A Quality of Context-Aware Approach to Access Control in Pervasive Environments

The widespread diffusion of wireless-enabled portable devices creates novel opportunities for users to share resources anywhere and anytime, but makes access control a crucial issue. User/device mobility and heterogeneity, together with network topology and conditions variability, complicate access control and call for novel solutions to dynamically adapt access decisions to the different operating conditions. Several research efforts have emerged in recent years that propose to exploit

context-awareness

to control access to resources based on context visibility and changes. Context-based access control requires, however, to take into account the

quality

of context information used to drive access decisions (QoC). Quality of context has in fact a profound impact on the correct behavior of any context-aware access control framework. Using context information with insufficient quality might increase the risk of incorrect access control decisions, thus leading to dangerous security breaches in resource sharing. In this paper we propose a QoC-aware approach to access control for anywhere, anytime resource sharing. The paper describes the design, implementation and evaluation of the Proteus policy framework, which combines two design guidelines to enable dynamic adaptation of policies depending on context changes: context-awareness with QoC guarantees and semantic technologies to allow high-level description of context/policy specification and reasoning about context/policies.