Title: LBAC SCENARIOS CLASSIFICATION AND MODELING
1LBAC SCENARIOS CLASSIFICATION AND MODELING
- By Alvaro Escobar
- January 13th, 2005
2Overview
- Scenarios
- Initial Classifications
- More Scenarios Classifications
- UML Models
- Future Plan
3Scenarios
- People Location System (Carnegie Mellon
University).
4Scenarios
- People Location System (Carnegie Mellon
University).
- Location Policies
- Granularity
- Locations
- Time intervals
- policy maker can vary
- Object interested in protecting his/her location.
- Institution or group administrator to where the
Object belongs. - Delegation of Trust.
5Scenarios
- Pervasive Access Control (PAC) System (MIT)
6Scenarios
- Pervasive Access Control (PAC) System (MIT)
- Location Policies
- constrained by grouping together beacons into
location groups - Subject belongs to a location group as long as he
can listen to one of the beacons in that group. - LID Authority is the policy maker (mappings
between location groups and beacons). - Trust issues not addressed.
7Overview
- Scenarios
- Initial Classifications
- More Scenarios Classifications
- UML Models
- Future Plan
8Initial Classifications
- Access to peoples location (Type 1).
- Authentication token is something
- you know
- you have
- you are.
- Privacy enforced thru Policies.
- Use location to access resources (Type 2).
- Authentication token is location itself.
- Privacy enforced automatically.
9UML Models
UML Model for LBAC Type 1 v.1.0
10UML Models
UML Model for LBAC Type 1 v.2.0
Subject
Object
Access Right
Location information
Fig. 1. UML model of access to an objects
location information
11UML Models
UML Model for LBAC Type 1 v.3.0
queries
registers
Subject
Object
Locator
GRANTED If O.Location is within AR.Location
Access Right
Location
Location
Fig. 1. UML model of access to an objects
location information
12UML Models
UML Model for LBAC Type 2 v.1.0
13UML Models
UML Model for LBAC Type 2 v.2.0
14UML Models
UML Model for LBAC Type 2 v.3.0
queries
registers
Subject
Object
Locator
GRANTED If S.Location is within AR.Location
Access Right
Location
Location
Fig. 1. UML model where subjects location is
used to get access to the objects resource or
data
15Overview
- Scenarios
- Initial Classifications
- More Scenarios Classifications
- UML Models
- Future Plan
16More Scenarios
- Type 1
- A box or container holding merchandise in a
warehouse or dock needs to be found by a robot or
someone in charge of handling it. - A person, who is recently involved in an
accident, needs help. Rescuers and paramedics
need to know the persons geographic location to
rescue and/or possibly give first aid. - The Sales Director needs to geographically locate
his/her salesman team, during working hours. - An absent-minded person needs to find the exact
location of his/her car in a big parking lot, yet
wants to keep his anonymity.
17More Scenarios
- Type 2
- An employee can only login to a server from her
office computer the subjects location is
determined by the IP address assigned to her
computer. - A museum website allows access to the tour guide
application only to visitors inside the building
Mac04. - A visitor is allowed access only to the directory
of offices on the same floor he is in. - SunPass customer is allowed to enter/exit highway
when passing by gate entrance/exit.
18More Scenarios
- Type 3
- A doctors proximity to a patient in a hospital
room (and to a computer monitor) determines the
doctors access to the patients medical records. - A visitors proximity to a painting in a museum
determines the visitors access to narration or
description of that piece, using a rented device
Van02. - A guards proximity to a door determines his
access to the secure room behind the door. - A persons proximity to a street intersection
determines his access to a listing of attractions
and restaurants in the area. - A firemans proximity to a building determines
his access to a list of occupants, and/or
hazardous chemicals in the building
19UML Models
UML Model for LBAC Type 3 v.1.0
20UML Models
UML Model for LBAC Type 3 v.2.0
queries
registers
Locator
Subject
Object
GRANTED If S.Location - O.Location lt
AR.Proximity
Location
Location
Access Right
Proximity
Fig. 2. UML model of access based on subjects
proximity to object.
21More Scenarios
- Type 4
- A person is sentenced to confinement within a
house or prison. The police needs to know when
this person leaves the premises. - An employee cannot leave the company premises
with his location device on. The security office
needs to know when the employee leaves the
premises with his location device on.
22UML Models
UML Model for LBAC Type 4 v.1.0
23UML Models
UML Model for LBAC Type 4 v.2.0
informs
updates
Locator
Subject
Object
GRANTED If O.Location not within AR.Location
Location
Access Right
Location
Fig. 6. UML model of access triggered by an
object outside a prescribed location.
24More Scenarios
- Type 5
- A doctors proximity to a patient in the
hospital, and to a computer monitor, determines
the doctors access to the patients medical
records. However, in this scenario, the doctor
must also be wearing an authenticating badge to
gain access. The badge may detect its proximity
to the doctor (and vouch for her identity)
through biometric sensing. - If we remove the not condition, we can model a
scenario where spatial information is used to
give transit police access to information about
geographic assets and liabilities in an area of
interest. Che04. - A device that is attached to a car can talk to
other devices that are attached to that same car. - A doctor can only access a cabinet with
controlled substances when the doctor is wearing
an access-granting device, and is in close
proximity to the cabinet. This is a most
realistic of the doctor scenarios since only the
device being worn needs to detect and
authenticate the proximity of the doctor.
25UML Models
UML Model for LBAC Type 5 v.1.0
Fig. 9. UML model of access based on mutual
proximity to a third entity.
26UML Models
UML Model for LBAC Type 5 v.2.0
Locator
Subject
Object
queries
registers
GRANTED If S.Location - O.Location lt
AR.Proximity f(E.Location)
Location
Location
Access Right
Proximity
Entity
Location
Fig. 9. UML model of access based on mutual
proximity to a third entity.
27Overview
- Scenarios
- Initial Classifications
- More Scenarios
- More Classifications
- UML Models
- Future Plan
28 Future Plan
- Access Control Policy specification.
29References
- Amm92 P. E. Amman, R. S. Sandhu Implementing
Transaction Control Expressions by Checking for
Absence of Access Rights, in proceedings of
IEEE Annual Computer Security Applications
Conference (ACSAC), St. Anthony's Hotel, San
Antonio, Texas, 1992. - Boo98 G. Booch, J. Rumbaugh, I. Jacobson The
Unified Modeling Language User Guide,
Addison-Wesley Pub Co 1st edition (September 30,
1998). - Che04 A. Chen, Location, location, location,
E-week Magazine, e-Week Labs, Ziff Davis, July
12, 2004, Pages 55-56 - Des02 N. Deshpande, G. Borriello,
Location-Aware Computing Creating Innovative
Applications and Services, INTEL Developer
UPDATE Magazine, December 2002. Pages 1-6. - DeC03 S. DeCapitani di Vimercati, S.
Paraboschi, P. Samarati Access
control principles and solutions, ACM
SoftwarePractice Experience, John Wiley
Sons, 33 (5)397-421, April 2003. - Fer95 D.F. Ferraiolo, J. Cugini, Role Based
Access Control Features and Motivations,
Computer Security Applications Conference (1995). - Gor04 A. Gorlach, A, Heinemann, and
W.W.Terpstra, "Survey on location privacy in
pervasive computing", Procs. 1st Workshop on Sec.
and Privacy at the Conf. on Pervasive Computing
(SPPC), Vienna, April 2004. http//www.ito.tu-darm
stadt.de/publs/index_en_html
30References
- Hen04 U. Hengartner, P. Steenkiste.
Implementing Access Control to People Location
Information, ACM Symposium on Access Control
Models and Technologies (SACMAT04) IBM Thomas J
Watson Research Center, Yorktown Heights, USA.
June 2-4, 2004. - Cor04 A. Corradi, R. Montanari, D. Tibaldi,
Context-Based Access Control Management in
Ubiquitous Environments, Network Computing and
Applications, Third IEEE International Symposium
on (NCA'04) , August 30 - September 01, 2004,
Boston, MA. - Hau02 C. Hauser, Privacy and Security in
Location-Based Systems with Spatial Models,
Pioneering Advanced Mobile Privacy and Security,
PAMPAS '02 - Royal Holloway, University of
London September 16/17, 2002 - LaP73 L. J. LaPadula, D. E. Bell, Secure
Computer Systems Mathematical Foundations and
Model, The MITRE Corp. (1973). - Leo98 U. Leonhardt and J. Magee, "Security
considerations for a distributed location
service", Journal of Network and Systems
Management, vol. 6, No 1, 1998, 51-70.
31References
- Mam03 M. Mamei, F. Zambonelli, V. Allegri, R.
Emilia, Location-based and Content-based
Information Access in Mobile Peer-to-Peer
Computing the TOTA Approach, Third
International Workshop on Agents and Peer-to-Peer
Computing, (AP2PC 2004), New York City, USA. July
19-20, 2004, Columbia University. - Mac04 N. Machalakis, Location Aware Access
Control for Pervasive Computing, MIT, Cambridge
MA, February 2003 - Ruz76 M. H. Harrison, W. L. Ruzzo, Protection
in Operating Systems, Communications of the ACM
(August, 1976), 19(8). - San96 R. Sandhu, E. Coyne, H. Feinstein, C.
Youman "Role-Based Access Control models", IEEE
Computer , 29(2)38-47, February 1996. - Sas03 N. Sastry, U. Shankar, D. Wagner, "Secure
verification of location claims", in proceedings
of the 2003 ACM workshop on Wireless security
WiSE03, San Diego, CA. September 19, 2003. - San94 R. Sandhu, P. Samarati, Access Control
Principles and Practice, IEEE Communications
Magazine (1994, 40-48).