A semantic-aware role-based access control model for pervasive computing environments

Abstract

Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs not only should be context-aware, but also must be able to deal with imperfect context information. In addition, due to the diversity and heterogeneity of resources and users and their security requirements in PCEs, supporting exception and default policies is a necessary requirement. In this paper, we propose a Semantic-Aware Role-Based Access Control (SARBAC) model satisfying the aforementioned requirements using MKNF+. The main contribution of our work is defining an ontology for context information along with using MKNF+ rules to define context-aware role activation and permission assignment policies. Dividing role activation and permission assignment policies into three layers and using abstract and concrete predicates not only make security policy specification more flexible and manageable, but also make definition of exception and default polices possible. The expressive power of the proposed model is demonstrated through a case study in this paper.