Location-Aware Access Control for Mobile Workflow Systems

Introduction

Mobile technologies subsume portable computers like notebooks, PDA, smartphones and wireless data transmission based on standards like GPRS, EDGE, WiFi or UMTS. Such technologies provide the potential for many hitherto unthinkable applications since they enable access to computer technology almost anywhere and anytime. However, the development of mobile information systems (MIS) entails some specific challenges such as limited accumulator lifetime, unreliable data transmission, small displays and limited means for data input. A further challenge considered as a very serious one by many experts are security-related issues (e.g., Ernest-Jones (2006)): Security concerns arise because due to their portability mobile computers often get lost or stolen so unauthorized people can gain access to confidential data or even services. Mobile computers are often used in environments like public and highly frequented places where unauthorized people could take a look over the user’s shoulder to learn about confidential data (so called “shoulder surfing” or “shoulder sniffing”). Also, since users consider mobile computers as personal device they often use their business devices (provided by their employer) also for private matters and are following the company’s security policy (e.g., prohibition to install software) to a lower degree than this would be the case for a stationary computer.

There are various approaches to tackle the specific security challenges that come along with mobile computing:

• •

  Wireless data communication can be encrypted to thwart eavesdropping and manipulation of transmitted data

• •

  Sensitive data can be stored in encrypted form on the mobile device

• •

  There are even devices that have a built-in finger print reader because prompting for passwords as means for authentication is not appropriate for all mobile scenarios.

And besides these preventive measures there are even some approaches that can be taken after a mobile device got lost:

• •

  The so called “kill pill” is an special command message which is sent to a mobile device to triggers the deletion of sensible data that might be stored on that device

• •

  The “Equipment Identity Register” (EIR) in GSM-networks is a database that stores a list of devices reported as stolen or lost so the network access can be denied for those devices.

In the paper at hand we focus on the employment of so called Access Control Models (ACM) as further preventive approach to tackle specific security problems of MIS. ACM are special models to formulate which users of an information system are allowed to perform particular operations (e.g., read, write, append, delete, execute) on particular resources under the protection of an information system (e.g., data objects, services). For example, an instance of such a model could state that user Alice is allowed to perform the operation “read” on the resource “address database”. Meanwhile there are ACM that were developed to express location-related access restrictions. Using such models policies like the following can be formulated: “An employee is only allowed to access a particular resource while staying at the premises of his company”. Beside location-aware ACM there are also ACM to express workflow-specific rules. However, as far as we know there are no ACM that are location-aware as well as process-aware. There are several mobile workflow systems but they don’t have a special ACM. Our work therefore concentrates on the development of an ACM that is able to express specific constraints for mobile workflow systems.

At the end of the paper we will also explain how ACM can address another mobile-specific problem, namely usability issues due to the constrained user interface for data output (tiny display of poor quality) and input (often no fully-fledged keyboard but just a few buttons, no pointer device like a “mouse”).