Provisional Access Control Model for Mobile Ad-Hoc Environments: Application to Mobile Electronic Commerce

By Shin, Heechang; Moscato, Donald | Communications of the IIMA, December 2011 | Go to article overview

Provisional Access Control Model for Mobile Ad-Hoc Environments: Application to Mobile Electronic Commerce


Shin, Heechang, Moscato, Donald, Communications of the IIMA


INTRODUCTION

Mobile devices with wireless communication capabilities have become part of our lives. In a mobile environment, compared to the static desktop environment, network resources are constantly accessed through these devices while users are still moving. In this new mobile environment, it is easy to form a mobile ad-hoc network where neighboring mobile devices are forming a self-configuring network connected by wireless links. Examples include vehicular ad-hoc networks (VANETs) where neighboring vehicles communicate important information on road conditions or ride-share, social networks for finding friends, navigation advice in transportation, asset tracking, and mobile collaborative work. Especially, application to mobile electronic commerce is in our particular interests such as online ad-hoc auction market environment where auctioneers allow bidding from neighboring potential buyers.

In this environment, each mobile user is treated as a peer because one can retrieve data from one's neighboring mobile devices, and at the same time, one can provide the information as the other people request the information that she brings. This local search-and-discover action is performed by each peer without connecting to the centralized server.

In order to protect one's own resources, each peer specifies its own security/privacy policies. In a mobile peer-to-peer environment, access control decision depends on (i) specific actions performed before the decision is taken and (ii) also spatio-temporal attributes. First, connection between peers is arbitrary; and thus, it would be more appropriate if the access control decision is based on the conditions that the resource-holding peer has. For example, in online ad-hoc auction market, an auctioneer allows bidding of only serious users who meet the criteria such as reading and signing the contract beforehand. Second, access control decisions are also based on current locations (i.e., spatial attribute) of neighboring peers within the specific time durations (temporal attribute). For example, in location-based services (LBS) applications, a mobile user wants to receive promotion deals only if the current location of the user is within a certain distance from the merchant during the evening hours in order not to be overwhelmed by spam mails from merchants.

The Role-based access control (RBAC) model is popular because it can handle complicated enterprise-wide access requests where the traditional access control models such as Mandatory Access Control (MAC) and Discretionary Access Control (DAC) cannot handle. In RBAC, a role denotes a job function, and permissions to perform certain operations are assigned to specific roles instead of users. Then, each user is assigned to particular roles. Although facilitating resource sharing with enforcing security/privacy policies in a static environment has been discussed (Maruoka, Memati, Barolli, Enokido & Takizawa, 2008; Park, An, & Chandra, 2007; Park & Hwang, 2003; Ravichandran & Yoon, 2006; Silva et al. 2005), it is not applicable to a mobile ad-hoc environment due to the following reasons.

First of all, existing RBAC cannot be directly applicable to a mobile ad-hoc environment since peers are constantly moving over time and the policies are updated based on time and space. A naive solution would use a trusted party which authenticates each user and makes an access control decision. However, this is not practical especially for mobile a-hoc environment where participating peers are not predetermined and do not have the capability to connect to the central server. Also, it creates an issue with scalability of the system because the trusted server must be able to deal with all the access control requests and evaluates each peer's security policies. Considering the fact that these policies are based on space and time as well as specific actions that each peer has performed, overheads to the system to enforce these policies would not be scalable. …

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Provisional Access Control Model for Mobile Ad-Hoc Environments: Application to Mobile Electronic Commerce
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited passage

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.