Title :
Secure Context-Sensitive Authorization
Author :
Minami, Kazuhiro ; Kotz, David
Author_Institution :
Dept. of Comput. Sci., Dartmouth Coll., Hanover, NH
Abstract :
There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as "allow database access only to staff who are currently located in the main office." However, these rules, or the facts that are needed to verify authority, often involve sensitive context information. This paper presents a secure context-sensitive authorization system that protects confidential information in facts or rules. Furthermore, our system allows multiple hosts in a distributed environment to perform the evaluation of an authorization query in a collaborative way; we do not need a universally trusted central host that maintains all the context information. The core of our approach is to decompose a proof for making an authorization decision into a set of subproofs produced on multiple different hosts, while preserving the integrity and confidentiality policies of the mutually untrusted principals operating these hosts
Keywords :
authorisation; data privacy; ubiquitous computing; data integrity; distributed environment; information protection; pervasive computing; secure context-sensitive authorization; security policies; Authorization; Collaboration; Computer science; Computer security; Data security; Databases; Information security; Performance evaluation; Pervasive computing; Protection;
Conference_Titel :
Pervasive Computing and Communications, 2005. PerCom 2005. Third IEEE International Conference on
Conference_Location :
Kauai Island, HI
Print_ISBN :
0-7695-2299-8
DOI :
10.1109/PERCOM.2005.37
