Related resources
Search for item elsewhere
University researcher(s)
Academic department(s)
CONTEXT-AWARE ACCESS CONTROL IN UBIQUITOUS COMPUTING (CRAAC)
[Thesis]. Manchester, UK: The University of Manchester; 2010.
Access to files
- FULL-TEXT.PDF (pdf)
Abstract
Ubiquitous computing (UbiComp) envisions a new computing environment, wherecomputing devices and related technology are widespread (i.e. everywhere) andservices are provided at anytime. The technology is embedded discreetly in theenvironment to raise users’ awareness. UbiComp environments support the proliferationof heterogeneous devices such as embedded computing devices, personaldigital assistants (PDAs), wearable computers, mobile phones, laptops, officedesktops (PCs), and hardware sensors. These devices may be interconnected bycommon networks (e.g. wired, wireless), and may have different levels of capabilities(i.e. computational power, storage, power consumption, etc). They areseamlessly integrated and interoperated to provide smart services (i.e. adaptiveservices). A UbiComp environment provides smart services to users based on theusers’ and/or system’s current contexts. It provides the services to users unobtrusivelyand in turn the user’s interactions with the environment should be asnon-intrusive and as transparent as possible. Access to such smart services anddevices must be controlled by an effective access control system that adapts itsdecisions based on the changes in the surrounding contextual information.This thesis aims at designing an adaptive fine-grained access control solutionthat seamlessly fits into UbiComp environments. The solution should be flexiblein supporting the use of different contextual information and efficient, in terms ofaccess delays, in controlling access to resources with divergent levels of sensitivity.The main contribution of this thesis is the proposal of the Context-Risk-Aware Access Control (CRAAC) model. CRAAC achieves fine-grained accesscontrol based upon the risk level in the underlying access environment and/orthe sensitivity level of the requested resource object. CRAAC makes new contributionsto the access control field, those include 1) introducing the concept oflevel of assurance based access control, 2) providing a method to convert the contextualattributes values into the corresponding level of assurance, 3) Proposingtwo methods to aggregate the set of level of assurance into one requester level ofassurance, 4) supporting four modes of working each suits a different applicationcontext and/or access control requirements, 5) a comprehensive access control architecturethat supports the CRAAC four modes of working, and 6) an evaluationof the CRAAC performance at runtime.
Layman's Abstract
The following lists the novel contributions of the research presented in thisthesis: -1. The proposal of the CRAAC model.CRAAC is an adaptive LoA-linked access control model. It controls accessto resources with varying levels of sensitivity based upon the state of anaccess requester’s contextual information. It supports adaptive access controldecisions, since an access control decision for the same access requesteron the same resource object may vary each time. The variation dependson the level of assurance of the access requester, which is based upon theaccess requester’s current contextual information.• CRAAC supports fined-grained access control, since it, virtually, accommodatesany set of contextual attributes. This level of abstractionis achieved by the use of a trust-related parameter (i.e. Requester’sLevel of Assurance (RLoA)). In addition, in controlling access to a resourceobject, CRAAC accommodates the resource object’s sensitivitylevel in order to provide a more fine-grained access control.• CRAAC is flexible; adding new contextual attributes or removing obsoleteones will not significantly affect the underlying access controlsystem.• CRAAC supports four modes of working to accommodate differentaccess control requirements.2. LoA calculations• The identification of the contextual attributes that may have an impacton a subject’s LoA.• The LoA quantification of the corresponding contextual attributes.This is performed mimicking the NIST LoAeToekn work in order toconvert the contextual attribute values into LoA ranks.• Surveying the possible LoA to weight conversion methods and adoptingROC for the conversion (i.e. L2WC).• Proposing two methods for the RLoA aggregation (i.e. Weakest-Linkand the Elevating).3. An access control architecture along with its components to support thenovel CRAAC services. The architecture supports the four modes of working.4. CRAAC Evaluation• Prototype-based performance evaluation of the CRAAC model.• Investigating the safety of the CRAAC model in terms of the constraintsused.• Investigating the denial of service and impersonation attacks.