Effectively enforcing authorization constraints for emerging space-sensitive technologies

Carlos E. Rubio-Medrano, Shaishavkumar Jogani, Maria Leitner, Ziming Zhao, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Recently, applications that deliver customized content to end-users, e.g., digital objects on top of a video stream, depending on information such as their current physical location, usage patterns, personal data, etc., have become extremely popular. Despite their promising future, some concerns still exist with respect to the proper use of such space-sensitive applications (S-Apps) inside independently-run physical spaces, e.g., schools, museums, hospitals, memorials, etc. Based on the idea that innovative technologies should be paired with novel (and effective) security measures, this paper proposes space-sensitive access control (SSAC), an approach for restricting space-sensitive functionality in such independently-run physical spaces, allowing for the specification, evaluation and enforcement of rich and flexible authorization policies, which, besides meeting the specific needs for S-Apps, are also intended to avoid the need for interruptions in their normal use as well as repetitive policy updates, thus providing a convenient solution for both policy makers and end-users. We present a theoretical model, a proof-of-concept S-App, and a supporting API framework, which facilitate the policy crafting, storage, retrieval and evaluation processes, as well as the enforcement of authorization decisions. In addition, we present a performance case study depicting our proof-of-concept S-App in a set of realistic scenarios, as well as a user study which resulted in 90% of participants being able to understand and write authorization policies using our approach, and 93% of them also recognizing the need for restricting functionality in the context of emerging space-sensitive technologies, thus providing evidence that encourages the adoption of SSAC in practice.

Original languageEnglish (US)
Title of host publicationSACMAT 2019 - Proceedings of the 24th ACM Symposium on Access Control Models and Technologies
PublisherAssociation for Computing Machinery
Pages195-206
Number of pages12
ISBN (Electronic)9781450367530
DOIs
StatePublished - May 28 2019
Event24th ACM Symposium on Access Control Models and Technologies, SACMAT 2019 - Toronto, Canada
Duration: Jun 3 2019Jun 6 2019

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Conference

Conference24th ACM Symposium on Access Control Models and Technologies, SACMAT 2019
CountryCanada
CityToronto
Period6/3/196/6/19

Fingerprint

Application programs
Access control
Data privacy
Museums
Application programming interfaces (API)
Specifications

Keywords

  • Attributes
  • Authorization policies
  • Space-sensitive access control

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Cite this

Rubio-Medrano, C. E., Jogani, S., Leitner, M., Zhao, Z., & Ahn, G-J. (2019). Effectively enforcing authorization constraints for emerging space-sensitive technologies. In SACMAT 2019 - Proceedings of the 24th ACM Symposium on Access Control Models and Technologies (pp. 195-206). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). Association for Computing Machinery. https://doi.org/10.1145/3322431.3325109

Effectively enforcing authorization constraints for emerging space-sensitive technologies. / Rubio-Medrano, Carlos E.; Jogani, Shaishavkumar; Leitner, Maria; Zhao, Ziming; Ahn, Gail-Joon.

SACMAT 2019 - Proceedings of the 24th ACM Symposium on Access Control Models and Technologies. Association for Computing Machinery, 2019. p. 195-206 (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Rubio-Medrano, CE, Jogani, S, Leitner, M, Zhao, Z & Ahn, G-J 2019, Effectively enforcing authorization constraints for emerging space-sensitive technologies. in SACMAT 2019 - Proceedings of the 24th ACM Symposium on Access Control Models and Technologies. Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT, Association for Computing Machinery, pp. 195-206, 24th ACM Symposium on Access Control Models and Technologies, SACMAT 2019, Toronto, Canada, 6/3/19. https://doi.org/10.1145/3322431.3325109
Rubio-Medrano CE, Jogani S, Leitner M, Zhao Z, Ahn G-J. Effectively enforcing authorization constraints for emerging space-sensitive technologies. In SACMAT 2019 - Proceedings of the 24th ACM Symposium on Access Control Models and Technologies. Association for Computing Machinery. 2019. p. 195-206. (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/3322431.3325109
Rubio-Medrano, Carlos E. ; Jogani, Shaishavkumar ; Leitner, Maria ; Zhao, Ziming ; Ahn, Gail-Joon. / Effectively enforcing authorization constraints for emerging space-sensitive technologies. SACMAT 2019 - Proceedings of the 24th ACM Symposium on Access Control Models and Technologies. Association for Computing Machinery, 2019. pp. 195-206 (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT).
@inproceedings{42968431341b47c2a90ec270086fce0e,
title = "Effectively enforcing authorization constraints for emerging space-sensitive technologies",
abstract = "Recently, applications that deliver customized content to end-users, e.g., digital objects on top of a video stream, depending on information such as their current physical location, usage patterns, personal data, etc., have become extremely popular. Despite their promising future, some concerns still exist with respect to the proper use of such space-sensitive applications (S-Apps) inside independently-run physical spaces, e.g., schools, museums, hospitals, memorials, etc. Based on the idea that innovative technologies should be paired with novel (and effective) security measures, this paper proposes space-sensitive access control (SSAC), an approach for restricting space-sensitive functionality in such independently-run physical spaces, allowing for the specification, evaluation and enforcement of rich and flexible authorization policies, which, besides meeting the specific needs for S-Apps, are also intended to avoid the need for interruptions in their normal use as well as repetitive policy updates, thus providing a convenient solution for both policy makers and end-users. We present a theoretical model, a proof-of-concept S-App, and a supporting API framework, which facilitate the policy crafting, storage, retrieval and evaluation processes, as well as the enforcement of authorization decisions. In addition, we present a performance case study depicting our proof-of-concept S-App in a set of realistic scenarios, as well as a user study which resulted in 90{\%} of participants being able to understand and write authorization policies using our approach, and 93{\%} of them also recognizing the need for restricting functionality in the context of emerging space-sensitive technologies, thus providing evidence that encourages the adoption of SSAC in practice.",
keywords = "Attributes, Authorization policies, Space-sensitive access control",
author = "Rubio-Medrano, {Carlos E.} and Shaishavkumar Jogani and Maria Leitner and Ziming Zhao and Gail-Joon Ahn",
year = "2019",
month = "5",
day = "28",
doi = "10.1145/3322431.3325109",
language = "English (US)",
series = "Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT",
publisher = "Association for Computing Machinery",
pages = "195--206",
booktitle = "SACMAT 2019 - Proceedings of the 24th ACM Symposium on Access Control Models and Technologies",

}

TY - GEN

T1 - Effectively enforcing authorization constraints for emerging space-sensitive technologies

AU - Rubio-Medrano, Carlos E.

AU - Jogani, Shaishavkumar

AU - Leitner, Maria

AU - Zhao, Ziming

AU - Ahn, Gail-Joon

PY - 2019/5/28

Y1 - 2019/5/28

N2 - Recently, applications that deliver customized content to end-users, e.g., digital objects on top of a video stream, depending on information such as their current physical location, usage patterns, personal data, etc., have become extremely popular. Despite their promising future, some concerns still exist with respect to the proper use of such space-sensitive applications (S-Apps) inside independently-run physical spaces, e.g., schools, museums, hospitals, memorials, etc. Based on the idea that innovative technologies should be paired with novel (and effective) security measures, this paper proposes space-sensitive access control (SSAC), an approach for restricting space-sensitive functionality in such independently-run physical spaces, allowing for the specification, evaluation and enforcement of rich and flexible authorization policies, which, besides meeting the specific needs for S-Apps, are also intended to avoid the need for interruptions in their normal use as well as repetitive policy updates, thus providing a convenient solution for both policy makers and end-users. We present a theoretical model, a proof-of-concept S-App, and a supporting API framework, which facilitate the policy crafting, storage, retrieval and evaluation processes, as well as the enforcement of authorization decisions. In addition, we present a performance case study depicting our proof-of-concept S-App in a set of realistic scenarios, as well as a user study which resulted in 90% of participants being able to understand and write authorization policies using our approach, and 93% of them also recognizing the need for restricting functionality in the context of emerging space-sensitive technologies, thus providing evidence that encourages the adoption of SSAC in practice.

AB - Recently, applications that deliver customized content to end-users, e.g., digital objects on top of a video stream, depending on information such as their current physical location, usage patterns, personal data, etc., have become extremely popular. Despite their promising future, some concerns still exist with respect to the proper use of such space-sensitive applications (S-Apps) inside independently-run physical spaces, e.g., schools, museums, hospitals, memorials, etc. Based on the idea that innovative technologies should be paired with novel (and effective) security measures, this paper proposes space-sensitive access control (SSAC), an approach for restricting space-sensitive functionality in such independently-run physical spaces, allowing for the specification, evaluation and enforcement of rich and flexible authorization policies, which, besides meeting the specific needs for S-Apps, are also intended to avoid the need for interruptions in their normal use as well as repetitive policy updates, thus providing a convenient solution for both policy makers and end-users. We present a theoretical model, a proof-of-concept S-App, and a supporting API framework, which facilitate the policy crafting, storage, retrieval and evaluation processes, as well as the enforcement of authorization decisions. In addition, we present a performance case study depicting our proof-of-concept S-App in a set of realistic scenarios, as well as a user study which resulted in 90% of participants being able to understand and write authorization policies using our approach, and 93% of them also recognizing the need for restricting functionality in the context of emerging space-sensitive technologies, thus providing evidence that encourages the adoption of SSAC in practice.

KW - Attributes

KW - Authorization policies

KW - Space-sensitive access control

UR - http://www.scopus.com/inward/record.url?scp=85067202267&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85067202267&partnerID=8YFLogxK

U2 - 10.1145/3322431.3325109

DO - 10.1145/3322431.3325109

M3 - Conference contribution

T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

SP - 195

EP - 206

BT - SACMAT 2019 - Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

PB - Association for Computing Machinery

ER -