Enforcing spatial constraints for mobile RBAC systems


Proposed models for spatially-aware extensions of role-based access control (RBAC) combine the administrative and security advantages of RBAC with the dynamic nature of mobile and pervasive computing systems. However, implementing systems that enforce these models poses a number of challenges. As a solution, we propose an architecture for designing such a system. The architecture is based on an enhanced RBAC model that supports location-based access control policies by incorporating spatial constraints. Enforcing spatially-aware RBAC policies in a mobile environment requires addressing several challenges. First, one must guarantee the integrity of a user's location during an access request. We adopt a proximity-based solution using Near-Field Communication (NFC) technology. The next challenge is to verify the user's position continuously satisfies the location constraints. To capture these policy restrictions, we incorporate elements of the UCON_ABC usage control model in our architecture. In this work, we also propose a number of protocols, describe our prototype implementation, report the performance of our prototype, and evaluate the security guarantees.


spatial aware, RBAC, security, mobile, location based access, UCON_ABC, NFC

Date of this Version



SACMAT '10 Proceeding of the 15th ACM symposium on Access control models and technologies