A Context-Aware System to Secure Enterprise Content: Incorporating Reliability Specifiers

The sensors of a context-aware system extract contextual information from the environment and relay that information to higher-level processes of the system so to influence the system\u2019s control decisions. However, an adversary can maliciously influence such controls indirectly by manipulating the environment in which the sensors are monitoring, thereby granting privileges the adversary would otherwise not normally have. To address such context monitoring issues, we extend CASSEC by incorporating sentience-like constructs, which enable the emulation of \u201dconfidence\u201d, into our proximity-based access control model to grant the system the ability to make more inferable decisions based on the degree of reliability of extracted contextual information. In CASSEC 2.0, we evaluate our confidence constructs by implementing two new authentication mechanisms. Co-proximity authentication employs our time-based challenge-response protocol, which leverages Bluetooth Low Energy beacons as its underlying occupancy detection technology. Biometric authentication relies on the accelerometer and fingerprint sensors to measure behavioral and physiological user features to prevent unauthorized users from using an authorized user\u2019s device. We provide a feasibility study demonstrating how confidence constructs can improve the decision engine of context-aware access control systems

Third party geolocation services in LBS: privacy requirements and research issues

The advances in positioning technologies and the emergence of geolocation standards opens up to the development of innovative location-based services (LBS), e.g., web-based LBS. These services challenge existing privacy protection solutions. For example, the position information is provided by a third party, the location provider, and this party may be not fully trusted. In this paper, we analyze the web-based LBS model. Then we outline the privacy-aware geolocation strategy which minimizes the interaction with the untrusted location provider by caching the information that is useful to determine the position in proximity of the private positions, e.g., home, which have been already visited. The deployment of this strategy requires investigating several issues and novel tools. The objective of this paper is to discuss the technical challenges and suggest directions of research towards a comprehensive privacy-preserving framework. To our knowledge, this is the first work on privacy protection against untrusted location providers

Mobile security with location-aware role-based access control

This paper describes how location-aware Role-Based Access Control (RBAC) can be implemented on top of the Geographically eXtensible Access Control Markup Language (GeoXACML). It furthermore sketches how spatial separation of duty constraints (both static and dynamic) can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC can be used to implement location dependent access control and also other security enhancing solutions on mobile devices, like location dependent device locking, firewall, intrusion prevention or payment anti-fraud systems

Location relevance and diversity in symbolic trajectories with application to telco data

We present an approach to the discovery and characterization of relevant locations and related mobility patterns in symbolic trajectories built on call detail records - CDRs - of mobile phones (telco trajectories). While the discovery of relevant locations has been widely investigated for continuous spatial trajectories (e.g., stay points detection methods), it is not clear how to deal with the problem when the movement is defined over a discrete space and the locations are symbolic, noisy and irregularly sampled, such as in telco trajectories. In this paper, we propose a methodological approach structured in two steps, called trajectory summarization and summary trajectories analysis, respectively, the former for removing noise and irrelevant locations; the latter to synthesize key mobility features in a few novel indicators. We evaluate the methodology over a dataset of approx 17,000 trajectories with 55 million points and spanning a period of 67 days. We find that trajectory summarization does not compromise data utility, while significantly reducing data size. Moreover, the mobility indicators provide novel insights into human mobility behavior

Mathematical Programming Algorithms for Spatial Cloaking

We consider a combinatorial optimization problem for spatial information cloaking. The problem requires computing one or several disjoint arborescences on a graph from a predetermined root or subset of candidate roots, so that the number of vertices in the arborescences is minimized but a given threshold on the overall weight associated with the vertices in each arborescence is reached. For a single arborescence case, we solve the problem to optimality by designing a branch-and-cut exact algorithm. Then we adapt this algorithm for the purpose of pricing out columns in an exact branch-and-price algorithm for the multiarborescence version. We also propose a branch-and-price-based heuristic algorithm, where branching and pricing, respectively, act as diversification and intensification mechanisms. The heuristic consistently finds optimal or near optimal solutions within a computing time, which can be three to four orders of magnitude smaller than that required for exact optimization. From an application point of view, our computational results are useful to calibrate the values of relevant parameters, determining the obfuscation level that is achieved

Access control systems for geo-spatial data and applications

Data security is today an important requirement in various applications because of the stringent need to ensure confidentiality, integrity, and availability of information. Comprehensive solutions to data security are quite complicated and require the integration of different tools and techniques as well as specific organizational processes. In such a context, a fundamental role is played by the access control system (ACS) that establishes which subjects are authorized to perform which operations on which objects. Subjects are individuals or programs or other entities requiring access to the protected resources. When dealing with protection of information, the resources of interest are typically objects that record information, such as files in an operating system, tuples in a relational database, or a complex object in an object database. Because of its relevance in the context of solutions for information security, access control has been extensively investigated for database management systems (DBMSs) [6], digital libraries [3, 14], and multimedia applications [24]. Yet, the importance of the spatial dimension in access control has been highlighted only recently. We say that access control has a spatial dimension when the authorization to access a resource depends on position information.We broadly categorize spatially aware access control as object-driven, subject-driven, and hybrid based on whether the position information concerns objects, subjects, or both, respectively. In the former case, the spatial dimension is introduced because of the spatial nature of resources. For example, if the resources are georeferenced Earth images, then we can envisage an individual be allowed to only display images covering a certain region. The spatial dimension may also be required because of the spatial nature of subjects. This is the case of mobile individuals allowed to access a resource when located in a given area. For example, an individual may be authorized to view secret information only within a military base. Finally, position information may concern both objects and subjects like in the case of an individual authorized to display images of a region only within a military office. There is a wide range of applications which motivate spatially aware access control. The two challenging and contrasting applications we propose as examples 190 Maria Luisa Damiani and Elisa Bertino are the spatial data infrastructures (SDI) and location-based services (LBS). An SDI consists of the technological and organizational infrastructure which enables the sharing and coordinated maintenance of spatial data among multiple heterogeneous organizations, primarily public administrations, and government agencies. On the other side, LBS enable mobile users equipped with location-aware terminals to access information based on the position of terminals. These applications have different requirements on access control. In an SDI, typically, there is the need to account for various complex structured spatial data that may have multiple representations across different organizations. In an SDI, the access control is thus object-driven. Conversely, in LBS, there is the need to account for a dynamic and mobile user population which may request diversified services based on position. Access control is thus subject-driven or hybrid. However, despite the variety of requirements and the importance of spatial data protection in these and other applications, very few efforts have been devoted to the investigation of spatially aware access control models and systems. In this chapter, we pursue two main goals: the first is to present an overview of this emerging research area and in particular of requirements and research directions; the second is to analyze in more detail some research issues, focusing in particular on access control in LBS. We can expect LBS to be widely deployed in the near future when advanced wireless networks, such as mobile geosensor networks, and new positioning technologies, such as the Galileo satellite system will come into operation. In this perspective, access control will become increasingly important, especially for enabling selective access to services such as Enterprise LBS, which provide information services to mobile organizations, such as health care and fleet management enterprises. An access control model targeting mobile organizations is GEO-RBAC [4]. Such a model is based on the RBAC (role-based access control) standard and is compliant with Open Geospatial Consortium (OGC) standards with respect to the representation of the spatial dimension of the model. The main contributions of the chapter can be summarized as follows: \u2022 We provide an overview of the ongoing research in the field of spatially aware access control. \u2022 We show how the spatial dimension is interconnected with the security aspects in a specific access control model, that is, GEO-RBAC. \u2022 We outline relevant architectural issues related to the implementation of an ACS based on the GEO-RBAC model. In particular, we present possible strategies for security enforcement and the architecture of a decentralized ACS for large-scale LBS applications. The chapter is organized as follows. The next section provides some background knowledge on data security and in particular access control models. The subsequent section presents requirements for geospatial data security and then the state of the art. Afterward the GEO-RBAC model is introduced. In particular, we present the main concepts of the model defined in the basic layer of the model, the Core GEO-RBAC. Hence, architectural approaches supporting GEO-RBAC are presented. Open issues are finally reported in the concluding section along with directions for future work

Spatial Data Warehouse Modelling

is concerned with multidimensional data models for spatial data warehouses. It first draws a picture of the research area, and then introduces a novel spatial multidimensional data model for spatial objects with geometry: the Multigranular Spatial Data warehouse (MuSD). The main novelty of the model is the representation of spatial measures at multiple levels of geometric granularit

Privacy challenges in third-party location services

The concern for location privacy in mobile applications is commonly motivated by a scenario in which a mobile device communicates personal location data, i.e. the device holder location, to a third party e.g. LBS provider, in exchange for some information service. We argue that this scenario offers a partial view of the actual risks for privacy, because in reality the information How can be more complex. For example, more and more often location is computed by a third party, the location provider, e.g. Google Location Service. Location providers are in the position of collecting huge amounts of location data from the users of diverse applications (e.g. Facebook and Foursquare to cite a few). This raises novel privacy concerns. In this paper, we discuss two issues related to the protection from location providers. The first focuses on the compliance of emerging location services standards with European data protection norms; the latter focuses on hard privacy solutions protecting from untrusted location providers

Foreword for the special issue of selected papers from the 3rd ACM SIGSPATIAL Workshop on Security and Privacy in GIS and LBS

The third Workshop on Security and Privacy in GIS and LBS (SPRINGL 2010) was organized in November 2, 2010, San Jose, California in conjunction with the SIGSPATIAL International Conference on Advances in Geographic Information Systems (ACM GIS 2010). Security and privacy are the two dimensions of GIS systems and geospatial applications that need to be addressed for these applications to have wider acceptance. However, we are still far from fully achieving this goal with provable techniques that can be adopted by the industry. The SPRINGL workshop series aims to provide a forum for researchers working in the field of geospatial data security and privacy to discuss the advances in this domain. In order for solid archival work to be presented to the community, special issues of Transactions on Data Privacy have been organized for the previous SPRINGL workshops. This special issue contains three extended papers that have been selected from the papers presented at SPRINGL 2010 focusing mainly on the privacy aspects