Enforcement of Spatial Separation of Duty Constraint
Securing access to data in location-based services and mobile applications pose interesting security requirements against spatially aware access control systems. In particular, the permissions assigned to users depend on their physical positions in a reference space. When a session is established in a spatial region by users, some spatial constraints related to this session will be triggered and control the session process during its life automatically. There are often multiple Mutually Exclusive Spatial Roles (MESR) constraints that can enforce the same Spatial Separation of Duty policy (SSoD). Although the different MESR constraints can enforce the same effect on the same session, we have found that the different MESR constraints are varying greatly in the enforcement efficiency. The more precise the MESR sets are defined for enforcing an SSoD policy, the less overhead the system is suffered. In this paper, we argue that enforcement of SSoD policies is realized by specifying minimal MESR constraints. By comparing the different MESR constraints which can enforce the same SSoD, we conclude the minimal MESR constraints can avoid redundant restrictiveness effectively and enforce the SSoD policy precisely. We also present an algorithm that generates all minimal MESR constraints that are precise for enforcing one SSoD policy.
Location-based services spatial region spatial database spatial separation of duty mutually exclusive spatial roles
Weihe Chen Zhu Tang Shiguang Ju
Department of Computer Science, Jiangsu University, Zhenjiang, 212013, P.R. China
国际会议
The 9th International Conference for Young Computer Scientists(第九届国际青年计算机大会)
安徽黄山
英文
2108-2114
2008-11-18(万方平台首次上网日期,不代表论文的发表时间)