Skip to main content
SpringerLink
Log in

Spatial Domains for the Administration of Location-based Access Control Policies

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

In the last few years there has been an increasing interest for a novel category of access control models known as location-based or spatially-aware role-based access control (RBAC) models. Those models advance classical RBAC models in that they regulate the access to sensitive resources based on the position of mobile users. An issue that has not yet been investigated is how to administer spatially-aware access control policies. In this paper we introduce GEO-RBAC Admin, the administration model for the location-based GEO-RBAC model. We discuss the concepts underlying such administrative model and present a language for the specification of GEO-RBAC policies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: GEO-RBAC: a spatially Aware RBAC. ACM Trans. Inform. Syst. Secur. (TISSEC). 10(1), 2 (2007)

    Google Scholar 

  2. Kern, A., Schaad, A., Moffet, J.: An adminstration concept for the enterprise role-based access control model. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (2003)

  3. Bertino, E., Andrea Bonatti, P., Ferrari, E.: TRBAC: a temporal role-based access control model. ACM Trans. Inform. Syst. Secur. 4(3), 191–233 (2001)

    Article  Google Scholar 

  4. Covington, M.J., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: Proceedings of the 6th ACM symposium on Access Control Models and Technologies (SACMAT’01), pp. 10–20. ACM Press, Chantilly, Virginia, USA (2001)

  5. Hansen, F., Oleshchuk, V.: SRBAC: a spatial role-based access control model for mobile systems. In: Proceedings of the 7th Nordic Workshop on Secure IT Systems (NORDSEC’03), pp. 129–141. Gjøvik, Norway (2003)

  6. Fu, S., Xu, C.Z.; A coordinated spatio-temporal access control model for mobile computing in coalition environments. In: Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS’05)-Workshop17 (2005)

  7. Chandran, S.M., Joshi, J.B.D.: LoT RBAC: a location and time-based rbac model. In: Proceedings of the 6th International Conference on Web Information Systems Engineering (WISE’05), pp. 361–375. Springer-Verlag, New York, USA (2005)

  8. Kumar, M., Newman, R.: STRBAC – an approach towards spatio-temporal role-based access control. In: Communication, Network, and Information Security, pp. 150–155 (2006)

  9. Aich, S., Sural, S., Majumdar, A.K.: STARBAC: spatio temporal role based access control. In: OTM Conferences (2) 2007, pp. 1567–1582 (2007)

  10. Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. ACM Trans. Inform. Syst. Secur. 2(1), 105–135 (1999)

    Article  Google Scholar 

  11. Crampton, J., Loizou, G.: Administrative scope: a foundation for role-based administrative models. ACM Trans. Inform. Syst. Secur. 6(2), 201–231 (2003)

    Article  Google Scholar 

  12. Oh, S., Sandhu, R., Zhang, X.: An effective role administration model using organization structure. ACM Trans. Inform. Syst. Secur. 9(2), 113–137 (2006)

    Article  Google Scholar 

  13. Li, N., Mao, Z.: Administration in role-based access control. In: ASIACCS ’07: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 127–138. ACM Press, New York, NY, USA (2007)

  14. Bhatti, R., Joshi, J.B.D., Bertino, E., Ghafoor, A.: X-GTRBAC Admin: a decentralized administration model for enterprise-wide access control. ACM Trans. Inform. Syst. Secur. 4, 388–423 (2005).

    Google Scholar 

  15. Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Trans. Inform. Syst. 17(2), 101–140 (1999)

    Article  Google Scholar 

  16. Griffiths, P.P., Wade, B.W.: An authorization mechanism for a relational database system. ACM Trans. Database Syst. 1(3), 242–255 (1976)

    Article  Google Scholar 

Download references

Acknowledgements

This work has been partially funded by the European Commission in the context of the project Geographic Privacy-aware Knowledge Discovery and Delivery (GeoPKDD); IST-6FP-014915; web site: http://www.geopkdd.eu.

Author information

Authors and Affiliations

  1. Dipartimento di Informatica e Comunicazione, University of Milan, Via Comelico 39, 20135, Milan, Italy

    Maria Luisa Damiani & Claudio Silvestri

  2. Department of Computer Science, Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Authors
  1. Maria Luisa Damiani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elisa Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Claudio Silvestri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maria Luisa Damiani.

Appendix: The Operations in GEO-RBAC Admin

Appendix: The Operations in GEO-RBAC Admin

In this section we report the set of administrative commands along with their semantics. Administrative commands are presented in three distinct tables: Table 10 contains the administrative functions for the management of regular roles and regular role-permission assignment; Table 11 contains the administrative functions for the management of administrative roles and administrative role-permission assignment; Table 12 contains both the administrative commands for the management of users and user-role assignment, and the Review Functions.

Table 10 Operations for regular role and regular role-permission management
Full size table
Table 11 Operations for domain, admin role and admin role-permission management
Full size table
Table 12 Operations for user and user-role management and review functions
Full size table

1.1 Conventions and Tables of Administrative Commands

Preliminarily we recall and extend the notation presented in Sect. 4.4

  • C d is the current domain in which the operation is invoked: the current domain is known because we assume it is specified by the user at login time. C r is the admin role of the initiator of the administrative operation. We assume that whenever an admin operation is invoked the system first checks whether the initiator has an admin role in the current domain.

  • SubD(r,d) returns the set of sub-domains of d created by admin role r where sub-domains are specified by their name;

  • d_Prms(r,d) returns the set of application and system permissions assigned to admin role r in domain d: this set is comprehensive of the permissions assigned to both the schema of r and directly to r; function Sk(r) returns the schema of role r.

  • TypeOf returns the type of a spatial feature; Contains(a,b) is a spatial predicate that is True if the extent of feature b is contained in the extent of feature a.

  • The following functions are defined over the Admin Hierarchy AH: ChildrenT(r,d) and DescendantT(r,d) return, respectively, the set of children and the descendants of [r,d] in AH; AddChildT(d,r,d′,r′) creates a new node [d′,r′] as child of node [d,r]; UpdateChildT(d,r,d′,r′) updates the role field of the child of node [r,d ] having domain d′ with value r′; DeleteChildrenT(d,r,d′) deletes the nodes [d′−], which are children of [d,r] in AH.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Damiani, M.L., Bertino, E. & Silvestri, C. Spatial Domains for the Administration of Location-based Access Control Policies. J Netw Syst Manage 16, 277–302 (2008). https://doi.org/10.1007/s10922-008-9106-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-008-9106-0

Keywords

Search

Navigation