Abstract
This paper reports our ongoing work to design a context-risk-aware access control (CRAAC) model for ubiquitous computing (UbiComp) environments. CRAAC is designed to augment flexibility and generality over the current solutions. Risk assessment and authorization level of assurance play a key role in CRAAC. Through risk assessment, resources are classified into groups according to their sensitivity levels and potential impacts should any unauthorized access occurs. The identified risks are mapped onto their required assurance levels, called object level of assurance (OLoA). Upon receiving an object access request, the requesterpsilas run-time contextual information is assessed to establish a requesterpsilas level of assurance (RLoA) denoting the level of confidence in identifying that requester. The access request is granted if RLoA ges OLoA. This paper describes the motivation for, and the design of, the CRAAC model, and reports a case study of further illustrate the model.
Original language | English |
---|---|
Title of host publication | the Proceedings of the 3rd International Workshop on Secure Information Systems (SIS'08) |
Publisher | IEEE Computer Society |
Pages | 775-782 |
Number of pages | 8 |
Publication status | Published - Oct 2008 |
Event | International Multiconference on Computer Science and Information Technology, 2008. - Wisla, Poland Duration: 20 Oct 2008 → 22 Oct 2008 |
Conference
Conference | International Multiconference on Computer Science and Information Technology, 2008. |
---|---|
City | Wisla, Poland |
Period | 20/10/08 → 22/10/08 |