Ubiquitous computing (UbiComp) envisions a new computing environment, wherecomputing devices and related technology are widespread (i.e. everywhere) andservices are provided at anytime. The technology is embedded discreetly in theenvironment to raise users' awareness. UbiComp environments support the proliferationof heterogeneous devices such as embedded computing devices, personaldigital assistants (PDAs), wearable computers, mobile phones, laptops, officedesktops (PCs), and hardware sensors. These devices may be interconnected bycommon networks (e.g. wired, wireless), and may have different levels of capabilities(i.e. computational power, storage, power consumption, etc). They areseamlessly integrated and interoperated to provide smart services (i.e. adaptiveservices). A UbiComp environment provides smart services to users based on theusers' and/or system's current contexts. It provides the services to users unobtrusivelyand in turn the user's interactions with the environment should be asnon-intrusive and as transparent as possible. Access to such smart services anddevices must be controlled by an effective access control system that adapts itsdecisions based on the changes in the surrounding contextual information.This thesis aims at designing an adaptive fine-grained access control solutionthat seamlessly fits into UbiComp environments. The solution should be flexiblein supporting the use of different contextual information and efficient, in terms ofaccess delays, in controlling access to resources with divergent levels of sensitivity.The main contribution of this thesis is the proposal of the Context-Risk-Aware Access Control (CRAAC) model. CRAAC achieves fine-grained accesscontrol based upon the risk level in the underlying access environment and/orthe sensitivity level of the requested resource object. CRAAC makes new contributionsto the access control field, those include 1) introducing the concept oflevel of assurance based access control, 2) providing a method to convert the contextualattributes values into the corresponding level of assurance, 3) Proposingtwo methods to aggregate the set of level of assurance into one requester level ofassurance, 4) supporting four modes of working each suits a different applicationcontext and/or access control requirements, 5) a comprehensive access control architecturethat supports the CRAAC four modes of working, and 6) an evaluationof the CRAAC performance at runtime.
|Date of Award
|31 Dec 2010
- The University of Manchester
|Ning Zhang (Supervisor)
- Access control, Pervasive computing, Ubiquitous Computing, Risk assessment