This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Policy Mapper: Administering Location-Based Access-Control Policies
March/April 2008 (vol. 12 no. 2)
pp. 38-45
Rafae Bhatti, Oracle
Maria Luisa Damiani, University of Milan
David W. Bettis, Amazon.com
Elisa Bertino, Purdue University
Simplifying the administration of location-based access-control policies requires a mechanism that supports both intuitive and scalable spatial constraint specifications and a flexible enforcement architecture. Policy Mapper is an administrative tool that helps define access control at conceptual and logical levels to carry out constraint specification and enforcement. The tool also provides an Interface Definition Language that couples the two levels. Policy Mapper bridges a critical gap between the expressiveness and enforcement of spatial constraints in location-based access-control policies.

1. M.L. Damiani et al., "GeoRBAC: A Spatially Aware Rbac," ACM Trans. Information and System Security, vol. 10, no. 1, 2007, p. 2.
2. D.F. Ferraiolo et al., "Proposed NIST Standard for Role-Based Access Control," ACM Trans. Information and System Security, vol. 4, no. 3, 2001, pp. 224–274.
3. R. Bhatti et al., "X-GTRBAC: An XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control," ACM Trans. Information and System Security, vol. 8, no. 2, 2005, pp. 187–227.
4. F. Cuppens and A. Miège, "Modellin Contexts in the Or-BAC Model," Proc. 19th Ann. Computer Security Applications Conf. (ACSAC 03), IEEE CS Press, 2003, pp. 416–427.
5. S.M. Chandran and J.B.D. Joshi, "LoT RBAC: A Location and Time-Based RBAC Model," Proc. 6th Int'l Conf. Web Information Systems Eng. (WISE 05), Springer-Verlag, 2005, pp. 361–375.
6. F. Hansen and V. Oleshchuk, "SRBAC: A Spatial Role-Based Access Control Model for Mobile Systems," Proc. 7th Nordic Workshop on Secure IT Systems (NORDSEC 03), 2003, pp. 129–141.
7. Geography Markup Language (GML) Implementation Specification, tech. report OGC 02-023r4, OpenGIS, 2003.
1. C. Ardagna et al., "Supporting Location-Based Conditions in Access Control Policies," Proc. 2006 ACM Symp. Information, Computer, and Communications Security, ACM Press, 2006, pp. 212–222.
2. S.M. Chandran and J.B.D. Joshi, "LoT RBAC: A Location and Time-Based RBAC Model," Proc. 6th Int'l Conf. Web Information Systems Eng. (WISE 05), Springer-Verlag, 2005, pp. 361–375.
3. F. Hansen and V. Oleshchuk, "SRBAC: A Spatial Role-Based Access Control Model for Mobile Systems," Proc. 7th Nordic Workshop on Secure IT Systems (NORDSEC 03), Dept. of Telematics, Norwegian Univ. of Science and Technology, 2003, pp. 129–141.
4. F. Cuppens and A. Miège, "Modelling Contexts in the Or-BAC Model," Proc. 19th Ann. Computer Security Applications Conf. (ACSAC 03), IEEE CS Press, 2003, pp. 416–427.
5. D.F. Ferraiolo et al., "Proposed NIST Standard for Role-Based Access Control," ACM Trans. Information and System Security, vol. 4, no. 3, 2001, pp. 224–274.
6. M.L. Damiani et al., "GeoRBAC: A Spatially Aware RBAC," ACM Trans. Information and System Security, vol. 10, no. 1, 2007, p. 2.
7. M.J. Covington et al., "Securing Context-Aware Applications using Environment Roles," Proc. 6th ACM Symp. Access Control Models and Technologies (SACMAT 01), ACM Press, 2001, pp. 10–20.
8. R.J. Hulsebosch et al., "Context-Sensitive Access Control," Proc. 10th ACM Symp. Access Control Models and Technologies, ACM Press, 2005, pp. 111–119.
9. U. Hengartner and P. Steenkiste, "Access Control to People Location Information," ACM Trans. Information and System Security, vol. 8, 2005, pp. 424–456.
10. P. McDaniel, "On Context in Authorization Policy," Proc. 8th ACM Symp. Access Control Models and Technologies, ACM Press, 2003, pp. 80–89.

Index Terms:
access control, location-based constraints, policy administration, mobile computing
Citation:
Rafae Bhatti, Maria Luisa Damiani, David W. Bettis, Elisa Bertino, "Policy Mapper: Administering Location-Based Access-Control Policies," IEEE Internet Computing, vol. 12, no. 2, pp. 38-45, March-April 2008, doi:10.1109/MIC.2008.40
Usage of this product signifies your acceptance of the Terms of Use.