Role-based access control (RBAC) is one of the famous access control models and is widely used in both research and industry. Several models of RBAC have been published and several commercial implementations are available. However, most of these models and commercial products depend on current wired network and do not consider ubiquitous computing environment. Recently, ubiquitous computing begins to receive attention increasingly as a new paradigm after Internet. Ubiquitous computing literally denotes a situation in which computing is done everywhere. It is different features from current Internet services. Therefore, the access control model for ubiquitous computing environment should consider these different features.
The current access control models have several problems in employing ubiquitous computing environment such as representing features related to environment. Common RBAC models do not have formal expressions for various and dynamic environment. The extended several RBAC models try to adapt some environment features but these models have problems in representing dynamically changeable permission. For that reason, we propose an access control model for ubiquitous computing environment that supports environment and situation features such as temporal and spatial dimensions and relationship.
In order for the proposed model to support ubiquitous computing environment, it has new concepts such as Conditions, Object Entity, U-Services and Subject Entity. Subject Entity (SE) is subjects such as users and devices that have a right to use some services in ubiquitous computing environment. Role (R) has same meaning of role in RBAC model. U-Service (SV) has similar meaning of permission in RBAC model but it has wider concept than permission has. Object Entity (OE) is objects such as users and devices that are targets of service. Conditions (C) is kind of constraints in RBAC model and it consists of two components; Situation information (SI) and relationship (RE). These new concepts are formally described and defined as syntax and semantics. For creation and maintenance of the proposed access control model, various functions and functional specifications are required. Administrative functions, supporting system functions and review functions are defined and represented by Z-notation. Semantics, system states, traces, and construction of execution model for the proposed model are introduced and defined to show how the proposed model is used in ubiquitous computing environment.
In order to show the applicability of the proposed access control model, various example cases are illustrated. The example cases show that the proposed model is suitable for various and dynamic ubiquitous computing environment. From the comparison with other models, we show that the proposed model supports more environment factors than other access control models do.