Context-aware access control - Making access control decisions based on context information

In ubiquitous computing environments access control decisions have to be adaptable to changes of the situation or state of an entity, in order to properly adjust to these changes without the need of manual interaction. A solution to this challenge is context-aware access control, where the mentioned changes are influencing access control decisions. In this paper we present a security framework for mobile business applications that is capable of performing context-aware access control on message level. There are several components in the framework that together (1) ensure that security requirements defined in policies are enforced in the framework, (2) provide context information and apply plausibility checks to increase the confidence that context information represents the actual situation or state (context) of an entity, and (3) perform the access-control decisions based on a combination of classic access control schemes and context information. In addition, a scenario is described where the introduced features of the framework are applied.