Towards the realisation of context-risk-aware access control in pervasive computing

This paper proposes a novel Context-Risk-Aware Access Control (CRAAC) model for Ubiquitous Computing (UbiComp) environments. Context-aware access control allows access permissions to be adjusted dynamically in adaptation to the changes in the surrounding context. Though current context-aware access control solutions can, to a certain extent, achieve such context adaptation, there are still limitations in these solutions. One of the limitations is that they make use of an architectural model by which the two major functional blocks, context infrastructure and access control system, are tightly coupled together. As a result, they are not flexible nor generic to accommodate various access control constraints and policy settings. The CRAAC model is designed to overcome this limitation. By introducing the concept of risk aware and authorisation levels of assurance (LoA) into the authorisation decision making, and by maximising the use of a component-based approach in the architectural design, the model has successfully decoupled context infrastructure and access control system making it more extensible in providing the required functionality, and more flexible in accommodating different contextual attributes and their mutual correlation. In addition, it interoperates and is backward compatible with traditional role-based access control solutions.