TY - GEN
T1 - Spatiotemporal access control enforcement under uncertain location estimates
AU - Shin, Heechang
AU - Atluri, Vijayalakshmi
PY - 2009
Y1 - 2009
N2 - In a mobile environment, user's physical location plays an important role in determining access to resources. However, because current moving object databases do not keep the exact location of the moving objects, but rather maintain their approximate location for reasons of minimizing the updates, the access request evaluation cannot always guarantee the intended access control policy requirements. This may be risky to the system's security, especially for the highly sensitive resources. In this paper, we introduce an authorization model that takes the uncertainty of location measures into consideration for specifying and evaluating access control policies. An access request is granted only if the confidence level of the location predicate exceeds the predefined uncertainty threshold level specified in the policy. However, this access request evaluation is computationally expensive as it requires to evaluate a location predicate condition and may also require evaluating the entire moving object database. For reducing the cost of evaluation, in this paper, we compute lower and upper bounds (R min and R max ) on the region that minimize the region to be evaluated thereby allowing unneeded moving objects to be discarded from evaluation. We show how R min and R max can be computed and maintained, and provide algorithms to process access requests.
AB - In a mobile environment, user's physical location plays an important role in determining access to resources. However, because current moving object databases do not keep the exact location of the moving objects, but rather maintain their approximate location for reasons of minimizing the updates, the access request evaluation cannot always guarantee the intended access control policy requirements. This may be risky to the system's security, especially for the highly sensitive resources. In this paper, we introduce an authorization model that takes the uncertainty of location measures into consideration for specifying and evaluating access control policies. An access request is granted only if the confidence level of the location predicate exceeds the predefined uncertainty threshold level specified in the policy. However, this access request evaluation is computationally expensive as it requires to evaluate a location predicate condition and may also require evaluating the entire moving object database. For reducing the cost of evaluation, in this paper, we compute lower and upper bounds (R min and R max ) on the region that minimize the region to be evaluated thereby allowing unneeded moving objects to be discarded from evaluation. We show how R min and R max can be computed and maintained, and provide algorithms to process access requests.
UR - http://www.scopus.com/inward/record.url?scp=70350786170&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70350786170&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-642-03007-9_11
DO - https://doi.org/10.1007/978-3-642-03007-9_11
M3 - Conference contribution
SN - 3642030068
SN - 9783642030062
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 159
EP - 174
BT - Data and Applications Security XXIII - 23rd Annual IFIP WG 11.3 Working Conference, Proceedings
T2 - 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
Y2 - 12 July 2009 through 15 July 2009
ER -