Upload
kenneth-wiggins
View
212
Download
0
Embed Size (px)
Citation preview
1
Context-base Access Management in Ubiquitous Environment
윤혜진
2007-08-10
2
Cotnents Access Control Issues in Ubiquitous Environments
UbiCOSM Security FrameworkSecurity ModelAccess Control Middleware
Case Study: Mobile Office Application
Conclusions and Future Work
3
introduction
Wireless network connectivity and portable devicesanywhere and at anytime access from variousaccess devices
Novel access control challenges:Paradigm shift from subject-centricto context-centric access control
Un-informative identity or not trustworthy Traditional identity-based access control models are inadequate for Ubiquitous Environments Static characterization of context
4
UbiCOSM Security Framework
UbiCOSM(Ubiquitous Context-based Security Middleware)
Permissions are directly associated with contextsContext=grouping mechanism for applicable permissions
Goal: Immediate Controlled visibility of accessible resources and of other mobile users locally executing
5
UbiCOSM Context Model
context
Physical Context Logical Context
Resource
<security:context rdf:about=“http://lia.deis.unibo.it/XXX/security#context#> <security:context_Name>Tourist</security:context_Name> <security:context_Type>Logical</security:context_Type> <security:context_Activation_Condition>MonitoringSystem.GetVisitNumber.IsLess(N) </security:context_Activation_Condition></security:context>
<security:resource rdf:about=“http://lia.deis.unibo.it/XXX/security#resource#> <security:resource_Name rdf:resource=“Spiderman Movie”/> <security:resource_Description>ResourceManager.GetInfo(Spiderman Movie) </security:resource_Description></security:resource>
<security:context rdf:about=“http://lia.deis.unibo.it/XXX/security#context#> <security:context_Name>Cinema</security:context_Name> <security:context_Type>Physical</security:context_Type> <security:context_Activation_Condition>GeoCoordinate.IsEqual(Area.GetInfo) </security:context_Activation_Condition></security:context>
6
Metadata
Profiles Access Control Policies
System Control Policies Security Waves
a <?xml version=“1.0”?><Description about=“User Profiles”> <Description about=“User Properties”> ….. </Description> <Description about=“User Desired View”> <objects> <object1>nearby cinemas</object1> <object2>Spiderman movie</object2> <objects> <actions> <action1 on=“object1”>find vacant seats</action1> </actions> <active_context> <time>always</time> <my position>anywhere</my position> <position on=“object1”>within 3 km</position> </active_context> </Description></Desription>
b
UbiCOSM Security Model
7
<security:permission rdf:about=“http://lia.deis.unibo.it/XXX/security#permission”> <security:Name>p1</security:Name> <security:Target rdf:resource=“Horror Movie”/> <security:Action>see</security:Action> <security:Kind>pos</security:Kind></security:permission>
a
bAdult P1 <Simple(Adult,P1)
Waiting RoomP2
Cinema Hall
P3
P4
Tourist
<Or(Waiting Room, Cinema, Hall), P2>
<And(Tourist, Waiting Room), P3>
<Dependence(Tourist, Tour Guide), P4>
Waiting Room
Tourist
Tour Guide
Access Control Policy
Specific context conditions specific permissions
<association_Name(cotnext_collection), permissions>
8
UbiCOSM architecture
9
And(hasSeat(N), desireMovie(movieName)
Simple(isNotFull)
And(FarFromCinema, InQueue)
And(friend, relative)
<security:permission rdf:about=“http://lia.deis.unibo.it/XXX/security#permission”> <security:Name>p2</security:Name> <security:Target rdf:resource=“CMAService”/> <security:Action>find_a_cinema</security:Action> <security:Kind>pos</security:Kind></security:permission>
<security:permission rdf:about=“http://lia.deis.unibo.it/XXX/security#permission”> <security:Name>p3</security:Name> <security:Target rdf:resource=“OpinionManager”/> <security:Action>insert_an_opinion(myOpinion)</security:Action> <security:Kind>pos</security:Kind></security:permission>
<security:permission rdf:about=“http://lia.deis.unibo.it/XXX/security#permission”> <security:Name>p4</security:Name> <security:Target rdf:resource=“Ticket Booking Service”/> <security:Action>book_Ticket(N)</security:Action> <security:Kind>neg</security:Kind></security:permission>
<security:permission rdf:about=“http://lia.deis.unibo.it/XXX/security#permission”> <security:Name>p1</security:Name> <security:Target rdf:resource=“OpinionManager”/> <security:Action>retrieve_opinion</security:Action> <security:Kind>pos</security:Kind></security:permission>
a
b
c
d