In pervasive computing environments, information gateways derive specific information, such as a person's location, from raw data provided by a service, such as a videostream offered by a camera. Here, access control to confidential raw data provided by a service becomes difficult when a client does not have access rights to this data. For example, a client might have access to a person's location information, but not to the videostream from which a gateway derives this information. Simply granting access rights to a gateway will allow an intruder into the gateway to access any raw data that the gateway can access. We present the concept of derivation-constrained access control, which requires a gateway to prove to a service that the gateway needs requested raw data to answer a client's authorized request for derived information. Therefore, an intruder into the gateway will be limited in its capabilities. We provide a formal framework for derivation-constrained access control based on Lampson et al.'s "speaks-for" relationship. We demonstrate feasibility of our design with a sample implementation and a performance evaluation. © Springer-Verlag Berlin Heidelberg 2006.
CITATION STYLE
Hengartner, U., & Steenkiste, P. (2006). Securing information gateways with derivation-constrained access control. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3934 LNCS, pp. 181–195). https://doi.org/10.1007/11734666_14
Mendeley helps you to discover research relevant for your work.