Context-aware Authorization in Highly Dynamic Environments
Highly dynamic computing environments, like ubiquitous and pervasive computing environments, require frequent adaptation of applications. Context is a key to adapt suiting user needs. On
the other hand, standard access control trusts users once they have authenticated, despite the fact that they may reach unauthorized contexts. We analyse how taking into account
dynamic information like context in the authorization subsystem can improve security, and how this new access control applies to interaction patterns, like messaging or eventing. We experiment and validate our approach using context as an authorization
factor for eventing in Web service for device (like UPnP or DPWS), in smart home security.
Keywords: Access Control, Context-awareness, Dynamic
Authorization, Context-sensitive Authorization, Interaction Patterns
Download Full-Text
