Swinburne
Browse
- No file added yet -

A Semantic Policy Framework for Context-Aware Access Control Applications

Download (401.16 kB)
conference contribution
posted on 2024-07-26, 14:02 authored by A. S. M. Kayes, Jun HanJun Han, Alan Colman
Due to the rapid advancement of communication technologies, the ability to support access control to resources in open and dynamic environments is crucial. On the one hand, users demand access to resources and services in an anywhere, anytime fashion. On the other hand, additional challenges arise when ensuring privacy and security requirements of the stakeholders in dynamically changing environments. Conventional Role-based Access Control (RBAC) systems evaluate access permissions depending on the identity/role of the users who are requesting access to resources. However, this approach does not incorporate dynamically changing context information which could have an impact on access decisions in open and dynamic environments. In such environments, an access control model with both dynamic associations of user-role and role-permission capabilities is needed. In order to achieve the above goal, this paper proposes a novel policy framework for context-aware access control (CAAC) applications that extends the RBAC model with dynamic attributes defined in an ontology. We introduce a formal language for specifying our framework including its basic elements, syntax and semantics. Our policy framework uses the relevant context information in order to enable user-role assignment, while using purpose-oriented situation information to enable role-permission assignment. We have developed a prototype to realize the framework and demonstrated the framework through a healthcare case study.

Funding

Qatar National Research Fund

History

Available versions

PDF (Accepted manuscript)

ISBN

9780769550220

Journal title

Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013

Conference name

12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013

Location

Melbourne, VIC,

Start date

2013-07-16

End date

2013-07-18

Pagination

9 pp

Publisher

IEEE

Copyright statement

Copyright © 2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Language

eng

Usage metrics

    Publications

    Keywords

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC