Prof. Alexander V. Smirnov is head of Computer Aided Integrated Systems Laboratory at St.Peterburg Institute for Informatics and Automation of the Russian Academy of Sciences - SPIIRAS (1994), Deputy-Director for Research (1996). He received his Ph.D (1984) and Dr.habil. (1994). He has been involved in projects sponsored by Ford, Nokia, US DoD, European Research Programs (Information Society Technologies, Esprit, Eureka/Factory, etc.), and Russian agencies in the areas of distributed intelligent systems, ontology management, intelligent decision support systems, etc. He is a member of IEEE SMC TC on Self-Organized Distributed and Pervasive Systems. He published more than 300 research papers.
Context-based Access Control Model for Smart Space
Co-authors: Alexey Kashevnik, Nikolay Shilov & Nikolay Teslya (SPIIRAS)
The smart space is an aggregation of devices, which can share their resources (information and services) and operate in coalitions. This nature of smart space enables of appearance of cyber conflicts between different smart space devices (or participants) which can have different goals and situation understanding but common information space for trusted cyber relationships. Therefore, one of the main security problems of coalition operations in smart spaces is a support of dynamic access control for decreasing cyber risks. In particular, a new access control model for accessing resources is needed. The model should describe the current situation via a context. Therefore, the research and development of the context-based access control mechanisms for smart space resources is an essential task.
The paper proposes a model of the context-based access control for the information shared in a smart space. Micro virtualization mechanisms represented by virtual private micro smart spaces are the basis for the model, which is built on the combination of the role-based and attribute-based access control models. Roles are assigned dynamically based on the smart space participant's trust level. The role separation allows simplifying policies and makes them human-readable and easy to configure. The trust level calculation is based on the participant's context, which includes identification attributes; location; current date; device type, etc. Also, three kinds of access control rules have been proposed. These rules are used to calculate the trust level, to assign roles based on the trust level, and to grant permissions to the smart space resources.