| | This Article | |
| |
| |
| | Share | |
| |
| |
| | Bibliographic References | |
| |
| |
| | Add to: | |
| |
 Digg
 Furl
 Spurl
 Blink
 Simpy
 Google
 Del.icio.us
 Y!MyWeb
| |
| | Search | |
| |
| |
| | |
Adaptive Secure Access to Remote Services in Mobile Environments
January-March 2008 (vol. 1 no. 1)
pp. 49-61
Since the inception of service-oriented computing paradigm, we have witnessed a plethora of services deployed across a broad spectrum of applications, ranging from conventional RPC-based services to SOAP-based Web services. Likewise, the proliferation of mobile devices has enabled the remote "on the move" access of these services from anywhere at any time. Secure access to these services is challenging especially in a mobile computing environment with heterogeneous modalities. Conventional static access control mechanisms are not able to accommodate complex secure access requirements. In this paper, we propose an adaptive secure access mechanism to address this problem. Our mechanism consists of two components: an adaptive access control module and an adaptive function invocation module. It not only adapts access control policies to diverse requirements, but also introduces function invocation adaptation during access, which is the missing part of existing access control models. We have successfully applied the proposed adaptive secure access mechanism to a computerassisted surgery application called UbiCAS. Performance evaluation shows that with limited overhead, our technique enforces secure access to the services provided by the UbiCAS system in a flexible way.
[1] M. Abadi, M. Burrows, B. Lampson, and G. Plotkin, “A Calculus for Access Control in Distributed Systems,” ACM Trans. Programming Languages and Systems, pp. 706-734, Sept. 1993.
[2] Advanced Encryption Standard, http://csrc.nist.gov/CryptoToolkit aes/, 2008.
[3] E. Amir, S. McCanne, and R. Katz, “An Active Service Framework and Its Application to Real-Time Multimedia Transcoding,” Proc. ACM SIGCOMM '98, Aug. 1998.
[4] P. Bahl and V. Padmanabhan, “RADAR: An In-Building RF-Based User Location and Tracking System,” Proc. IEEE INFOCOM '00, Apr. 2000.
[5] B. Benatallah, F. Casati, and F. Toumani, “Web Service Conversation Modeling: A Cornerstone for E-Business Automation,” IEEE Internet Computing, pp. 46-54, 2004.
[6] D. Berardi, D. Calvanese, G. Giacomo, M. Lenzerini, and M. Mecella, “Automatic Service Composition Based on Behavioral Descriptions,” Int'l J. Cooperative Information Systems, pp. 333-376, 2005.
[7] E. Bertino and P. Bonatti, “TRBAC: A Temporal Role-Based Access Control Model,” ACM Trans. Information and System Security, pp. 191-223, Aug. 2001.
[8] M. Damiani, E. Bertino, B. Catania, and P. Perlasca, “Geo-RBAC: A Spatially Aware RBAC,” ACM Trans. Information System Security, Feb. 2007.
[9] M. Damiani, C. Silvestri, and E. Bertino, “Hierarchical Domains for Decentralized Administration of Spatially-Aware RBAC Systems,” Proc. Third Int'l Conf. Availability, Reliability and Security (ARES '08), Mar. 2008.
[10] W. Diffie and M. Hellman, “Multiuser Cryptographic Techniques,” IEEE Trans. Information Theory, vol. 22, no. 1, pp. 644-654, Nov. 1976.
[11] G. Edjlali, A. Acharya, and V. Chaudhary, “History-Based Access Control for Mobile Code,” Proc. Fifth ACM Conf. Computer and Comm. Security (CCS '98), pp. 38-48, Nov. 1998.
[12] A. Fox, S. Gribble, Y. Chawathe, and E.A. Brewer, “Adapting to Network and Client Variation Using Infrastructural Proxies: Lessons and Perspectives,” IEEE Personal Comm., vol. 5, no. 4, pp.10-19, http://www.cs.washington.edu/homes/gribble/ papersadapt.ps.zip, Aug. 1998.
[13] A. Fox, S. Gribble, Y. Chawathe, E.A. Brewer, and P. Gauthier, “Cluster-Based Scalable Network Services,” Proc. 16th ACM Symp. Operating Systems Principles (SOSP '97), Oct. 1997.
[14] E. Freudenthal, T. Pesin, L. Port, E. Keenan, and V. Karamcheti, “DRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments,” Proc. 22nd Int'l Conf. Distributed Computing Systems (ICDCS '02), July 2002.
[15] X. Fu, W. Shi, A. Akkerman, and V. Karamcheti, “CANS: Composable, Adaptive Network Services Infrastructure,” Proc. Third Usenix Symp. Internet Technologies and Systems (USITS '01), pp. 135-146, Mar. 2001.
[16] C. Georgiadis, I. Mavridis, G. Pangalos, and R. Thomas, “Flexible Team-Based Access Control Using Contexts,” Proc. Sixth ACM Symp. Access Control Models and Technologies (SACMAT '01), May 2001.
[17] S.D. Gribble, M. Welsh, E.A. Brewer, and D. Culler, “The MultiSpace: An Evolutionary Platform for Infrastructual Services,” Proc. Usenix Ann. Technical Conf., June 1999.
[18] R. Grimm, J. Davis, E. Lemar, A. Macbeth, S. Swanson, T. Anderson, B. Bershad, G. Borriello, S. Gribble, and D. Wetherall, “System Support for Pervasive Applications,” ACM Trans. Computer Systems, pp. 421-486, Nov. 2004.
[19] A. Haeberlen, E. Flannery, A. Ladd, A. Rudys, D. Wallach, and L. Kavraki, “Practical Robust Localization over Large-Scale 802.11 Wireless Networks,” Proc. ACM MobiCom, 2004.
[20] D. Halls, “Applying Mobile Code to Distributed Systems,” PhD dissertation, Computer Laboratory, Univ. of Cambridge, 1997.
[21] The American Health Insurance Portability and Accountability Act, http:/www.hipaa.org/, 2008.
[22] J. Hu and A. Weaver, “Context-Aware Security Infrastructure for Distributed Healthcare Applications,” Proc. First Workshop Pervasive Security, Privacy and Trust (PSPT '04), Aug. 2004.
[23] Java Implementation of RC4, http://www.insanityflows.net/archiveindex.php?title=RC4.java , 2008.
[24] A.D. Joseph, J.A. Tauber, and M.F. Kasshoek, “Mobile Computing with the Rover Toolkit,” IEEE Trans. Computers, special issue on mobile computing, vol. 46, no. 3, pp. 337-352, Mar. 1997.
[25] A. Kumar, N. Karnik, and G. Chafle, “Context Sensitivity in Role-Based Access Control,” ACM SIGOPS Operating Systems Rev., July 2002.
[26] H. Liu, H. Lufei, W. Shi, and V. Chaudhary, “Towards Ubiquitous Access of Computer-Assisted Surgery Systems,” Proc. 28th Ann. Int'l Conf. IEEE Eng. in Medicine and Biology Soc. (EMBS '06), Aug. 2006.
[27] H. Lufei and W. Shi, “An Adaptive Encryption Protocol in Mobile Computing,” Wireless Network Security, Springer, 2006.
[28] H. Lufei and W. Shi, “Fractal: A Mobile Code Based Framework for Dynamic Application Protocol Adaptation,” J. Parallel and Distributed Computing, pp. 887-906, July 2006.
[29] A. Mallet, J. Chung, and J. Smith, “Operating System Support for Protocol Boosters,” Proc. Fourth Int'l Workshop High Performance Protocol Architectures (HIPPARCH '97), June 1997.
[30] R. Mohan, J.R. Simth, and C. Li, “Adapting Multimedia Internet Content for Universal Access,” IEEE Trans. Multimedia, vol. 1, no. 1, pp. 104-114, Mar. 1999.
[31] M. Moyer and M. Ahamad, “Generalized Role-Based Access Control,” Proc. 21st Int'l Conf. Distributed Computing Systems (ICDCS), 2001.
[32] R. Nehme, E. Rundensteiner, and E. Bertino, “A Security Punctuation Framework for Enforcing Access Control on Streaming Data,” Proc. 24th Int'l Conf. Data Eng. (ICDE '08), Apr. 2008.
[33] Q. Ni, A. Trombetta, E. Bertino, and J. Lobo, “Privacy-Aware Role Based Access Control,” Proc. 12th ACM Symp. Access Control Models and Technologies (SACMAT 07), June 2007.
[34] B.D. Noble, “Mobile Data Access,” PhD dissertation, School of Computer Science, Carnegie Mellon Univ., http://mobility.eecs. umich.edu/papersdiss.pdf , May 1998.
[35] S. Paurobally and N. Jennings, “Protocol Engineering for Web Services Conversations,” Int'l J. Eng. Applications of Artificial Intelligence, vol. 18, 2005.
[36] N. Priyantha, A. Chakraborty, and H. Balakrishnan, “The Cricket Location-Support System,” Proc. ACM MobiCom, 2000.
[37] RC4 RFC 3268, http://www.faqs.org/rfcsrfc3268.html/, 2008.
[38] Remote Method Invocation, http://java.sun.com/javase/ technologies/ core/basic/rmi/whitepaperindex.jsp, 2008.
[39] Remote Procedure Call, http://tools.ietf.org/htmlrfc707, 2008.
[40] R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, “Role-Based Access Control Models,” Computer, pp. 38-47, Feb. 1996.
[41] P. Sudame and B. Badrinath, “Transformer Tunnels: A Framework for Providing Route-Specific Adaptations,” Proc. Usenix Technical Conf., June 1998.
[42] J. Thomas, F. Paci, E. Bertino, and P. Eugster, “User Tasks and Access Control over Web Services,” Proc. IEEE Int'l Conf. Web Services (ICWS '07), July 2007.
[43] R. Thomas, “Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments,” Proc. Second ACM Workshop Role-Based Access Control (RBAC '97), Oct. 1997.
[44] W3C Consortium, Simple Object Access Protocol (SOAP) 1.1, http://www.w3.org/TRSOAP/, 2000.
[45] M. Wilikens, S. Feriti, A. Sanna, and M. Masera, “A Context-Related Authorization and Access Control Method Based on RBAC: A Case Study from the Health Care Domain,” Proc. Seventh ACM Symp. Access Control Models and Technologies (SACMAT '02), June 2002.
[46] M. Yarvis, A. Wang, A. Rudenko, P. Reiher, and G.J. Popek, “Conductor: Distributed Adaptation for Complex Networks,” Proc. Seventh Workshop Hot Topics in Operating Systems (HotOS '99), http://lasr.cs.ucla.edu/reiher/papersyarvis.ps , Mar. 1999.
[47] L. Zhang, G. Ahn, and B. Chu, “A Role-Based Delegation Framework for Healthcare Information Systems,” Proc. Seventh ACM Symp. Access Control Models and Technologies (SACMAT '02), June 2002.
Index Terms:
Distributed applications, Mobile environments, Access Control
Citation:
Hanping Lufei, Weisong Shi, Vipin Chaudhary, "Adaptive Secure Access to Remote Services in Mobile Environments," IEEE Transactions on Services Computing, vol. 1, no. 1, pp. 49-61, Jan.-March 2008, doi:10.1109/TSC.2008.4
