IEICE TRANS. FUNDAMENTALS, VOL.E89–A, NO.1 JANUARY 2006
238
LETTER
Special Section on Cryptography and Information Security
uT-RBAC: Ubiquitous Role-Based Access Control Model Song-hwa CHAE†a) , Nonmember, Wonil KIM††b) , Member, and Dong-Kyoo KIM†c) , Nonmember
SUMMARY In ubiquitous environment that users access resource anytime and anywhere, access control model should consider user’s location information. The proposed uT-RBAC includes the location information for user’s least privilege. It also supports time related information, which enables the access control model to accommodate various ubiquitous environments. The proposed uT-RBAC can be dynamically applied to various ubiquitous computing envrionment. key words: access control, RBAC, ubiquitous computing
1.
Recently, ubiquitous computing environment begins to receive increasing attention as a new paradigm after Internet. Ubiquitous computing is characterized by freedom of movement in both time and location, which means users expect to access resources anywhere and anytime. Therefore, the complexity of security is increased as the security model should consider the factor of location and time. RBAC (Role-Based Access Control) is one of access control model that has been widely used in both research and industry areas. There have been several researches that provide the location and time constraints for the RBAC model. Since these models basically focus on wired network environment, they consider just one dimension, either temporal or spatial. In this paper, we propose an access control model that is suited for ubiquitous computing environment. The proposed model supports access control mechanism that includes temporal and spatial information, which we call situation information. 2.
Fig. 1
Introduction
uT-RBAC
SRBAC (Spatial RBAC) [4] and TRBAC (Temporal RBAC) [1] are extended RBAC model with spatial and temporal constraints respectivly. In spite of serveral researches on SRBAC, TRBAC and GTRBAC (Generalized TRBAC) [3], they have some problems such as complex representation, Manuscript received March 24, 2005. Manuscript revised June 23, 2005. Final manuscript received August 10, 2005. † The authors are with the Graduate School of Information and Communication, Ajou University, Suwon, Korea. †† The author is with the College of Electronics and Information Engineering, Sejong University, Seoul, Korea. a) E-mail:
[email protected] b) E-mail:
[email protected] c) E-mail:
[email protected] DOI: 10.1093/ietfec/e89–a.1.238
The role states of uT-RBAC model.
inappropriate in representing situation information. For efficient subsuming RBAC in ubiquitous computing environment, it should service both temparoal and spatial dimensions. The proposed uT-RBAC model not only supports situation information for ubiquitous computing environment but also uses simple representing method. The role states of the uT-RBAC are Assign, Disable and Enable. By using the role states, we reduce the representation complexity. The state of user’s role is changeable during a session. When a user logs into system, the system assigns roles to user. At this point in time, the role state is Assign. The system checks situation information, after which the role state is changed to Enable or Disable whether it is satisfied or not. Figure 1 shows a role states of uT-RBAC model. The situation information regards to the information of user’s time and location. In uT-RBAC model, this is represented as new constraints for time and location varying environment. The constraint C is a product of LC × TC . LC is location constraint, which is a set of {l1 , l2 , l3 , . . . , l j } or Anywhere. l is represented by simbolic location name (e.g. Room202 and Second Floor) and includes hierachical expression. TC is time constraint, which is a set of {t1 , t2 , t3 , . . . , t j } or {ti : tk }. t is represented as {T ime|Day|Year|Anytime}. ‘:’ means continuous operation. For example, Monday:Friday means continous time duriation from Monday to Friday. The access control policy is represented as a form of (C, RoleS tate, Rolenames). It is same as (LC , TC , Rolestate, Rolenames). 3.
Scenarios and Comparison
The proposed uT-RBAC supports all possible cases of environments such as with time only situation, location only situation, and situation that includes both. The first scenario is where the time constraint alone is required. The role of part-time staff is to be authorized to work within the com-
c 2006 The Institute of Electronics, Information and Communication Engineers Copyright
LETTER
239
pany only on working days or times. The time constraint can enable or disable roles at certain time periods. For example, Alice is a part-time employee of company, who works from 1 p.m. to 6 p.m. Alice’s role is in Disable state at the first time, and then it is changed to Enable state when time is from 1 p.m to 6 p.m. The expression is as follows. {companyA, 13:00 : 18:00, Enable, part-timeStaff }. The second scenario is where the location constraint alone is used. It is nomally happens in the following cases in ubiquitous computing environment. The case of a doctor that has permission to access a patient record which is only accessed in designated area. The location constraint can enable or disable roles at assigned locations. Alice is a physician who can access patient records in her office. Alice’s role accessPatientRecords is Enable state in room 301. Except room 301, the role state is Disable. The expression for this case is as follows. {Room301, Anytime, Enable, accessPatientRecords}. The last scenario is where the both constraints are required. In reality, most ubiquitous computing environment should consider time and location factors for situation information. Alice is a part-time doctor during nighttime in emergency room and has permission to access patient records only on working day. Alice’s role is Enable state only if she is in emergency room from Monday to Friday. Time and location constraints can restrict her permissions. The uT-RBAC expression is the following. {EmergencyRoom, Monday:Friday, Enable, accessPatientRecords}. We compare the proposed model with GTRBAC and SRBAC in the following business scenarios. Alice works with Bob from company’s partner. When Bob needs to access some resource such as printer in meeting room at restricted time periods from 10 a.m. to 3 p.m. In this case, Bob’s role has to restrict time and location dimensions. In GTRBAC, it is represented as the following expression. ([10am, 3pm], assignU Bob to accessPrinter). There is no way to represent location restriction together. In SRBAC, they use location permission assignment list that contains role name, locations and permission. Therefore, it also does not have time expression. On the other hand, the uTRBAC is able to represent location and time constraints together as following. {MeetingRoom, 10:00:15:00, Enable, accessPrinter}. The proposed uT-RBAC is able to represent not only situation information but also time only information or location only information. In addition, our representing language is simple and easy to understand. Figure 2 shows
Fig. 2
The role states of accessPrinter.
states diagram of the above example. In order to support various access control policy in ubiquitous computing environment, the access control model should consider situation information. As the proposed model supports situation information, the representation rule is more complex than the origianl RBAC. However, the complex representation is necessary to support more security requirements. Though the complexity is increased, the number of roles is not increased in the proposed model. 4.
Conclusion and Future Works
In ubiquitous computing environment, the system should be able to accommodate the user’s temporal and spatial movement. In this paper, we proposed new access control model that supports situation information. The situation information is symbolized time and location constraints in the proposed model. These constraints are provided as a peculiar feature of environment. We discussed new representing method using various senarios. The proposed uT-RBAC can be dynamically applied to various ubiquitous computing environments. References [1] E. Bertino, P.A. Bonatti, and E. Ferrari, “TRBAC: A temporal rolebased access control model,” ACM Trans. Information and System Security, vol.4, no.3, pp.191–223, 2001. [2] D.F. Ferraiolo, R. Sandhu, E. Gavrila, D.R. Kuhn, and R. Chandramouli, “Proposed NIST standard for role-based access control,” ACM Trans. Information and System Security, vol.4, no.3, pp.224– 274, 2001. [3] J.B.D. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “A generalized temporal role based access control model,” IEEE Trans. Knowl. Data Eng., vol.17, no.1, pp.4–23, 2005. [4] F. Hansen and V. Oleshchuk, “SRBAC: A spatial role-based access control model for mobile systems,” Nordec 2003, Gjovik, Norway, 2003.