Magasa, T. A., Imai, S., and Kanamori, Y. 2004. An access control model for geographic data in an XML-based framework. In Proceedings of the 2nd International Workshop on Security In Information Systems (WOSIS'04). INSTICC Press, Porto, Portugal. 251--260.Google Scholar
- Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role-Based Access Control Models. IEEE Computer 29, 2, 38--47. Google Scholar
Digital Library
- Sandhu, R., Ferraiolo, D., and Kuhn, D. 2000. The NIST model for role-based access control: towards a unified standard. In Proceedings of the 5th ACM Workshop on Role-based Access Control (RBAC'00). ACM Press, New York. 47--63. Google Scholar
Digital Library
- Strembeck, M. 2004. Conflict checking of separation of duty constraints in RBAC - implementation experiences. In Proceedings of the Conference on Software Engineering (SE'04). Innsbruck, Austria. 224--229.Google Scholar
Index Terms
GEO-RBAC: A spatially aware RBAC
Recommendations
GEO-RBAC: a spatially aware RBAC
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologiesSecuring access to data in location-based services and mobile applications requires the definition of spatially aware access control systems. Even if some approaches have already been proposed either in the context of geographic database systems or ...
Modeling location attributes using XACML-RBAC model
MoMM '09: Proceedings of the 7th International Conference on Advances in Mobile Computing and MultimediaLocation-based access control (LBAC) takes the requester's location into account when deciding weather the requester should be granted access to the requested resource or not. Many models have been suggested to extend the Role-based access control (RBAC)...
Prox-RBAC: a proximity-based spatially aware RBAC
GIS '11: Proceedings of the 19th ACM SIGSPATIAL International Conference on Advances in Geographic Information SystemsAs mobile computing devices are becoming increasingly dominant in enterprise and government organizations, the need for fine-grained access control in these environments continues to grow. Specifically, advanced forms of access control can be deployed ...








Comments