Security Considerations for a Distributed Location Service
Ulf Leonhardt
Dept. of Computing,
Imperial College,
180 Queen's Gate,
London SW7 2BZ, UK
Email: Ulf.Leonhardt_AT_ic.ac.uk
Jeff Magee
Dept. of Computing,
Imperial College,
180 Queen's Gate, London SW7 2BZ, UK
Email: Jeff.Magee_AT_ic.ac.uk
Abstract
Mobile computing, wireless communications, and cheap location
tracking and navigation systems have made location data a valuable and
available commodity for many different kinds of computing applications.
However, there are fears that this new wealth of personal location
information will lead to new security risks, to the invasion of the
privacy of people and organisations. In this paper, we discuss security
requirements faced by a location service in different organisational
contexts. We argue that fine-grained access control requires a symbolic
location model over which access control is specified. We outline the
salient features of a location service supporting such a location model.
The two main classical security models, Lampson?s access matrix and
Bell-LaPadula?s security labels, are analysed with view to their
application to location information. We argue that those schemes need to
be generalised to deal with multiple targets in order to be applicable
to location information. Based on the generalised models, we propose a
concrete security model for location information which protects both
personal and organisational privacy. We have implemented this model over
a prototype implementation of a general location service.
Keywords: location service, access control policies, discretionary access
control, mandatory access control
JNSM: Vol. 6, No. 1, 1998
Security Considerations for a Distributed Location Service [Vol. 6, No. 1, 1998]
NOTE: only abstract of paper available on-line
Back to JNSM main page