A Security Model for Mobile Processes

Technologies like mobile devices (e.g. PDAs, smartphones, notebooks)and wireless data communication (e.g. GPRS, UMTS, WiFi) have a great potential for the improvement of mobile processes, e.g. by enabling access to time-critical information and preventing media disruptions. But the usage of these technologies leads also to specific challenges, particularly with regard to security and usability. One approach to deal with mobile-specific security concerns is to control access to functions provided by mobile information systems depending on the current location of the user, e.g. a travelling salesman should only be allowed to enter a customer\´s order when he currently resides at the premises of that customer. A formal model to write down such rules is called "security model". There are already some security models which take the user\´s location into account when deciding which functions of a system a certain user is allowed to use but they are process-agnostic, i.e. location-restrictions at process level cannot be expressed. In literature also security models for process-aware information system can be found but they don\´t consider location. In our work we therefore propose a security model for mobile processes based on an elicitation of requirements.