A framework for decentralized access control

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A framework for decentralized access control

Full text

Pdf (284 KB)

Source

ASIAN ACM Symposium on Information, Computer and Communications Security archive
Proceedings of the 2nd ACM symposium on Information, computer and communications security table of contents

Singapore

SESSION: Access control table of contents

Pages: 93 - 104

Year of Publication: 2007

ISBN:1-59593-574-6

Authors

Meenakshi Balasubramanian	Honeywell Technology Solutions, Bangalore, India
Abhishek Bhatnagar	Honeywell Technology Solutions, Bangalore, India
Namit Chaturvedi	Honeywell Technology Solutions, Bangalore, India
Atish Datta Chowdhury	Honeywell Technology Solutions, Bangalore, India
Arul Ganesh	Honeywell Technology Solutions, Bangalore, India

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 13, Downloads (12 Months): 94, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1229285.1229302 What is a DOI?

ABSTRACT

We present a framework for decentralized authorization for physical access control, using smart cards, where access to individual rooms is guarded by context-dependent policies that are dynamically evaluated. Policies are specified using a logical language parameterized by events. A policy analyzer converts policy specifications into equivalent executable automata and also generates initialization information about the contexts used in these policies. While the automata are stored in users' smart cards, context initialization information is disseminated in the system. We also provide a context modeling mechanism that supports construction and propagation of contexts in the system. Upon an access request, user automata are executed at the point of access in the presence of current context information. This results in an allow/deny decision. The benefit of this approach lies in resolving authorizations in a decentralized manner in situations where the solution needs to scale with increasing number of users.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martín Abadi, Logic in Access Control, Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science, p.228, June 22-25, 2003
	2	Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993 [doi>10.1145/155183.155225]
	3	Meenakshi Balasubramanian , Namit Chaturvedi , Atish Datta Chowdhury , Arul Ganesh, A framework for rapid-prototyping of context based ubiquitous computing applications, Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing -Vol 1 (SUTC'06), p.306-311, June 05-07, 2006 [doi>10.1109/SUTC.2006.7]
	4	Lujo Bauer , Scott Garriss , Michael K. Reiter, Distributed Proving in Access-Control Systems, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.81-95, May 08-11, 2005 [doi>10.1109/SP.2005.9]
	5	Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, An access control model supporting periodicity constraints and temporal reasoning, ACM Transactions on Database Systems (TODS), v.23 n.3, p.231-285, Sept. 1998 [doi>10.1145/293910.293151]
	6	Elisa Bertino , Elena Ferrari , Vijayalakshmi Atluri, A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems, Proceedings of the second ACM workshop on Role-based access control, p.1-12, November 06-07, 1997, Fairfax, Virginia, United States [doi>10.1145/266741.266746]
	7	Randal E. Bryant, Symbolic Boolean manipulation with ordered binary-decision diagrams, ACM Computing Surveys (CSUR), v.24 n.3, p.293-318, Sept. 1992 [doi>10.1145/136035.136043]
	8	G. Chen and D. Kotz. Solar: Towards a Flexible and Scalable Data-Fusion Infrastructure for Ubiquitous Computing. In UbiTools'01 - Workshop on Application Models and Programming Tools for Ubiquitous Computing (held in conjunction with the UbiComp'01), Sep. 30 2001.
	9	Zhiqun Chen, Java Card Technology for Smart Cards: Architecture and Programmer's Guide, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2000
	10	A. K. Dey, D. Salber, and G. D. Abowd. A conceptual framework and a toolkit for supporting the rapid prototyping of context-aware applications. Human-Computer Interaction, 16(2-4):97--166, 2001.
	11	D. Diaz. GNU Prolog: A Native Prolog Compiler with Constraint Solving over Finite Domains, 1.7 edition, September 2002. For GNU Prolog version 1.2.16.
	12	C. Donelly and R. Stallman. Bison: The YACC-Compatible Parser Generator (Reference Manual). Free Software Foundation, Version 1.25 edition, November 1995. On-Line Info File.
	13	Jesper G. Henriksen , Jakob L. Jensen , Michael E. Jørgensen , Nils Klarlund , Robert Paige , Theis Rauhe , Anders Sandholm, Mona: Monadic Second-Order Logic in Practice, Proceedings of the First International Workshop on Tools and Algorithms for Construction and Analysis of Systems, p.89-110, May 19-20, 1995
	14	International Organization for Standardization. ISO/IEC 7816. http://www.iso.org.
	15	Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001 [doi>10.1145/383891.383894]
	16	N. Klarlund and A. Møller. MONA Version 1.4 User Manual. BRICS Notes Series NS-01-1, Department of Computer Science, University of Aarhus, Aarhus C, Denmark, January 2001.
	17	Dexter C. Kozen , D. C. Kozen, Automata and Computability, Springer-Verlag New York, Inc., Secaucus, NJ, 1997
	18	S. Micali. NOVOMODO: Scalable certificate validation and simplified PKI management. In 1st Annual PKI Research Workshop - Proceeding, April 2002.
	19	OpenCard Consortium. OpenCard Framework - General Information Web Document, second edition, October 1998. http://www.opencard.org/docs/gim/ocfgim.pdf.
	20	OpenCard Consortium. OpenCard Framework 1.2 - Programmer's Guide, fourth edition, December 1999. http://www.opencard.org/docs/pguide/PGuide.pdf.
	21	Anand Ranganathan , Roy H. Campbell, An infrastructure for context-awareness based on first order logic, Personal and Ubiquitous Computing, v.7 n.6, p.353-364, December 2003 [doi>10.1007/s00779-003-0251-x]
	22	Manuel Román , Christopher Hess , Renato Cerqueira , Anand Ranganathan , Roy H. Campbell , Klara Nahrstedt, Gaia: a middleware platform for active spaces, ACM SIGMOBILE Mobile Computing and Communications Review, v.6 n.4, p.65-67, October 2002 [doi>10.1145/643550.643558]
	23	Pierangela Samarati , Sabrina De Capitani di Vimercati, Access Control: Policies, Models, and Mechanisms, Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures, p.137-196, September 01, 2000
	24	A. Seleznyov, M. Ahmed, and S. Hailes. ADAM: An Agent-based Middleware Architecture for Distributed Access Control. In Proc. Artificial Intelligence and Applications, 2004.
	25	Sun Microsystems. Development Kit User's Guide for the Binary Release with Cryptography Extensions, October 2003. Java Card#8482; Platform Version 2.2.1.
	26	Wolfgang Thomas, Languages, automata, and logic, Handbook of formal languages, vol. 3: beyond words, Springer-Verlag New York, Inc., New York, NY, 1997