An access-control model for mobile computing with spatial constraints - Location-aware role-based access control with a method for consistency checks

Some of the most salient challenges that come along with the employment of mobile information systems stem from security issues: portable devices like PDAs, smartphones and notebooks easily get stolen or lost and wireless data transmission could be eavesdropped, so that unauthorized individuals gain access to confidential resources. One approach to tackle these problems is location-aware access control, i.e. based on knowledge about the user's position the information system can decide if access to a resource should be granted or not. For example a nurse using a PDA should only be allowed to access confidential patient data while staying on the premises of the hospital. In our article we present a data model for location-aware access control based on the concepts of roles. Using our model it is possible to assign location restrictions to several entities, e.g. to users, to roles or permissions. We also propose a method to analyze the consistency of spatial constraints expressed by an instance of our model.