17 June 2014 Proximity-based access control for context-sensitive information provision in SOA-based systems
Author Affiliations +
Service Oriented Architecture (SOA) has enabled open-architecture integration of applications within an enterprise. For net-centric Command and Control (C2), this elucidates information sharing between applications and users, a critical requirement for mission success. The Information Technology (IT) access control schemes, which arbitrate who gets access to what information, do not yet have the contextual knowledge to dynamically allow this information sharing to happen dynamically. The access control might prevent legitimate users from accessing information relevant to the current mission context, since this context may be very different from the context for which the access privileges were configured. We evaluate a pair of data relevance measures – proximity and risk – and use these as the basis of dynamic access control. Proximity is a measure of the strength of connection between the user and the resource. However, proximity is not sufficient, since some data might have a negative impact, if leaked, which far outweighs importance to the subject’s mission. For this, we use a risk measure to quantify the downside of data compromise. Given these contextual measures of proximity and risk, we investigate extending Attribute-Based Access Control (ABAC), which is used by the Department of Defense, and Role-Based Access Control (RBAC), which is widely used in the civilian market, so that these standards-based access control models are given contextual knowledge to enable dynamic information sharing. Furthermore, we consider the use of such a contextual access control scheme in a SOA-based environment, in particular for net-centric C2.
© (2014) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Gowri Rajappan, Gowri Rajappan, Xiaofei Wang, Xiaofei Wang, Robert Grant, Robert Grant, Matthew Paulini, Matthew Paulini, "Proximity-based access control for context-sensitive information provision in SOA-based systems", Proc. SPIE 9096, Open Architecture/Open Business Model Net-Centric Systems and Defense Transformation 2014, 909605 (17 June 2014); doi: 10.1117/12.2049559; https://doi.org/10.1117/12.2049559

Back to Top