Data security in location-aware applications: an approach based on RBAC

Get BibTex-formatted data

Author

Elisa Bertino, M.L. Damiani, P. Perlasca

Entry type

article

Abstract

Data security in a mobile context is a critical issue. Over the last few years a new category of location-based services, the Enterprise LBS (ELBS), has emerged focusing on the demands of mobility in organisations. These applications pose challenging requirements, including the need of selective access to ELBS based on the position of mobile users and spatially bounded organisational roles. To deal with these requirements a novel access control system, named GEO-RBAC, has been developed. GEO-RBAC extends the NIST RBAC (Role-Based Access Control) standard with the notions of spatial role, role-dependent position, role schema and role instance. Further, roles become enabled/disabled based on the position of the user. In the paper we present GEO-RBAC, a full-fledged RBAC-based model, consisting, like RBAC, of three distinct components: the Core GEO-RBAC, the Hierarchical GEO-RBAC and the Constrained GEO-RBAC. The paper focuses on the innovative aspects that have been introduced in the model to account for the spatial dimension. Further, a rigorous specification of the model (reference model) is presented.

Date

2004

URL

http://inderscience.metapress. ... icationresults,1:120485,1

Journal

International Journal of Information and Computer Security

Key alpha

Bertino

Pages

5-38

Volume

Affiliation

Purdue University

Publication Date

2004-00-00

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Bertino,
	title = "Data security in location-aware applications: an approach based on RBAC",
	author = "Elisa Bertino, M.L. Damiani, P. Perlasca",
	year = "2004",
	journal = "International Journal of Information and Computer Security",
	pages = "5-38",
	volume = "1",
	abstract = "Data security in a mobile context is a critical issue. Over the last few years a new category of location-based services, the Enterprise LBS (ELBS), has emerged focusing on the demands of mobility in organisations. These applications pose challenging requirements, including the need of selective access to ELBS based on the position of mobile users and spatially bounded organisational roles. To deal with these requirements a novel access control system, named GEO-RBAC, has been developed. GEO-RBAC extends the NIST RBAC (Role-Based Access Control) standard with the notions of spatial role, role-dependent position, role schema and role instance. Further, roles become enabled/disabled based on the position of the user. In the paper we present GEO-RBAC, a full-fledged RBAC-based model, consisting, like RBAC, of three distinct components: the Core GEO-RBAC, the Hierarchical GEO-RBAC and the Constrained GEO-RBAC. The paper focuses on the innovative aspects that have been introduced in the model to account for the spatial dimension. Further, a rigorous specification of the model (reference model) is presented.",
	affiliation = "Purdue University",
	url = "http://inderscience.metapress.com/app/home/contribution.asp?referrer=parent&backto=issue,1,9;journal,4,4;linkingpublicationresults,1:120485,1",
}