Research On Access Control In Pervasive Computing

Access control technology is the effective way to solve the security risk brought from the interoperability of pervasive computing, and to ensure the equipment and services'security. However, the users and objects in the traditional access control models are static. The permissions can only be specified in advance, but not be dynamically controlled. And user's privacy can not be considered nor protected. The new security problems brought by the context awareness, dynamic and non-certainty in pervasive computing can not be solved. Therefore, the dynamic access control model becomes needed ensuing the privilege delegation and privacy protection.In this paper, base on the current widely used role-based access control (RBAC) model, after considering of the dynamic context information, the access control model and its key issues are in-depth researched, specifically as follows:1. After analyzing the security needs of pervasive computing and its access control features, the advantages and disadvantages of the current several pervasive computing environment access control models are summarized.2. A context-aware role-based pervasive computing dynamic access control (CD-RBAC) model is given. Based on the RBAC model, the executable role set which activated by dynamic context information and the concept of the associated objects are introduced. After analysis by Description Logic, it's been proved that the CD-RBAC model can support the dynamic authorization and the principle of least privilege better, and has simpler authority management.3. An improved role-permission privilege delegation method is given. Considerate the importance and time constraints when distributing permission for the role, as well as introduces the executable role sets, to solve the privilege transfer problems.4. A method of privacy protection based on trust is given. Against the leakage of user privacy issues accuse in the access control process caused by collecting the user's information, using the Secure Two-Party Computation to protect the information after determine the sensitivity of user information and the level of security of resource provider.5. The authorization decision-making for context-based dynamic authorization in CD-RBAC based on XACML is designed, and an implementation instance is given.