A Policy Model and Framework for Context-Aware Access Control to Information Resources
View/ Open
File version
Accepted Manuscript (AM)
Author(s)
Kayes, ASM
Han, Jun
Rahayu, Wenny
Dillon, Tharam
Islam, Md Saiful
Colman, Alan
Griffith University Author(s)
Year published
2019
Metadata
Show full item recordAbstract
In today’s dynamic ICT environments, the ability to control users’ access to information resources and services has become ever important. On the one hand, it should provide flexibility to adapt to the users’ changing needs, while on the other hand, it should not be compromised. The user is often faced with different contexts and environments that may change the user’s information needs. To allow for this, it is essential to incorporate the dynamically changing context information into the access control policies to reflect different contexts and environments through the use of a new context-aware access control (CAAC) ...
View more >In today’s dynamic ICT environments, the ability to control users’ access to information resources and services has become ever important. On the one hand, it should provide flexibility to adapt to the users’ changing needs, while on the other hand, it should not be compromised. The user is often faced with different contexts and environments that may change the user’s information needs. To allow for this, it is essential to incorporate the dynamically changing context information into the access control policies to reflect different contexts and environments through the use of a new context-aware access control (CAAC) approach with both dynamic associations of user-role and role-permission capabilities. Our proposed CAAC framework differs from the existing access control frameworks in that it supports context-sensitive access control to information resources and dynamically re-evaluates the access control decisions when there are dynamic changes to the context. It uses the dynamic context information to specify the user-role and role-permission assignment policies. We first present a formal policy model for our framework, specifying CAAC policies. Using this model, we then introduce a policy ontology for modeling CAAC policies and a policy enforcement architecture which supports access to resources according to the dynamically changing context information. In addition, we demonstrate the feasibility of our framework by considering (i) the completeness, correctness and consistency of the ontology concepts through application to healthcare scenarios and (ii) the performance and usability testing of the framework when using desktop and mobile-based prototypes.
View less >
View more >In today’s dynamic ICT environments, the ability to control users’ access to information resources and services has become ever important. On the one hand, it should provide flexibility to adapt to the users’ changing needs, while on the other hand, it should not be compromised. The user is often faced with different contexts and environments that may change the user’s information needs. To allow for this, it is essential to incorporate the dynamically changing context information into the access control policies to reflect different contexts and environments through the use of a new context-aware access control (CAAC) approach with both dynamic associations of user-role and role-permission capabilities. Our proposed CAAC framework differs from the existing access control frameworks in that it supports context-sensitive access control to information resources and dynamically re-evaluates the access control decisions when there are dynamic changes to the context. It uses the dynamic context information to specify the user-role and role-permission assignment policies. We first present a formal policy model for our framework, specifying CAAC policies. Using this model, we then introduce a policy ontology for modeling CAAC policies and a policy enforcement architecture which supports access to resources according to the dynamically changing context information. In addition, we demonstrate the feasibility of our framework by considering (i) the completeness, correctness and consistency of the ontology concepts through application to healthcare scenarios and (ii) the performance and usability testing of the framework when using desktop and mobile-based prototypes.
View less >
Journal Title
Computer Journal
Copyright Statement
© 2018 Oxford University Press. This is a pre-copy-editing, author-produced PDF of an article accepted for publication in The Computer Journal following peer review. The definitive publisher-authenticated version A Policy Model and Framework for Context-Aware Access Control to Information Resources, The Computer Journal, bxy065, 2018 is available online at: https://doi.org/10.1093/comjnl/bxy065.
Note
This publication has been entered into Griffith Research Online as an Advanced Online Version.
Subject
Information and computing sciences
Cybersecurity and privacy not elsewhere classified
Information systems organisation and management