Abstract
Access control in the domain of information system security refers to the process of deciding whether a particular request made by a user to perform a particular operation on a particular object under the control of the system should be allowed or denied. For example, the access control component of a file server might have to decide whether user “Alice” is allowed to perform the operation “delete” on the object “document.txt”. For traditional access control this decision is based on the evaluation of the identity of the user and attributes of the object. The novel idea of location-aware access control is also to consider the user’s current location which is determined by a location system like GPS. The main purpose of this article is to present several approaches for the modeling of location-aware access control rules. We consider generic as well as application-specific access control models that can be found in literature.
TopBasics Of Conventional Access Control
Access Control (AC) is the process to determine if a given request made by a user should be allowed or denied (Samarati & di Vimercati, 2001). Such a user request is described by the triple [subject, object, operation]: the subject is the active entity (e.g., human user or computer program working on behalf of the user) that demands to perform the operation on the object (passive entity). The set of possible operations depends on the type of the object. For example, if the object is an electronic document then the set of possible operations might contain “read”, “write”, “delete” and “append”, while for a service as protected object the only eligible operation is “execute”. When LAAC is employed then the user’s current location is added as fourth element to be considered for the access control decision.
Key Terms in this Chapter
Subject: Active entity in an access control model, e.g., the user or a computer program (e.g., server process) working on behalf of a user. A subject can perform operations on an object. To obtain the identity of a subject it might be necessary to perform authentication, e.g., asking the user to enter a secret password.
Role-Based Access Control (RBAC): If this type of access control is applied then a user can only acquire permissions when he is assigned to a role. “Roles” in that sense represent job descriptions in organizations and are a collection of the necessary permissions a user requires to perform that job. A user can only acquire permissions when he is assigned to a role; it is not allowed to directly assign permissions to a user.
Object: Passive entity in an access control model, e.g., a resource, a file, a data object or a service. The requestor wants to perform a particular operation on an object. The type of the object defines which operations can be performed on a given object by a subject (e.g., “read” and “write” for files, “execute” for services).
Permission: A permission defines the set of operations a subject is allowed to perform on an object. An example would be a permission that allows to perform the operations “read” and “alter” (but not “delete”) on the database table (=object) “customer data”.
Location Spoofing: “Spoofing” in the domain of computer security means to fake one’s identity. In the context of LAAC “spoofing” means to manipulate a locating system. There are two basic cases: when an external spoofing attack is mounted then the adversary is not the possessor of the mobile device. In contrast to this an internal spoofing attack means that the possessor of the mobile device performs the attack.
Access Control Policy: A policy for access control is a high-level description in natural languages of the access control requirements of an organization or user of an information system. Examples are laws, best practices, requirements documents or orders. The policy is formalized by the Access Control Model.
Access Control (AC): Access Control is the function of an information system to decide if the request to access a resource under the control of the system should be granted or denied. The “reference monitor” is the conceptual component that is responsible for the enforcement of this decision: it intercepts each request made by a subject to the information system and forwards it only if the request is eligible according to the ACM.
Access Control Model (ACM): A special data model to express the configuration and state of an access control system. The access control model is a formalization of an access control policy and is enforced by technical measures. Some ACM can also be employed to perform consistency checks.