| dc.description.abstract | Role Based Access Control (RBAC) is an effective access control method for protecting information and resources in large information systems. It is used as a basis for security in medium and large organizations, where the network structure often becomes large and complex. RBAC has got increased attention the last couple of years, because of its reduced complexity and costs for security management. When using RBAC, one control the access to data and resources based on the organizational activities and responsibilities users perform in the rganization. This means that a user’s access to data and resources are limited by the users authorized roles in the organization.
In general access control models have been developed for fixed information systems. When moving on to wireless information systems, which enable employees to access information and resources on an organizations network, through a mobile terminal like a PDA, it is necessary to adapt the RBAC model, so it can handle such flexible and dynamic environments. The model should be extended with location. Then it is possible to handle access requests based on the physical location in which the user is situated. However, considerations must be taken concerning the mobile devices, which suffer in performance, memory, and battery limitations compared to ordinary computers systems.
This thesis gives an overview of RBAC, its functionality and its advantages. We describe an extended RBAC model that is better suited for mobile environments. This model is called Spatial RBAC and is extended to cope with location information.
In addition an architecture and a prototype application has been developed for estimating a users location. This application uses the concepts in RBAC and together with a location sensing technology, it is possible to grant and deny access to resources based on a users location. By using the Bluetooth technology, we were able to define wireless zones and to obtain a user’s location. In these zones it is possible to configure which roles, with their assigned permissions, that can be activated in the different zones. When a user moves from one zone to another the system dynamically updates the user’s permissions. In cooperation with our supervisors, we were also able to implement our prototype application into a framework for teleservices, called ActorFrame. Through this framework we were able to offer SMS messaging as an available service. GSM localization is also used in addition to Bluetooth for checking a user’s actual location.
The main conclusion is that RBAC can be adapted for use in a wireless information system, and that it is possible to use location aware technologies for resolving a users position, and update his or hers permissions accordingly. By leaving the most advanced functionality on a fixed infrastructure and the light part of the system on the mobile devices itis possible to develop advanced access control systems for mobile environments. We have showed that RBAC is an effective access control mechanism for handling access to data and resources in large informatin systems as well as to reduce the administration tasks. A proposed RBAC standard will also provide an increase in standardised RBAC components in future access control products. | en |
