Specification and analysis of access control policies for mobile applications

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2013-06-12 DOI:10.1145/2462410.2463206

Ramadan Abdunabi, I. Ray, R. France

{"title":"Specification and analysis of access control policies for mobile applications","authors":"Ramadan Abdunabi, I. Ray, R. France","doi":"10.1145/2462410.2463206","DOIUrl":null,"url":null,"abstract":"Mobile applications allow individuals on-the-move access to resources \"anytime, anywhere\" using hand-held mobile devices. We argue that for critical and sensitive resources this is often times not desirable -- a lost or stolen mobile device can be tampered with to view or alter sensitive information. We need authorization policies that take into account time of access and location of the user in addition to the credentials of the user. Towards this end, we propose a new spatio-temporal role-based access control model. It improves upon existing models by providing features that are useful for mobile applications. Thus, an application using our model can specify different types of spatio-temporal constraints. We discuss how such an application using our spatio-temporal access control model can be verified using the UPPAAL model checker. We also demonstrate how to reduce the state-space explosion problem that is inherent in model checkers.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"39 1","pages":"173-184"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2462410.2463206","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

Abstract

Mobile applications allow individuals on-the-move access to resources "anytime, anywhere" using hand-held mobile devices. We argue that for critical and sensitive resources this is often times not desirable -- a lost or stolen mobile device can be tampered with to view or alter sensitive information. We need authorization policies that take into account time of access and location of the user in addition to the credentials of the user. Towards this end, we propose a new spatio-temporal role-based access control model. It improves upon existing models by providing features that are useful for mobile applications. Thus, an application using our model can specify different types of spatio-temporal constraints. We discuss how such an application using our spatio-temporal access control model can be verified using the UPPAAL model checker. We also demonstrate how to reduce the state-space explosion problem that is inherent in model checkers.

查看原文本刊更多论文

移动应用访问控制策略的规范和分析

移动应用程序允许移动中的个人使用手持移动设备“随时随地”访问资源。我们认为，对于关键和敏感的资源，这通常是不可取的——丢失或被盗的移动设备可以被篡改以查看或更改敏感信息。除了用户的凭据之外，我们还需要考虑访问时间和用户位置的授权策略。为此，我们提出了一种新的基于时空角色的访问控制模型。它通过提供对移动应用程序有用的功能来改进现有模型。因此，使用我们模型的应用程序可以指定不同类型的时空约束。我们将讨论如何使用UPPAAL模型检查器验证使用我们的时空访问控制模型的应用程序。我们还演示了如何减少模型检查器中固有的状态空间爆炸问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies

自引率

0.00%

发文量