Access Control In Pervasive Computing

With the rapid development of information technology, the network-basedinformation systems have become ubiquitous. The target that whoever can communicatewith whomever in whenever and from wherever by whatever ways is coming true; thedream of exchanging information anytime and anywhere is becoming a reality; sharinginformation and obtaining information is being more and more convenient; the era ofpervasive computing is coming to us. However, the changes in computing mode andapplication environments result in many differences between pervasive informationsystems and traditional network information systems, especially in information systemassurance and security, the traditional information security technology is facing severechallenges for its difficulty to meet the needs of pervasive computing systems.Access control is one of the most fundamental protection measures for informationsystem security; it is of great significance for improving information assurance andsecurity, the same conditions for pervasive computing information system. Therefore,we study access control in pervasive computing system. The main contributions of thisthesis are as follows:1. Trust management and trust based resources access control in pervasivecomputing are discussed. A Role and Trust-degree based Access Control (RTAC) modelis presented based on a comprehensive review on trust management theory. In RTAC,user trust degree is used as an important constraint condition for user role assignmentand a crucial evidence for session role activation. At the same time, an evaluation andmeasurement method is proposed for RTAC. User’s real time trust degree is composedof basic trust, behavior trust and recommendation trust to satisfy the dynamics ofpervasive information systems.2. A user access Action Based Access Control (ABAC) model is proposed. Theaction of user’s access to system resources has its specifics in time and environment, sothe ABAC architecture can be defined formally by introducing restricted temporal statesand environmental states. Moreover, the method of applying ABAC model is illustratedin the scenario of resource access control for CSCW systems.3. A Context-aware Role-based Access Control (CRAC) mechanism is presentedbased on research on context-awareness. The contents of context for resources access inpervasive computing are elaborated, including platform security context, user trustcontext, time context and space context. Context constraints on user-role assignments and activations represent context dependence in resources access, and improve thecapability of supporting dynamic resources access control in access control policies.4. Fine-grained access control in pervasive computing system is explored.Fine-grained access control mechanisms are classified into two types, i.e.resource-oriented and user-oriented fine-grained access control; and the latter isobserved detailedly. Two user-oriented fine-grained access control methods thatTrust-degree based Fine-grained Access Control (TFAC) and Context-awareFine-grained Access Control (CFAC) are formalized using the theory of trustmanagement and the principle of context-awareness, respectively, for achievingdifferentiated user privileges and enhancing the accuracy and strictness of accesscontrol rules.