Mobile Intelligence by Laurence T. Yang, Agustinus Borgy Waluyo, Jianhua Ma, Ling Tan, Bala Srinivasan

19.4 LOCATION-BASED ACCESS CONTROL

Conventional access control mechanisms rely on the assumption that requesters' profiles fully determine what they are authorized to do. However, context information and, in particular, physical user locations may also play an important role in determining access rights. We describe the integration of access control policies with location-based conditions, focusing on policy evaluation and enforcement, which represent challenging issues inevitably associated with such an extension to access control policies. LBAC supports access control policies that include conditions based on the physical location of a requester. Difficulties arise from the very nature of location information, which is dynamic, affected by a measurement error and requires a special dedicated infrastructure to be gathered. Rapid advancements in the field of wireless and mobile networking have fostered a new generation of devices suitable for being used as sensors by location technologies able to compute relative position and movement of users. Once a user's location has been gathered, a LBAC policy can be evaluated and the user could be granted access to a particular resource. The location-verification process must be able to tolerate rapid context changes because mobile users can wander freely while initiating transactions by means of terminal devices like cell phones (GSM and 3G) and palmtops with WiFi cards. Regardless to the specific technology, location verification can provide ...