A conceptual model of security context

Ubiquitous environments which embrace the trends of enterprise mobility and the consumerization of IT have an increasing social importance. In these environments, the same device and applications are simultaneously used for both personal and professional purposes. Such usage blurs the boundaries between personal and professional domains and presentsmany challenges for information security. Context-aware security has been proposed as a solution for many of them. We argue that the existing approaches are limited and mainly deal with targeted use cases. They do not provide a clear and complete understanding of the context relevant for security, and use contextual information with an arbitrary level of abstraction. In order to address these issues, we propose a conceptual model of security context. The model identifies important concepts of security context and takes related social aspects into account. It represents the security context through a set of concepts at the appropriate level of abstraction. We show that our model is suitable to analyze various situations from the perspective of security and compare them with the existing approaches. The model promises to facilitate the specification and management of security policies containing contextual information as well.