Skip to main content
SpringerLink
Log in

Role Based Access Control with Spatiotemporal Context for Mobile Applications

  • Chapter
Book cover Transactions on Computational Science IV

Part of the book series: Lecture Notes in Computer Science ((TCOMPUTATSCIE,volume 5430))

Abstract

Role based access control (RBAC) is an established paradigm in resource protection. However, with the proliferation of mobile computing, it is being frequently observed that the RBAC access decision is directly influenced by the spatiotemporal context of both the subjects and the objects in the system. Currently, there are only a few models (STRBAC, GSTRBAC) in place which specify spatiotemporal security policy on top of the classical RBAC. In this paper we propose a complete RBAC model in spatiotemporal domain based on the idea of spatiotemporal extent. The concept of spatiotemporal role extent and spatiotemporal permission extent introduced here enables our model to specify granular spatiotemporal access control policies not specifiable in the existing approaches. Our model is also powerful enough to incorporate classical role hierarchy and other useful RBAC policies including Role based Separation of Duty and Permission based Separation of Duty in spatiotemporal domain.

Healthcare is an area in which information security is of utmost importance. The risk of personal medical data leakage is especially high in mobile healthcare applications. As a proof of concept, we have implemented the proposed spatiotemporal access control method in a mobile telemedicine system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ahn, G., Sandhu, R.: Role-Based Authorization Constraints Specification. ACM Transactions on Information and System Security 3(4), 207–226 (2000)

    Article  Google Scholar 

  2. Aich, S., Sural, S., Majumdar, A.K.: STARBAC: Spatiotemporal Role Based Access Control. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part II. LNCS, vol. 4804, pp. 1567–1582. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  3. Atluri, V., Chun, S.A.: A Geotemporal Role-based Authorisation System. International Journal of Information and Computer Security 1(1/2), 143–168 (2007)

    Article  Google Scholar 

  4. Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An Access Control Model Supporting Periodicity Constraints and Temporal Reasoning. ACM Transactions on Database Systems 23(3), 231–285 (1998)

    Article  Google Scholar 

  5. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A Temporal Role-Based Access Control Model. ACM Transactions on Information and System Security 4(3), 191–223 (2001)

    Article  Google Scholar 

  6. Covington, M.V., Long, W., Srinivasan, S., Dey, A.K., Ahamad, M., Abowd, G.D.: Securing Context-aware Applications using Environment Roles. In: Proceedings of ACM Symposium on Access Control Models and Technologies, pp. 10–20 (2001)

    Google Scholar 

  7. Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: GEO-RBAC: A Spatially Aware RBAC. ACM Transactions on Information and System Security 10(1) Article 2, (February 2007)

    Google Scholar 

  8. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)

    Article  Google Scholar 

  9. Hansen, F., Oleshchuk, V.: Spatial Role-Based Access Control Model for Wireless Networks. In: Proceedings of IEEE Vehicular Technology Conference, pp. 2093–2097 (2003)

    Google Scholar 

  10. Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role based Access Control Model. IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005)

    Article  Google Scholar 

  11. Maji, A.K.: Vulnerability Analysis of a Multi-tier Architecture for Web-based Services with Application to Tele-healthcare, MS Thesis, IIT Kharagpur, India (2008)

    Google Scholar 

  12. McAlearney, A.S., Schweikhart, S.B., Medow, M.A.: Doctors’ Experience with Handheld Computers in Clinical Practice: Qualitative Study. British Medical Journal 328, 1–5 (2004)

    Article  Google Scholar 

  13. Ray, I., Kumar, M., Yu, L.: LRBAC: A Location-Aware Role-Based Access Control Model. In: Proceedings of International Conference on Information Systems Security, pp. 147–161 (2006)

    Google Scholar 

  14. Ray, I., Toahchoodee, M.: A Spatio-Temporal Role-Based Access Control Model. In: Proceedings of 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security (2007)

    Google Scholar 

  15. Samuel, A., Ghafoor, A., Bertino, E.: A Framework for Specification and Verification of Generalized Spatio-Temporal Role based Access Control Model, CERIAS Tech Report 2007-08, Purdue University, West Lafayette, IN 47907-2086.

    Google Scholar 

  16. Sandhu, R.: Role Activation Hierarchies. In: Proceedings of ACM Workshop on Role-Based Access, pp. 33–40 (1998)

    Google Scholar 

  17. Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  18. Schoen, C., Osborn, R., Huynh, P.T., Doty, M., Peugh, J., Zapert, K.: On the Front Lines of Care: Primary Care Doctors’ Office Systems, Experiences, and Views in Seven Countries. Health Affairs 25(3), 555–571 (2006)

    Article  Google Scholar 

  19. XML - http://www.w3c.org/XML/

Download references

Author information

Authors and Affiliations

  1. School of Information Technology, India

    Subhendu Aich, Samrat Mondal & Shamik Sural

  2. Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India

    Arun Kumar Majumdar

Authors
  1. Subhendu Aich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Samrat Mondal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shamik Sural
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Arun Kumar Majumdar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  3. University of Amazonas State - UEA Manaus, AM, Brazil

    Edward David Moreno

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Aich, S., Mondal, S., Sural, S., Majumdar, A.K. (2009). Role Based Access Control with Spatiotemporal Context for Mobile Applications. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science IV. Lecture Notes in Computer Science, vol 5430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01004-0_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01004-0_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01003-3

  • Online ISBN: 978-3-642-01004-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation