期刊名称:International Journal of Distributed Sensor Networks
印刷版ISSN:1550-1329
电子版ISSN:1550-1477
出版年度:2009
卷号:5
DOI:10.1080/15501320802540686
出版社:Hindawi Publishing Corporation
摘要:With the development of the RBAC applications, the spatial characters of those protected data objects have to be considered in many fields. In most cases, the permissions of the same user's access will be changed when the users' location changed. The roles played by the same user may be different since their spatial location is changing and then this user would have the different access authorizations in different spatial locations. Generally speaking, the permissions assigned to users depend on their position in a reference space: users often belong to well-defined categories; objects to which permissions must be granted are located in that space; access control policies must grant some privileges based on the positions of objects/users. Some considerable efforts have been recently devoted to the research of secure spatial database systems which guarantee high security and privacy. Especially the integration of the spatial dimension into RBAC-based models has been the hot topic as a consequence of the growing relevance of geo-spatial information in advanced GIS and mobile applications. In the context of mobile applications, spatial constraints are very important for supporting the definition and maintenance of access control policy. Constraint is an important matter of role-based access control policy. It is enforced on special roles in order to maintain the system security. There is only one constraint specified in the traditional RBAC, which is used to enforce the Separation of Duty (SoD) constraint. In this paper, according to the analysis of the spatial features of those protected spatial data object, combining the necessity of spatial constraints and the non-conflict conditions of spatial constraints with the satisfiability of spatial constraints sets and relevance between the different classes of constraints, the constraints with spatial characters are divided into three different classes: the constraints on spatial region, spatial separation of duty constraint, and constraints on cardinality of spatial role activation. We also present the relationship between the different constraints.
