Sensor Enhanced Access Control: Extending Traditional Access Control Models with Context-Awareness

摘要

Access control models generally distinguish between physical access control that mediates access to physical resources such as buildings, sections of buildings or individual rooms, and logical access control that mediates access to logical objects such as information stored in files or databases. All logical access control models make some, more or less implicit, assumptions about the physical access control model, e.g. that servers are locked in a room with restricted access. However, problems arise when a logical object gets a physical representation, e.g. when a file is displayed on a screen or printed, because the logical access control model has no way to ensure, or even to monitor, that the physical access control policies are being enforced. Traditionally, physical access control policies are enforced by compartmen-talization. Users are separated from other users and resources by placing them in different physical locations such as different offices in a building. Access from one to the other is impossible without passing a guard or a door lock, i.e., guards or distribution of keys/access-cards effectively enforce the physical access control policy. However, these mechanisms are generally coarse-grained, inflexible and expensive. In this paper, we propose a Sensor Enhanced Access Control (SEAC) model that extends existing logical access control models with context-awareness. This allows the model to incorporate information about the physical environment and to explicitly define and enforce physical access control policies for logical objects that have physical representations. A prototype implementation of the SEAC model has been developed for the Unix platform. The prototype protects file data when displayed on a computer screen by managing the visibility of windows in the X Window System. Context-awareness is provided by a simple motion detection system build using cheap web-cameras. However, the system is designed so that the sensor component easily can be replaced, making it possible to deploy advanced sensor technologies.