|
In modern communication environments, the ability to provide access control to information resources and software services in a context-aware manner is crucial. By leveraging the dynamically changing context information, we can achieve context-specific control over access to such resources and services, better satisfying the security and privacy requirements of the stakeholders. Existing access control approaches are highly domain-specific and they control access to services depending on the specific types of context information (e.g. location and time). One of the key limitations of the existing approaches is the lack of systematic capture and use of context information in making context-aware access control decisions. Therefore, new access control approaches are required for such dynamic and context-aware environments. Existing approaches define context as the state/situation of the entities. To achieve context-aware access control, in this paper we not only consider the states of the entities but also consider the states of the relationships between entities. We introduce a generic framework, OntCAAC (Ontology-based Context-Aware Access Control), that adopts semantic technologies in modelling dynamic contexts and corresponding access control policies. It includes a context model specific to access control, capturing the relevant context information. The context model also incorporates the ability to infer high-level implicit context information according to operator-defined rules. Using the context model, the policy model of the OntCAAC framework provides support for specifying and enforcing context-aware access control policies. We have developed a prototype implementation of the framework and have demonstrated its use in making context-aware access control decisions through two case studies from different domains. Experimental results show the feasibility of our approach and quantify the performance overhead of providing context-aware access control for software services.
|
