Abstract
Purchase PDF (215 K)
E-mail Article
Add to my Quick Links
Cited By in Scopus (1)
Purchase PDF (91 K)
doi:10.1016/j.cose.2005.06.007 
Copyright © 2005 Elsevier Ltd All rights reserved.
Towards a location-based mandatory access control model
Received 28 October 2004;
References and further reading may be available for this article. To view references and further reading you must purchase this article.
Abstract
With the growing use of wireless networks and mobile devices, we are moving towards an era where location information will be necessary for access control. The use of location information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, such as the military, a formal model for location-based access control is needed that increases the security of the application and ensures that the location information cannot be exploited to cause harm. In this paper, we show how the mandatory access control (MAC) model can be extended to incorporate the notion of location. We also show how the different components in the MAC model are related with location and how this location information can be used to determine whether a subject has access to a given object. This model is suitable for military applications consisting of static and dynamic objects, where location of a subject and object must be considered before granting access.
Keywords: Access control; Bell-Lapadula model
Article Outline
- 1. Introduction
- 2. Background
- 2.1. Mandatory access control
- 2.2. Location determination and representation
- 2.2.1. Location determination
- 2.2.2. Location representation
- 3. Our approach to location formalization
- 4. Extending MAC to incorporate location-based access control
- 4.1. Users
- 4.2. Subjects
- 4.3. Objects
- 4.4. Operations
- 5. Related work
- 6. Conclusion
- Acknowledgements
- References
- Vitae
