LBAC SCENARIOS CLASSIFICATION AND MODELING

1
LBAC SCENARIOS CLASSIFICATION AND MODELING

• By Alvaro Escobar
• January 13th, 2005

2
Overview

• Scenarios
• Initial Classifications
• More Scenarios Classifications
• UML Models
• Future Plan

3
Scenarios

• People Location System (Carnegie Mellon
  University).

4
Scenarios

• People Location System (Carnegie Mellon
  University).

• Location Policies
• Granularity
• Locations
• Time intervals
• policy maker can vary
• Object interested in protecting his/her location.
• Institution or group administrator to where the
  Object belongs.
• Delegation of Trust.

5
Scenarios

• Pervasive Access Control (PAC) System (MIT)

6
Scenarios

• Pervasive Access Control (PAC) System (MIT)

• Location Policies
• constrained by grouping together beacons into
  location groups
• Subject belongs to a location group as long as he
  can listen to one of the beacons in that group.
• LID Authority is the policy maker (mappings
  between location groups and beacons).
• Trust issues not addressed.

7
Overview

• Scenarios
• Initial Classifications
• More Scenarios Classifications
• UML Models
• Future Plan

8
Initial Classifications

• Access to peoples location (Type 1).
• Authentication token is something
• you know
• you have
• you are.
• Privacy enforced thru Policies.
• Use location to access resources (Type 2).
• Authentication token is location itself.
• Privacy enforced automatically.

9
UML Models
UML Model for LBAC Type 1 v.1.0
10
UML Models
UML Model for LBAC Type 1 v.2.0
Subject
Object
Access Right
Location information
Fig. 1. UML model of access to an objects
location information
11
UML Models
UML Model for LBAC Type 1 v.3.0
queries
registers
Subject
Object
Locator
GRANTED If O.Location is within AR.Location
Access Right
Location
Location
Fig. 1. UML model of access to an objects
location information
12
UML Models
UML Model for LBAC Type 2 v.1.0
13
UML Models
UML Model for LBAC Type 2 v.2.0
14
UML Models
UML Model for LBAC Type 2 v.3.0
queries
registers
Subject
Object
Locator
GRANTED If S.Location is within AR.Location
Access Right
Location
Location
Fig. 1. UML model where subjects location is
used to get access to the objects resource or
data
15
Overview

• Scenarios
• Initial Classifications
• More Scenarios Classifications
• UML Models
• Future Plan

16
More Scenarios

• Type 1
• A box or container holding merchandise in a
  warehouse or dock needs to be found by a robot or
  someone in charge of handling it.
• A person, who is recently involved in an
  accident, needs help. Rescuers and paramedics
  need to know the persons geographic location to
  rescue and/or possibly give first aid.
• The Sales Director needs to geographically locate
  his/her salesman team, during working hours.
• An absent-minded person needs to find the exact
  location of his/her car in a big parking lot, yet
  wants to keep his anonymity.

17
More Scenarios

• Type 2
• An employee can only login to a server from her
  office computer the subjects location is
  determined by the IP address assigned to her
  computer.
• A museum website allows access to the tour guide
  application only to visitors inside the building
  Mac04.
• A visitor is allowed access only to the directory
  of offices on the same floor he is in.
• SunPass customer is allowed to enter/exit highway
  when passing by gate entrance/exit.

18
More Scenarios

• Type 3
• A doctors proximity to a patient in a hospital
  room (and to a computer monitor) determines the
  doctors access to the patients medical records.
• A visitors proximity to a painting in a museum
  determines the visitors access to narration or
  description of that piece, using a rented device
  Van02.
• A guards proximity to a door determines his
  access to the secure room behind the door.
• A persons proximity to a street intersection
  determines his access to a listing of attractions
  and restaurants in the area.
• A firemans proximity to a building determines
  his access to a list of occupants, and/or
  hazardous chemicals in the building

19
UML Models
UML Model for LBAC Type 3 v.1.0
20
UML Models
UML Model for LBAC Type 3 v.2.0
queries
registers
Locator
Subject
Object
GRANTED If S.Location - O.Location lt
AR.Proximity
Location
Location
Access Right
Proximity
Fig. 2. UML model of access based on subjects
proximity to object.
21
More Scenarios

• Type 4
• A person is sentenced to confinement within a
  house or prison. The police needs to know when
  this person leaves the premises.
• An employee cannot leave the company premises
  with his location device on. The security office
  needs to know when the employee leaves the
  premises with his location device on.

22
UML Models
UML Model for LBAC Type 4 v.1.0
23
UML Models
UML Model for LBAC Type 4 v.2.0
informs
updates
Locator
Subject
Object
GRANTED If O.Location not within AR.Location
Location
Access Right
Location
Fig. 6. UML model of access triggered by an
object outside a prescribed location.
24
More Scenarios

• Type 5
• A doctors proximity to a patient in the
  hospital, and to a computer monitor, determines
  the doctors access to the patients medical
  records. However, in this scenario, the doctor
  must also be wearing an authenticating badge to
  gain access. The badge may detect its proximity
  to the doctor (and vouch for her identity)
  through biometric sensing.
• If we remove the not condition, we can model a
  scenario where spatial information is used to
  give transit police access to information about
  geographic assets and liabilities in an area of
  interest. Che04.
• A device that is attached to a car can talk to
  other devices that are attached to that same car.
• A doctor can only access a cabinet with
  controlled substances when the doctor is wearing
  an access-granting device, and is in close
  proximity to the cabinet. This is a most
  realistic of the doctor scenarios since only the
  device being worn needs to detect and
  authenticate the proximity of the doctor.

25
UML Models
UML Model for LBAC Type 5 v.1.0
Fig. 9. UML model of access based on mutual
proximity to a third entity.
26
UML Models
UML Model for LBAC Type 5 v.2.0
Locator
Subject
Object
queries
registers
GRANTED If S.Location - O.Location lt
AR.Proximity f(E.Location)
Location
Location
Access Right
Proximity
Entity
Location
Fig. 9. UML model of access based on mutual
proximity to a third entity.
27
Overview

• Scenarios
• Initial Classifications
• More Scenarios
• More Classifications
• UML Models
• Future Plan

28
Future Plan

• Access Control Policy specification.

29
References

• Amm92 P. E. Amman, R. S. Sandhu Implementing
  Transaction Control Expressions by Checking for
  Absence of Access Rights, in proceedings of
  IEEE Annual Computer Security Applications
  Conference (ACSAC), St. Anthony's Hotel, San
  Antonio, Texas, 1992.
• Boo98 G. Booch, J. Rumbaugh, I. Jacobson The
  Unified Modeling Language User Guide,
  Addison-Wesley Pub Co 1st edition (September 30,
  1998).
• Che04 A. Chen, Location, location, location,
  E-week Magazine, e-Week Labs, Ziff Davis, July
  12, 2004, Pages 55-56
• Des02 N. Deshpande, G. Borriello,
  Location-Aware Computing Creating Innovative
  Applications and Services, INTEL Developer
  UPDATE Magazine, December 2002. Pages 1-6.
• DeC03 S. DeCapitani di Vimercati, S.
  Paraboschi, P. Samarati Access
  control principles and solutions, ACM
  SoftwarePractice Experience, John Wiley
  Sons, 33 (5)397-421, April 2003.
• Fer95 D.F. Ferraiolo, J. Cugini, Role Based
  Access Control Features and Motivations,
  Computer Security Applications Conference (1995).
• Gor04 A. Gorlach, A, Heinemann, and
  W.W.Terpstra, "Survey on location privacy in
  pervasive computing", Procs. 1st Workshop on Sec.
  and Privacy at the Conf. on Pervasive Computing
  (SPPC), Vienna, April 2004. http//www.ito.tu-darm
  stadt.de/publs/index_en_html

30
References

• Hen04 U. Hengartner, P. Steenkiste.
  Implementing Access Control to People Location
  Information, ACM Symposium on Access Control
  Models and Technologies (SACMAT04) IBM Thomas J
  Watson Research Center, Yorktown Heights, USA.
  June 2-4, 2004.
• Cor04 A. Corradi, R. Montanari, D. Tibaldi,
  Context-Based Access Control Management in
  Ubiquitous Environments, Network Computing and
  Applications, Third IEEE International Symposium
  on (NCA'04) , August 30 - September 01, 2004,
  Boston, MA.
• Hau02 C. Hauser, Privacy and Security in
  Location-Based Systems with Spatial Models,
  Pioneering Advanced Mobile Privacy and Security,
  PAMPAS '02 - Royal Holloway, University of
  London September 16/17, 2002
• LaP73 L. J. LaPadula, D. E. Bell, Secure
  Computer Systems Mathematical Foundations and
  Model, The MITRE Corp. (1973).
• Leo98 U. Leonhardt and J. Magee, "Security
  considerations for a distributed location
  service", Journal of Network and Systems
  Management, vol. 6, No 1, 1998, 51-70.

31
References

• Mam03 M. Mamei, F. Zambonelli, V. Allegri, R.
  Emilia, Location-based and Content-based
  Information Access in Mobile Peer-to-Peer
  Computing the TOTA Approach, Third
  International Workshop on Agents and Peer-to-Peer
  Computing, (AP2PC 2004), New York City, USA. July
  19-20, 2004, Columbia University.
• Mac04 N. Machalakis, Location Aware Access
  Control for Pervasive Computing, MIT, Cambridge
  MA, February 2003
• Ruz76 M. H. Harrison, W. L. Ruzzo, Protection
  in Operating Systems, Communications of the ACM
  (August, 1976), 19(8).
• San96 R. Sandhu, E. Coyne, H. Feinstein, C.
  Youman "Role-Based Access Control models", IEEE
  Computer , 29(2)38-47, February 1996.
• Sas03 N. Sastry, U. Shankar, D. Wagner, "Secure
  verification of location claims", in proceedings
  of the 2003 ACM workshop on Wireless security
  WiSE03, San Diego, CA. September 19, 2003.
• San94 R. Sandhu, P. Samarati, Access Control
  Principles and Practice, IEEE Communications
  Magazine (1994, 40-48).