A Semantic Policy Framework for Context-Aware Access Control Applications

Due to the rapid advancement of communication technologies, the ability to support access control to resources in open and dynamic environments is crucial. On the one hand, users demand access to resources and services in an anywhere, anytime fashion. On the other hand, additional challenges arise when ensuring privacy and security requirements of the stakeholders in dynamically changing environments. Conventional Role-based Access Control (RBAC) systems evaluate access permissions depending on the identity/role of the users who are requesting access to resources. However, this approach does not incorporate dynamically changing context information which could have an impact on access decisions in open and dynamic environments. In such environments, an access control model with both dynamic associations of user-role and role-permission capabilities is needed. In order to achieve the above goal, this paper proposes a novel policy framework for context-aware access control (CAAC) applications that extends the RBAC model with dynamic attributes defined in an ontology. We introduce a formal language for specifying our framework including its basic elements, syntax and semantics. Our policy framework uses the relevant context information in order to enable user-role assignment, while using purpose-oriented situation information to enable role-permission assignment. We have developed a prototype to realize the framework and demonstrated the framework through a healthcare case study.