Efficiently enforcing spatiotemporal access control under uncertain location information

In a mobile environment, user’s physical location plays an important role in determining access to resources. However, because current moving object databases do not keep the exact location of the moving objects, but rather maintain their approximate location for reasons of minimizing the updates, the access request evaluation cannot always guarantee the intended access control policy requirements. This may be risky to the system’s security, especially for highly sensitive resources. In this paper, we introduce an authorization model that takes the uncertainty of location measures into consideration for specifying and evaluating access control policies. An access request is granted only if the confidence level of the location predicate exceeds the predefined uncertainty threshold level specified in the policy. However, this access request evaluation is computationally expensive as it requires to evaluate a location predicate condition and may also require evaluating the entire moving object database. For reducing the cost of evaluation, in this paper, we compute lower and upper bounds ( R min and R max ) on the region that minimize the region to be evaluated, thereby allowing unneeded moving objects to be discarded from evaluation. To further minimize the region of evaluation, we propose to compute R min ′ and R max ′ that have smaller filter size so that filtering more objects out for evaluation. In addition, we extend our approach such that it does not require assumptions on the probability distribution functions. We show how these filters R min , R max , R min ′ , and R max ′ can be computed and maintained, and provide algorithms to process access requests.