A Context-Based and Associated Access Control model in Pervasive ComputingEnvironment

Ying Li, Weiqin Tong, Xiaoli ZhiSchool ofComputer Engineering and Science, Shanghai University, Shanghai, China

bxyzly@] 63. comr, wqtong@mail. shu. edu. cn

Abstract

In this paper, the features of access control inpervasive computing environment are summarized andthe limitations ofprevious models are discussed. Then,a context- based and associated access control model isproposed, which integrates the principles of TBAC andRBAC and uses the environment context as a factor to

reason role assigning and authority granting. Theproposed model shows effectiveness in simplifying theprocedures of access control and ensuring security. Italso improves the flexibility and intelligence of access

control, and those are the prerequisite of thetransparency service. The structure of the proposedmodel and related definitions are described in thispaper. Finally the design and implementation of theprototype system based on the model are also put

forward.

Keywords: Pervasive Computing, Context, AccessControl, CAAC Model.

1. Introduction

Pervasive computing environment is seamlessintegration of information space and physical space. Itaims at transparently providing digital information andservice at any time and in any place, therefore it makesa new challenge and requirement to the conventionalsecurity mechanism. They are itemized in the followingwords [8][9].

Transparency: In Pervasive computingenvironment, the transparency in access control means

that distracts user's attention as less as possible.Furthermore the access control model should be muchmore intelligent than previous models.

Multilevel: Pervasive computing integrates many

perceptive infrastructures and embedded equipments,and any security mechanism could not fulfill therequirement independently. A security mechanismshould dynamically provide multilevel security serviceaccording to the user's information, the environment

context and the operation state of system in pervasivecomputing environment.

Scalability: The equipments involved in pervasivecomputing environment have great variety. It requiresthat the corresponding access control is able to supportlarge number of users with different roles and differentauthorities in various backgrounds.

Flexibility and customizability: The access controlin pervasive computing environment should be flexible,adaptable and customizable, and it should be able tooperate well in the extreme and limited resources

situation. Furthermore, it could self-develop andprovide additional functions when more resources are

available. The tools of definition and managementmechanism should be able to dynamically self-adapt toenvironment.

According to previous analysis, the models of access

control existing are not able to provide those qualitiesin the pervasive computing environment. Thetraditional models such as Discretionary Access Control(DAC) and Mandatory Access Control (MAC), whichgrant or deprive the authority of user directly, have thedifficulty in service matching, granting and managinguser authority under the situation of existing hugenumber of user or complicated relationship of users.

The RBAC proposed later suffers from the lowefficiency and inferior dynamic adaptability, and themodels of access control mentioned immediately beforeare static or static-situation-based and try to protect theresources from the point of system. They manage theuser's authority without considering the environmentcontext [4].

In TBAC, the access control of object varies withenvironment context, so the user's authority is time-dependent. To improve the security and flexibility ofaccess control, various associated access control modelswere proposed, in which the combination of RBAC andTBAC is most commonly employed [1] [2] [3]. However,many environment context such as computing context,user context, physical context and time context are notfully considered in these associated models. To addressthis issue, a context-based associated access controlmodel is proposed in this paper.

Having given an initial introduction and motivationof our work, the rest of this paper is arranged as

following. The definition and structure of the proposed

1-4244-0971-3/07/$25.00 ©)2007 IEEE.

model are described in detail in section 2; the section 3introduces the design and realization of prototype basedon the model; the conclusion is made and further studyis pointed out in the last section of paper.

2. The Context-Based and AssociatedAccess Control (CAAC) Model

2.1 The Structure of the CAAC model

The pervasive computing environment can providevarious services, which include the customized servicesand the composition services. For enjoying the serviceswell and providing a convenient and flexible accesscontrol, the CAAC model is put forward, which notonly combines the merits of the RBAC and the TBACmodel but also uses the environment context as animportant basis for assigning role and dynamicauthorization. Figurel is the structure of the CAACmodel.

AR.M A

U,nit

Logou t In i

A Task ALtrha)rlit y

Figurel. The structure of the CAAC model

Before obtaining the service, the trust authenticationis necessary. This paper divides the trust authenticationlogic into two parts, one is static and the other isdynamic [5]. The CAAC model realizes the static trustlogic by using the principle of RBAC, which mainlyrefers to establish the initial static trust according to theinherent information of users. For example, users can

be assigned suitable roles automatically and gain thecustomized services through the CAAC modelreasoning the environment context, which includes theusers' identity context-users' position context, users'sound context and son.-Any one of the environmentcontexts has been changed, and the roles assigned tousers also change without the users' attention. Soaccess control process of the CAAC model realizes itstransparency and multilevel in pervasive computingenvironment. For there are so abundant workflows andcomposition services, the CAAC model implements thedynamic trust authentication logic by using theprinciple of TBAC inevitably and the environment

context's inference. In order to meet the securityexpectations in pervasive environment, the definition ofthe CAAC model plays an important role.

2.2 The Definition of the Model

As shown in figure 1, the CAAC model mainlyconsists of User, Role, Authorization Unit (AU),Pervasive Service (PS), and Smart Space (SS). Themain relations are Pervasive Computing Service (PA),User Role Assignment (UA), User Space Assignment(US), Space Role Assignment (SA), and PervasiveComputing Service Proving (PP) etc [6][7].

The follows are the detailed narration.(1) PS. It is the protected resources and the objects

that can be accessed in pervasive computingenvironment. Pervasive Service Set can be defined asPss={<Pss Id, Pss_name, Pss_type, Pss info >}, thefirst three items refer to Resources' identities, namesand types respectively, which belong to staticinformation's description. The last variable is"Pss_info" and it is the instantaneous and dynamicdescription at the time of accessing PS by users or task.

(2) AU. It consists of a set of authorization step. It isan instance of the service flow in controlling thevarious smart equipments. Authorization Unit set canbe denoted as AU={C(as)... 3.

(3) Service Flow. It is a logic cell and composed ofa set of services, it is interrelated to many users and itmaybe includes several sub-service flows, it also is theimportant embodiment of the reality of the dynamictrust logic in pervasive computing environment.

(4) Authorization Step. It expresses an originalauthorization step and a transacting process of certainobject in some workflows. It consists of trustee set andpermission set. The state of the authorization step isself-management or varies with the dynamicenvironment context.

(5) Permissions Set. It refers to the accessingpermission when a member in role set is granted theauthorization step. After initializing the authorizationstep, the member should be granted the authorizationstep. The member is named the implementing consignorof the authorization step, and the set of the permissionsof consignor's implementing the authorization step isthe Permission Set.

(6) Role. It is different from the role in RBAC aswell as it is the unit and carrier of the authorizationassignment, and it should realize the multilevelauthorization. Role set can be defined asR= rl,r2,. ..,ri}.

(7) Rules Set. It is the foundation of assigningauthority. For the authorization's adaptable feature, theenvironment context is also used for CAAC model'sinference based on the rules.

(8) Dependency. It is the relationship between theauthorization step and the authorization unit.

k

IIPr

pace

(9) UA. It realizes the mapping relationship betweenUser and Role.

(10) PP. It is the static mapping relationshipbetween Service and Role.

(11) SS. It is independent composing cell ofpervasive computing environment, and the uniformauthority mode is adopted in every SS. The P2Prelationship is abided in the various SS for achievingthe adaptable trust authorization in pervasive computingenvironment.

(12) User. It is a person of the authority of access PS.User set USER can be defined as USER={ul,u2,. . ,um}.

(13) AS. It is the set of authorization step andcorresponds to PS one by one. It can be defined asAS={asl,as2, ... ,asn}.(14) US. It is the one-to-many mapping relation and itcan be defined as US ci U X S. The others are all many-to-many mapping relation, such as AEM, APM, UA,PA and SA. They can be defined as follows:ARM c RX AU;APM c PS X AU;UA czUXR;A c PS X R;AcS X R.

3. The Security System Based on the CAACModel and the Application

3.1 System Architecture

To address the issues in traditional access controlmodel, the CAAC model is proposed. The frameworkof the system is shown in figure 2.

Figure 2. The framework of the system

The functions of the modules in the system are

depicted as follows [ 10] [11 ] .

CAAC module: it is the kernel of the system, and itis includes the static RBAC administration and thedynamic TBAC access control based on the

environment context. Through the Inference Engine, itreturns the result to USER and the Task Trigger agent.

Context Knowledge database: the contextinformation and knowledge are stored in the contextknowledge database and the database also involves theauthorization rules and the context history.

Authorization Administration module: it isresponsible for managing Users, Role, Task, andAuthority, and the mapping relationship between themis also included in this model.

3.2 The Work Flow of the System

The following work flow illustrates the operations ofthe system very clear. The work flow can be dividedinto two parts, one is the static access control processand the other is the dynamic process. Firstly, theadministrator establishes the mapping relationshipbetween User and Role, Role and Task, Task andAuthority in context knowledge database throughAuthorization Administration module. Then, in thestatic access control process, the request of User'saccess to PS and relevant environment context will besent to CAAC module. Through Inference Engine, theCAAC module assigns a suitable Role to User. WhenUser changes the position in SS, the Role is alsoagrarianized according to the environment contextautomatically without User's attention. The dynamicaccess control is similar to the static process, only theAuthorization has the time-character. The time-character means that the Authorization is not invariableand varies with the change of the environment contextof the task. When the task finishes, the Authorizationwill be cancelled by CAAC module.

3.3 Application of the System

In the part, this paper describes how to realize themodule of the user management in the system.

(1) The description structure of the ContextComing from the smart equipment, the context

information is sealed into the following messagestructure. This message structure is described in the xmllanguage, and it includes the static information and thedynamic information. The static information includesUserID and ManagedLevels. The dynamic informationincludes address, time and so on.<Resource><! --static information--><UserElement><UserID></UserID><ManagedLevels></ManagedLevels></UserElement><! -dynamic information--><AddressElement><IP></IP>< /AddressElement >

<TimeElement><Time></Time>< / TimeElement ></Resource>

(2) The realization of the user management moduleThe context from the smart equipment is sealed into

the above message structure. This context is transferredto the CAAC module. The CAAC module will get theright authority of the user by processing this contextinfornation. Figure 3 is the class diagram of the CAACmodule to realize this process.

. ICAAsSFroe ess or C<<Sta te ess..Se.ssi on,B n>tfrom =no ~~~~~CAAC:M.,i.

1-1dd U.|t>o- dp t Li,k at o t :i f

+he ekP WDS i ',>R q)E gle t,pd-teUser -)eeh. kL. i ()

ld1 teU5,

cr()firh.ekI PA ddr ()'.1 t. U. c~h kL.cka dDi ..blSSJg t. U. 5P D

-- 0rdOx

~tAllRU. h k ertddR.1 dtR. h S|rHgh U

,J>rolInf oLib :Hs h teLbl -<ddU5e Uf

M^hEeIPAdd.r () BtU-sNC1 os,dRo1 eIf Uo <>f dByU5e-Ng meC

;>EeRoleRi ghtInfo Uf s =>iLlkU5e- UfE t Ace 0f 1R.o 1 U

E;tAclol5!.. ---ecrd oin-E.1(

(9EL&Rlf reodLogiT imAndIP ()<>Role~~~~~~~~~~~~~~~~~> .fBdltUse N'

-getPWDlf

y

>R o15,)i"I-, -1 . 1-iA 1:E, I~~~~~~ <dle teRol e.I

Figure 3. The class diagram

(3) The management of the Context Knowledgemodule

The user's authority information, for instance the roleconstitution, user's information, user's ownership and soon, is stored into the Context Knowledge database. Bythe management interface, we can add this informationinto the Context Knowledge database, modify thisinformation of the Context Knowledge database anddelete this information from the Context Knowledgedatabase. Figure 4 is a running manage interface.

Current user, admin, Server address 127 001

4. Conclusion

For meet the requests of the access control inpervasive computing environment, the CAAC model isproposed. The model combines the merits of the RBACand the TBAC model and uses the environment contextas an important basis for assigning role and dynamicauthorization. Based on the CAAC model, a securitysystem is also developed. At last, the reality of themodule of the user management in the system isnarrated in details. Our future effort will be devoted toenhance the function of the CAAC model and improvethe quality of the inference engine.

References

[1] Jianxun Liu. Study on the application of role-based accesscontrol in workflow management system [J]. Mini-MicroSystems, 2003, 24 (6) 67-70.[2] Kandala S, Sandhu R. Secure Role-based WorkflowModels[C]. Proceedings of the Fifteenth Annual WorkingConference on DataBase and Application Security, 2002: 45-58.[3] G.F.JI, Y.TANG, Y.C.JIANG. A service-oriented groupawareness model and its implementation [A]. KSEM 2006[C].2006. 139-150[4] David F Ferraiolo, Ravi S Sandhu. Proposed NISTstandard for role- based access control [J] ACMTransactionson Information and Systems Security, 2001,( 3): 224- 274.[5] YaJun Guo, Hong Fan. Trust Authentication in PervasiveComputing [J]. COMPUTER SCIENCE, 2006. 33(8): 92-183.[6] NEUMSNNG, STREMBECKM, Design andimplementation of a flexible RBAC-service in an object-oriented scripting language [A]. Proc of the 8th ACMConference on Computer and Communications Security (CCS)[C]. 2001.58-67[7] Guohui Li, Yangming, Wang. Design and Research ofAccess Control Model Based on Role and Task. ComputerEngineering. 2006,16(32): 143-145[8] Qingyu Li, Research on Security Technology of PervasiveComputing. Institute of Computing Technology, ChineseAcademy of Sciences, PhD Dissertation.2004.[9] Kagal L , Finin T , Joshi A. Trust-based security inpervasive computing environment s. IEEE Computer,2001, 34(12): 154 157[10] Hess A, J acobson J, Mill s H, Wamsley R, Seamons KE ,Smith B. Advanced client/ server authentication in TLS.

ed Network and Distributed System Security SymposiumSanDiego, California,Feb. 2002[11] Xianzhi Huang, Haiyang Wang, Zhenxiang Chen. AContext, Rule and Role-Based Access Control Model InEnterprise Pervasive Computing Environment. 1stInternational Symposium on Pervasive Computing andApplications Proceedings. Urumchi, Xinjiang, P.R.China.August, 2006.

Figure 4. The user manage interface