TY - GEN
T1 - Effectively enforcing authorization constraints for emerging space-sensitive technologies
AU - Rubio-Medrano, Carlos E.
AU - Jogani, Shaishavkumar
AU - Leitner, Maria
AU - Zhao, Ziming
AU - Ahn, Gail Joon
N1 - Funding Information:
This work was partially supported by grants from the National Science Foundation (NSF-IIS-1527268 and NSF-ACI-1642031).
Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/5/28
Y1 - 2019/5/28
N2 - Recently, applications that deliver customized content to end-users, e.g., digital objects on top of a video stream, depending on information such as their current physical location, usage patterns, personal data, etc., have become extremely popular. Despite their promising future, some concerns still exist with respect to the proper use of such space-sensitive applications (S-Apps) inside independently-run physical spaces, e.g., schools, museums, hospitals, memorials, etc. Based on the idea that innovative technologies should be paired with novel (and effective) security measures, this paper proposes space-sensitive access control (SSAC), an approach for restricting space-sensitive functionality in such independently-run physical spaces, allowing for the specification, evaluation and enforcement of rich and flexible authorization policies, which, besides meeting the specific needs for S-Apps, are also intended to avoid the need for interruptions in their normal use as well as repetitive policy updates, thus providing a convenient solution for both policy makers and end-users. We present a theoretical model, a proof-of-concept S-App, and a supporting API framework, which facilitate the policy crafting, storage, retrieval and evaluation processes, as well as the enforcement of authorization decisions. In addition, we present a performance case study depicting our proof-of-concept S-App in a set of realistic scenarios, as well as a user study which resulted in 90% of participants being able to understand and write authorization policies using our approach, and 93% of them also recognizing the need for restricting functionality in the context of emerging space-sensitive technologies, thus providing evidence that encourages the adoption of SSAC in practice.
AB - Recently, applications that deliver customized content to end-users, e.g., digital objects on top of a video stream, depending on information such as their current physical location, usage patterns, personal data, etc., have become extremely popular. Despite their promising future, some concerns still exist with respect to the proper use of such space-sensitive applications (S-Apps) inside independently-run physical spaces, e.g., schools, museums, hospitals, memorials, etc. Based on the idea that innovative technologies should be paired with novel (and effective) security measures, this paper proposes space-sensitive access control (SSAC), an approach for restricting space-sensitive functionality in such independently-run physical spaces, allowing for the specification, evaluation and enforcement of rich and flexible authorization policies, which, besides meeting the specific needs for S-Apps, are also intended to avoid the need for interruptions in their normal use as well as repetitive policy updates, thus providing a convenient solution for both policy makers and end-users. We present a theoretical model, a proof-of-concept S-App, and a supporting API framework, which facilitate the policy crafting, storage, retrieval and evaluation processes, as well as the enforcement of authorization decisions. In addition, we present a performance case study depicting our proof-of-concept S-App in a set of realistic scenarios, as well as a user study which resulted in 90% of participants being able to understand and write authorization policies using our approach, and 93% of them also recognizing the need for restricting functionality in the context of emerging space-sensitive technologies, thus providing evidence that encourages the adoption of SSAC in practice.
KW - Attributes
KW - Authorization policies
KW - Space-sensitive access control
UR - http://www.scopus.com/inward/record.url?scp=85067202267&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85067202267&partnerID=8YFLogxK
U2 - 10.1145/3322431.3325109
DO - 10.1145/3322431.3325109
M3 - Conference contribution
AN - SCOPUS:85067202267
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 195
EP - 206
BT - SACMAT 2019 - Proceedings of the 24th ACM Symposium on Access Control Models and Technologies
PB - Association for Computing Machinery
T2 - 24th ACM Symposium on Access Control Models and Technologies, SACMAT 2019
Y2 - 3 June 2019 through 6 June 2019
ER -