A Policy Model and Framework for Context-Aware Access Control to Information Resources

TL;DR

This paper proposes a flexible, context-aware access control framework that extends role-based models with dynamic user-role and role-permission associations, using ontologies and a software prototype, demonstrated through healthcare case studies.

Contribution

It introduces a formal CAAC policy model, an ontology-based approach, and a prototype, advancing dynamic, context-sensitive access control mechanisms.

Findings

Ontology concepts effectively model healthcare scenarios.

Framework maintains correctness and consistency in policies.

Response time analysis shows acceptable performance overhead.

Abstract

In today's dynamic ICT environments, the ability to control users' access to resources becomes ever important. On the one hand, it should adapt to the users' changing needs; on the other hand, it should not be compromised. Therefore, it is essential to have a flexible access control model, incorporating dynamically changing context information. Towards this end, this paper introduces a policy framework for context-aware access control (CAAC) applications that extends the role-based access control model with both dynamic associations of user-role and role-permission capabilities. We first present a formal model of CAAC policies for our framework. Using this model, we then introduce an ontology-based approach and a software prototype for modelling and enforcing CAAC policies. In addition, we evaluate our policy ontology model and framework by considering (i) the completeness of the ontology concepts, specifying different context-aware user-role and role-permission assignment policies from the healthcare scenarios; (ii) the correctness and consistency of the ontology semantics, assessing the core and domain-specific ontologies through the healthcare case study; and (iii) the performance of the framework by means of response time. The evaluation results demonstrate the feasibility of our framework and quantify the performance overhead of achieving context-aware access control to information resources.