RoleBased Access Control for Wireless Information Systems

1
Role-Based Access Control for Wireless
Information Systems

• by
• Bjørnar Brekka
• and
• Flemming Kramer

2
Presentation overview

• Project goals
• Role Based Access Control
• Location aware computing
• Application
• Conclusion

3
Project goals

• Study Role Based Access Control and find out if
  it is an efficient access control method for
  implementing security in information systems.
• Find out if it is possible to implement RBAC in a
  wireless environment.
• Implement a location aware application that uses
  teleservices.

4
Role Based Access Control

• RBAC is used as a basis for security in medium
  and large organizations
• A method that use the concept of roles for
  granting access to operations and resources on a
  computer network.
• A users access to data and resources are limited
  by the users authorized roles.
• Controls access based on users activities and
  responsibilities in an organization
• Got increased attention, because of its
  capabilities, its reduced complexity and costs
  for security management.

5
Role Based Access Control

• A Session are a mapping between a user and an
  activated subset of roles and enables constraints
  on the assignment of roles to users
• By support for hierarchies, it is possible to
  represent an organizations authority and
  responsibility.
• RBAC consist of three main components
• Core RBAC (RBAC0)
• Constraints (RBAC1)
• Hierarchical RBAC (RBAC2)
• All supported components (RBAC3)

6
Location Aware Computing

• Reacting to dynamic environments and activities
  for example based on a users location
• Can be realised by the increased capabilities of
  mobile devices and in wireless connectivity
• May be combined with access control methods such
  as Role Based Access Control
• GPS, Bluetooth, Wi-Fi, RF technology such as RFID
• Sensor Fusion A combination of sesning
  technologies for better accuracy

7
Application
1/6

• Two versions are developed
• The basic application
• The Access Point Clients
• The Access Point Server
• The Servlet server
• The MIDP application
• The second application with integration into
  ActorFrame
• Easy access to Teleservices

8
Application The MySQL database
2/6

• Reflects the RBAC standard, with tables for
  Users, Roles, and Permissions. We also use
  location as an parameter.
• Sessions is used to uniquly identify a user
• RoleActivation (UA), activation of roles, and
  PermissionActivation (PA), activation of
  permissions

9
Application architecture
3/6
10
Application
4/6

• The Access Points clients
• Possible to define wireless zones
• Scans for devices by using Bluetooth
• Data transferred over UDP sockets
• The Access Point Server
• Receives data from the AP clients and adds it to
  the database

11
Application
5/6

• The Servlet Server
• Handles request from the mobile devices
• Grants access to permissions or resources based
  on location
• Data is sent through URLs
• The Mobile Devices
• User interface for logging in and for performing
  operations

12
Application Integration into ActorFrame
6/6

• Framework for developing service applications
• Enables us to use and GSM localization in
  addition to Bluetooth for location estimation.
  SMS is implemented as an operation
• GPS can also be used

13
Conclusion

• Role Based Access Control is effective in medium
  an large information systems.
• RBAC can be adapted for use in a wireless
  information system
• It is possible to use location aware technologies
  for resolving a users position.
• By leaving the most advanced functionality on a
  fixed infrastructure and the light part on the
  mobile devices, it is possible to develop
  advanced access control systems suited for
  wireless environments.
• By using ActorFrame we were also able to
  implement teleservices.