Computer Security Applications Conference, Annual (2002)
San Diego California
Dec. 9, 2002 to Dec. 13, 2002
Geetanjali Sampemane , University of Illinois at Urbana-Champaign
Prasad Naldurg , University of Illinois at Urbana-Champaign
Roy H. Campbell , University of Illinois at Urbana-Champaign
Active Spaces are physical spaces augmented with heterogeneous computing and communication devices along with supporting software infrastructure. This integration facilitates collaboration between users, and promotes greater levels of interaction between users and devices. An Active Space can be configured for different types of applications at different times. We present an access control system that automates the creation and enforcement of access control policies for different configurations of an Active Space. Our system explicitly recognizes different modes of cooperation between groups of users, and the dependence between physical and virtual aspects of security in Active Spaces.<div></div> Our model provides support for both discretionary and mandatory access control policies, and uses role-based access control techniques for easy administration of users and permissions. We dynamically assign permissions to user roles based on context information. With the help of an example scenario, we show how we can create dynamic protection domains. This allows administrators and application developers the ability to customize access control policies on a need-to-protect basis. We also provide a semi-formal specification and analysis of our model and show how we preserve safety properties in spite of dynamic changes to access control permissions. We also show how our model preserves the principle of least privilege, promotes separation of duty, and prevents rights-amplification.
G. Sampemane, R. H. Campbell and P. Naldurg, "Access Control for Active Spaces," Computer Security Applications Conference, Annual(ACSAC), San Diego California, 2002, pp. 343.