Search the site

The University of Manchester Library

In April 2016 Manchester eScholar was replaced by the University of Manchester’s new Research Information Management System, Pure. In the autumn the University’s research outputs will be available to search and browse via a new Research Portal. Until then the University’s full publication record can be accessed via a temporary portal and the old eScholar content is available to search and browse via this archive.

CONTEXT-AWARE ACCESS CONTROL IN UBIQUITOUS COMPUTING (CRAAC)

Ahmed, Ali Ahmed Ali

[Thesis]. Manchester, UK: The University of Manchester; 2010.

Access to files

Abstract

Ubiquitous computing (UbiComp) envisions a new computing environment, wherecomputing devices and related technology are widespread (i.e. everywhere) andservices are provided at anytime. The technology is embedded discreetly in theenvironment to raise users’ awareness. UbiComp environments support the proliferationof heterogeneous devices such as embedded computing devices, personaldigital assistants (PDAs), wearable computers, mobile phones, laptops, officedesktops (PCs), and hardware sensors. These devices may be interconnected bycommon networks (e.g. wired, wireless), and may have different levels of capabilities(i.e. computational power, storage, power consumption, etc). They areseamlessly integrated and interoperated to provide smart services (i.e. adaptiveservices). A UbiComp environment provides smart services to users based on theusers’ and/or system’s current contexts. It provides the services to users unobtrusivelyand in turn the user’s interactions with the environment should be asnon-intrusive and as transparent as possible. Access to such smart services anddevices must be controlled by an effective access control system that adapts itsdecisions based on the changes in the surrounding contextual information.This thesis aims at designing an adaptive fine-grained access control solutionthat seamlessly fits into UbiComp environments. The solution should be flexiblein supporting the use of different contextual information and efficient, in terms ofaccess delays, in controlling access to resources with divergent levels of sensitivity.The main contribution of this thesis is the proposal of the Context-Risk-Aware Access Control (CRAAC) model. CRAAC achieves fine-grained accesscontrol based upon the risk level in the underlying access environment and/orthe sensitivity level of the requested resource object. CRAAC makes new contributionsto the access control field, those include 1) introducing the concept oflevel of assurance based access control, 2) providing a method to convert the contextualattributes values into the corresponding level of assurance, 3) Proposingtwo methods to aggregate the set of level of assurance into one requester level ofassurance, 4) supporting four modes of working each suits a different applicationcontext and/or access control requirements, 5) a comprehensive access control architecturethat supports the CRAAC four modes of working, and 6) an evaluationof the CRAAC performance at runtime.

Layman's Abstract

The following lists the novel contributions of the research presented in thisthesis: -1. The proposal of the CRAAC model.CRAAC is an adaptive LoA-linked access control model. It controls accessto resources with varying levels of sensitivity based upon the state of anaccess requester’s contextual information. It supports adaptive access controldecisions, since an access control decision for the same access requesteron the same resource object may vary each time. The variation dependson the level of assurance of the access requester, which is based upon theaccess requester’s current contextual information.• CRAAC supports fined-grained access control, since it, virtually, accommodatesany set of contextual attributes. This level of abstractionis achieved by the use of a trust-related parameter (i.e. Requester’sLevel of Assurance (RLoA)). In addition, in controlling access to a resourceobject, CRAAC accommodates the resource object’s sensitivitylevel in order to provide a more fine-grained access control.• CRAAC is flexible; adding new contextual attributes or removing obsoleteones will not significantly affect the underlying access controlsystem.• CRAAC supports four modes of working to accommodate differentaccess control requirements.2. LoA calculations• The identification of the contextual attributes that may have an impacton a subject’s LoA.• The LoA quantification of the corresponding contextual attributes.This is performed mimicking the NIST LoAeToekn work in order toconvert the contextual attribute values into LoA ranks.• Surveying the possible LoA to weight conversion methods and adoptingROC for the conversion (i.e. L2WC).• Proposing two methods for the RLoA aggregation (i.e. Weakest-Linkand the Elevating).3. An access control architecture along with its components to support thenovel CRAAC services. The architecture supports the four modes of working.4. CRAAC Evaluation• Prototype-based performance evaluation of the CRAAC model.• Investigating the safety of the CRAAC model in terms of the constraintsused.• Investigating the denial of service and impersonation attacks.

Bibliographic metadata

Type of resource:
Content type:
Administered thesis
Form of thesis:
Traditional
Type of submission:
Doctoral level ETD - final
Thesis title:
CONTEXT-AWARE ACCESS CONTROL IN UBIQUITOUS COMPUTING (CRAAC)
Degree type:
Doctor of Philosophy
Degree programme:
PhD Computer Science
Publication date:
2010-09-15T15:54:36
Institution:
The University of Manchester
Location:
Manchester, UK
Total pages:
160
Abstract:
Ubiquitous computing (UbiComp) envisions a new computing environment, wherecomputing devices and related technology are widespread (i.e. everywhere) andservices are provided at anytime. The technology is embedded discreetly in theenvironment to raise users’ awareness. UbiComp environments support the proliferationof heterogeneous devices such as embedded computing devices, personaldigital assistants (PDAs), wearable computers, mobile phones, laptops, officedesktops (PCs), and hardware sensors. These devices may be interconnected bycommon networks (e.g. wired, wireless), and may have different levels of capabilities(i.e. computational power, storage, power consumption, etc). They areseamlessly integrated and interoperated to provide smart services (i.e. adaptiveservices). A UbiComp environment provides smart services to users based on theusers’ and/or system’s current contexts. It provides the services to users unobtrusivelyand in turn the user’s interactions with the environment should be asnon-intrusive and as transparent as possible. Access to such smart services anddevices must be controlled by an effective access control system that adapts itsdecisions based on the changes in the surrounding contextual information.This thesis aims at designing an adaptive fine-grained access control solutionthat seamlessly fits into UbiComp environments. The solution should be flexiblein supporting the use of different contextual information and efficient, in terms ofaccess delays, in controlling access to resources with divergent levels of sensitivity.The main contribution of this thesis is the proposal of the Context-Risk-Aware Access Control (CRAAC) model. CRAAC achieves fine-grained accesscontrol based upon the risk level in the underlying access environment and/orthe sensitivity level of the requested resource object. CRAAC makes new contributionsto the access control field, those include 1) introducing the concept oflevel of assurance based access control, 2) providing a method to convert the contextualattributes values into the corresponding level of assurance, 3) Proposingtwo methods to aggregate the set of level of assurance into one requester level ofassurance, 4) supporting four modes of working each suits a different applicationcontext and/or access control requirements, 5) a comprehensive access control architecturethat supports the CRAAC four modes of working, and 6) an evaluationof the CRAAC performance at runtime.
Layman's abstract:
The following lists the novel contributions of the research presented in thisthesis: -1. The proposal of the CRAAC model.CRAAC is an adaptive LoA-linked access control model. It controls accessto resources with varying levels of sensitivity based upon the state of anaccess requester’s contextual information. It supports adaptive access controldecisions, since an access control decision for the same access requesteron the same resource object may vary each time. The variation dependson the level of assurance of the access requester, which is based upon theaccess requester’s current contextual information.• CRAAC supports fined-grained access control, since it, virtually, accommodatesany set of contextual attributes. This level of abstractionis achieved by the use of a trust-related parameter (i.e. Requester’sLevel of Assurance (RLoA)). In addition, in controlling access to a resourceobject, CRAAC accommodates the resource object’s sensitivitylevel in order to provide a more fine-grained access control.• CRAAC is flexible; adding new contextual attributes or removing obsoleteones will not significantly affect the underlying access controlsystem.• CRAAC supports four modes of working to accommodate differentaccess control requirements.2. LoA calculations• The identification of the contextual attributes that may have an impacton a subject’s LoA.• The LoA quantification of the corresponding contextual attributes.This is performed mimicking the NIST LoAeToekn work in order toconvert the contextual attribute values into LoA ranks.• Surveying the possible LoA to weight conversion methods and adoptingROC for the conversion (i.e. L2WC).• Proposing two methods for the RLoA aggregation (i.e. Weakest-Linkand the Elevating).3. An access control architecture along with its components to support thenovel CRAAC services. The architecture supports the four modes of working.4. CRAAC Evaluation• Prototype-based performance evaluation of the CRAAC model.• Investigating the safety of the CRAAC model in terms of the constraintsused.• Investigating the denial of service and impersonation attacks.
Keyword(s):
Thesis main supervisor(s):
Thesis advisor(s):
Funder(s):
Degree grantor:
Language:
en

Institutional metadata

University researcher(s):
Academic department(s):

Record metadata

Manchester eScholar ID:
uk-ac-man-scw:90300
Created by:
Ahmed, Ali
Created:
15th September, 2010, 14:54:37
Last modified by:
Ahmed, Ali
Last modified:
7th June, 2011, 18:25:40

Can we help?

The library chat service will be available from 11am-3pm Monday to Friday (excluding Bank Holidays). You can also email your enquiry to us.