Databases Reference
In-Depth Information
logical location should be within the role's spatial extent. In order to find
out the logical location of the user using user's real position, the location
mapping function in the role schema is used to identify the logical location of
the user. To determine enabled roles in a session, containment between user's
logical position and role extent has to be evaluated. For each enabled role, the
set of permissions assigned to the corresponding role schema is determined.
If there are such permission assignment rules for an enabled role, then the
access request is granted.
3.3 LBAC: Location-based Access Control
For secure access to data by mobile users, it is important to consider the
user's dynamic location to identify the roles allowed and denied. As opposed
to focusing on the spatial data objects such as raster or vector data resources,
the spatially aware or context-aware based access control focuses on the access
to resources based on the physical location of the user. Some of the access
policies include:
•
P
1
: System administrators are authorized to configure the mobile network
if they are in the server farm room, they are alone in such an area, and
move at walking speed at most.
•
P
2
: The CEO is authorized to access mobile network statistics if there is
nobody close by and she is not in a competitor location.
•
P
3
: Guests can read mobile network statistics if there is nobody close by
and they are in a corporate location.
In [2], Location-based Access Control (LBAC) considers the physical lo-
cation and the credentials of the requester in determining to allow or deny
access. The context data about location and timing are made available by
third parties (e.g. mobile phone operators in a mobile network) through ser-
vice interfaces called
Location Services
. Thus a LBAC system evaluating a
policy sends requests to external services. However, the mobile network tech-
nology does not provide an exact location measure, which a Location Service
performs, and has a degree of uncertainty due to technological limitations and
possible environmental effects.
Location-based Predicates
Location-based predicates are used to describe the locational constraints of
the user, such as position, movement and interaction predicates described
below.
•
Position-based conditions on the location of the user are used to evaluate
whether a user is in a certain building or city or in the proximity of other
entities; For instance,
inarea(user, area) and disjoint(user,area, min, max)
verify the user is within or outside the area of
area
,and
distance(user,
