Context aware delegation

Context aware delegation

Use of contextual information (location, time) of a delegatee to mitigate this violation, which helps to achieve a higher level of practical security in nomadic environments used by nomadic user .

Delegation in access control domain is not practical for the most of pervasive computers due to its complicated and complex structure. Identity delegation Identity delegation at authentication level provides improved usability,however, identity delegation violates the principle of least privileges [1].

Theory

The term Validated identity refers to the identity that an authentication mechanism concludes with help of one or more authentication techniques. Similarly, the so-called authenticated identity provided to an access control mechanism is referred as Effective identity.

"A context-aware identity delegation at authen tication level is a process in which an authentication mechanism provides an effective identity that is different from the validated identity of a user provided the following conditions are true.”

  1. Whom: The owner of the effective identity (delegator) has previously delegated his identity to owner of the validated identity (delegatee).
  2. Which: The current context of authentication for the delegatee is same as previously specified by the delegator [1].

How it works

When a delegatee approaches a system, the claimed identity of the delegatee is validated by a classic authentication mechanism, in the usual way. After this, the module Delegation Controller maps the validated identity to an effective user identity based on the input from Delegation Configuration. Now, this effective identity is supplied to the access control mechanism. This effective identity could either be of the delegatee or of the delegator, depending on the inputs from Delegation Configuration and Context Monitor. A user A can be recognized as a user B in the access control mechanism if B has previously delegated his identity to A and the current context of the system for A is same as previously specified by B [2].

The log file provides a level of accountability in the system. Since our mech anism is at authentication level, one cannot restrict unnecessary delegated authorizations as they are part of the access control domain. This drawback is inherited from the very nature of identity delegation and is justified by the logfile and the assumption of mutual trust among co-workers and colleagues [2].In the mechanism one may restrict the propagation of unnecessary authorizations by limiting the delegation in particular context specified by the delegator. In thisway one can increase the security of a system by limiting the violation of the principle of least privileges [3].

References

  1. ^ a b http://ceur-ws.org/Vol-504/CAT09_Proceedings.pdf#page=9
  2. ^ Naveed Ahmed and Christian D. Jensen. A mechanism for identity delegation at authentication level. In The 14th Nordic Conference in Secure IT Systems, NordSec-2009, Oslo, Norway, October 2009.
  3. ^ M. Gasser and E. McDermott. An architecture for practical delegation a dis- tributed system. In Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, California, U.S.A., 1990

Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Context-aware pervasive systems — Context aware computing refers to a general class of mobile systems that can sense their physical environment, and adapt their behavior accordingly. Such systems are a component of a ubiquitous computing or pervasive computing environment. Three… …   Wikipedia

  • Context-aware services — is a computing technology which incorporates information about the current location of a mobile user to provide more relevant services to the user.[1] An example of a context aware service could be a real time traffic update or even a live video… …   Wikipedia

  • Context awareness — is defined complementary to location awareness. Whereas location may serve as a determinant for resident processes, context may be applied more flexibly with mobile computing with any moving entities, especially with bearers of smart… …   Wikipedia

  • Delegation — This article is about the handing of a task from a superior to a subordinate. For other uses, see Delegation (disambiguation). Delegation (or deputation) is the assignment of authority and responsibility to another person (normally from a manager …   Wikipedia

  • Computational trust — In Information security, computational trust is the generation of trusted authorities or user trust through cryptography. In centralised systems, security is typically based on the authenticated identity of external parties. Rigid authentication… …   Wikipedia

  • china — /chuy neuh/, n. 1. a translucent ceramic material, biscuit fired at a high temperature, its glaze fired at a low temperature. 2. any porcelain ware. 3. plates, cups, saucers, etc., collectively. 4. figurines made of porcelain or ceramic material …   Universalium

  • China — /chuy neuh/, n. 1. People s Republic of, a country in E Asia. 1,221,591,778; 3,691,502 sq. mi. (9,560,990 sq. km). Cap.: Beijing. 2. Republic of. Also called Nationalist China. a republic consisting mainly of the island of Taiwan off the SE coast …   Universalium

  • international relations — a branch of political science dealing with the relations between nations. [1970 75] * * * Study of the relations of states with each other and with international organizations and certain subnational entities (e.g., bureaucracies and political… …   Universalium

  • United States — a republic in the N Western Hemisphere comprising 48 conterminous states, the District of Columbia, and Alaska in North America, and Hawaii in the N Pacific. 267,954,767; conterminous United States, 3,022,387 sq. mi. (7,827,982 sq. km); with… …   Universalium

  • UNITED STATES OF AMERICA — UNITED STATES OF AMERICA, country in N. America. This article is arranged according to the following outline: introduction Colonial Era, 1654–1776 Early National Period, 1776–1820 German Jewish Period, 1820–1880 East European Jewish Period,… …   Encyclopedia of Judaism

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”