Databases Reference
In-Depth Information
from the installed sensors. For example, the Active Badge [14] detects the lo-
cation of each user in a building. Each individual carries a device called, badge,
which is associated with the identifier of the user. A building is equipped with
sensors detecting positions of badges. A person's location is determined by us-
ing an active badge which emits a signal every 15 seconds. A master station,
which works as LS, collects the location information, and makes it available
to users.
Requester:
A requester is a subscriber to a service in order to gain access to
the resources that LS offers. In a mobile environment, there are two types of
resources that a requester can gain access to: static resources (e.g. repository
room or printer) and mobile resources (location of vehicles). For example,
consider a work environment where all the documents can only be accessed
by employees only while they are physically located in the oce. When a
mobile requester submits an access request to the documents in the repository,
LS checks the physical location of the requester, and only if the requester is
within premises of the oce, he is given access. ABng book library [1] is one
such example to protect the topic in the library. An Active Badge is used to
authenticate the user and subsequently open the library door lock [1]. In this
case, the requesters are obviously mobile.
We assume that the location information as well as the security policies
are maintained by the LS. Under our framework, LS is also responsible for
enforcing the specified security policies. Therefore, to e
ciently enforce the
access requests, LS maintains the proposed unified index, as shown in figure
1. The access requests are processed by the LS, which searches the index for
the authorized data that adheres to the specified security policies. Specifically,
when a user (mobile or stationary) sends an access request (1), access control
evaluation module searches relevant authorizations that are applicable to the
submitted access request. The query sent to the mobile object and autho-
rization database essentially searches the unified index to identify the mobile
objects that satisfy the query and the security policies of the user that are
relevant to the query (2). The retrieved data from the unified index (3) is
the identifiers of moving object data which satisfies the existing security poli-
cies as well as the user access request. If a user wants to access the location
or trajectory information, moving object processing module associates the re-
quired information such as location or trajectory with the retrieved identifiers.
Finally, the resultant mobile objects are sent to the requester (4).
The plausibility of considering LS as a trusted party is discussed in [16]:
(1) enforcing spatiotemporal policies requires spatiotemporal processing which
LS is normally capable of; (2) a LS is seen to be implemented as a globally
distributed service which reduces the system susceptibility to the two major
vulnerabilities: being a single point of failure, and being attractive to hacking
attacks.
