Improvement Of Role Authority Mechanism In Mobile Environment

Stringent security strategys are applied in the traditional access control models such as Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC) to manage user’s authority. In order to meet the security needs in the mobile environments, location and temporal constraints have been used in the security strategys of RBAC to generate the Temporal Role-Based Access Control (TRBAC), the Location Role-Based Access Control (LRBAC) and the Location and Temporal Role-Based Access Control (LTRBAC). However, none of TRBAC, LRBAC and LTRBAC works well in some special scenarios due to lack of flexibility since mobile nodes are mobile and random. Although the trust model raises the flexibility in user authority management by using the credibility and the risk threshold to evaluate user authorization risk, it cannot adapt to the security needs in the mobile environments because the location and temporal constraints are not considered.TRBAC, LRBAC and LTRBAC are deployed as the basic security strategys, the risk evaluation methods are applied to expand mobile nodes authority management mechanism in this paper. A balance is reached between the safety and the flexibility for the security strategys for mobile nodes authority management. The main contributions are as follows:1. It is hard to accurately calculate the aggregative risks of any mobile nodes with the risk weights, as all mobile nodes are mobile and random. A zero-weight risk aggregation algorithm, i.e. Compensational Competitive Risk Aggregation Algorithm (CCRAA), is proposed. The basic idea of CCRAA is fuzzy clustering: first, take the risk reference value as the clustering center and converge mobile node’s risk values toward the clustering center by using the risk compensation; then the Max/Min aggregative method is applied to the compensated risk values to get the aggregative risk of mobile nodes. CCRAA is more practical, steady and reliable compared with the fuzzy overall evaluation and the D-S-based evidence theory in the mobile environments.2. Mobile node’s access authority execution or inheritance is impacted by time sequence, which results in low efficiency in execution or inheritance. CCRAA application is improved in two cases, in support of flexible execution or inheritance of TRBAC role authority. In the case of two nodes at two adjacent time domains, Cross Temporal Role Inherite Argorithm (CRITA) is proposed to aggregate risks pairwise. In the other case of a number of roles in the same time domain, the sliding window is used to control quantity of roles in risk aggregation such that to ensure usability of risk aggregation. The improved mobile node role authority inheritance mechanism enables flexible authority inheritance, leading to increased efficiency in role execution.3. Where any location or temporal deviation occurs to any mobile nodes in the mobile environments that are applied with TRBAC, LRBAC and LTRBAC, a Risk-Evaluation-Based WLAN Mobile Node Flexible Authorization Model (REMNFAM) is proposed to authorize mobile nodes in flexible way while risk is under control. In REMNFAM, respective risk evaluation and aggregation methods are given to address risk factors such as historical access information of mobile nodes, context information and surrounding environment. REMNFAM is appropriate for management of authority given to mobile nodes that are accessing to any WLANs, improving the flexibility in mobile nodes authority management.4. Since mobile nodes that may be strangers to each other often exchange information randomly and the security level evaluation mechanism may be different, the security level cannot be used alone to evaluate the mutual access authority between mobile nodes. The paper comes up with an Information-Flow-Risk-Evaluation-based Dynamical Security Model (IFREDSM) on the basis of mutual access among mobile nodes. In IFREDSM, which builds on information flow risk evaluation, it is assumed that authority management on mutual access between mobile nodes is not only related to their security level but also associated with the direction of information flow. Within the risk threshold, IFREDSM allows information flow from the low risk areas to the high risk areas for the purpose of flexible authorization to mobile nodes that access to mutually.