On the formalization and analysis of a spatio-temporal role-based access control model

Abstract

With the growing use of wireless networks and mobile devices, we are moving towards an era of pervasive computing. Such environments will spawn new applications that use contextual information to provide enhanced services. Traditional access control models cannot protect such applications because the access requirements may be contingent upon the location of the user and the time of access. Consequently, we propose a new spatio-temporal role-based access control model that supports delegation for use in such applications. The model can be used by any application where the access is contingent not only on the role of the user, but also on the locations of the user and the object and the time of access. We describe how each entity in the role-based access control model is affected by time and location and propose constraints to express this. We also show how the formal semantics of our model can be expressed using graph-theoretic notation. The various features of our model give rise to numerous constraints that may interact with each other and result in conflicts. Thus, for any given application using our model, it is important to analyze the interaction of constraints to ensure that conflicts or security breaches do not occur. Manual analysis is tedious and error-prone. Towards this end, we show how the analysis can be automated using Coloured Petri Nets. Since automated analysis for large applications is time consuming, we propose an approach that reduces the analysis time.