Access Control to Information in Pervasive Computing Environments
Abstract
Pervasive computing envisions a world in which we are surrounded by embedded, networked devices, which gather and share information about people, such as their location, activity, or even their feelings. Some of this information is confidential and should be released only to authorized entities. In this thesis, I show how existing solutions for controlling access to information are not sufficient for pervasive computing. This thesis presents a distributed access-control architecture for pervasive computing that supports complex and derived information and confidential context-sensitive constraints. Namely, the thesis makes the following contributions: First, I introduce a distributed access-control architecture, in which a client proves to a service that the client is authorized to access the requested information. Second, I incorporate the semantics of complex information as a first-class citizen into this architecture, based on information relationships. Third, I propose derivation-constrained access control, which reduces the influence of intruders into a service by making the service prove that it is accessing information on behalf of an authorized client. Fourth, I study the kinds of information leaks that confidential context-sensitive constraints can cause, and I introduce access-rights graphs and hidden constraints to address these leaks. Fifth, I present obscured proof-of-access descriptions, which allow a service to inform a client of the required proof of access without leaking confidential information being part of this description. Sixth, as an alternative approach, I introduce an encryption-based access-control architecture for pervasive computing, in which a service gives information to any client, but only in an encrypted form.
Document Details
- Document Type
- Technical Report
- Publication Date
- Aug 01, 2005
- Accession Number
- ADA457117
Entities
People
- Urs Hengartner
Organizations
- Carnegie Mellon University