A generalized context-based access control model for pervasive environments

摘要

Pervasive Computing Environments enable new opportunities for users to share and to access resources anytime and anywhere in a more natural way, making access control a critical issue. These heterogeneous and dynamic sensor-rich environments characterized by frequent and unpredictable changes on user's, resource's, and environment situations, call for access control solutions that allow dynamically adjust access permissions based on information describing the conditions of these entities (context), such as location and time. Some research attempts have been done based on existing models, which context information is used as an optional attribute for limiting the scope of access control permissions. However, these approaches normally exploit identities and roles dynamically assigned to the users in order to grant access permissions, which is an inappropriate solution for open and dynamic environments which we cannot assume the existence of predefined roles and user-role associations. In this scenario, we claim that access permissions should be assigned to the users only based on context information characterizing the three most important entities of any access control framework: owners, requestors, and resources. Thus, this paper proposes a generalized context-based access control model for making access control decisions completely based on context information.