Efficiently enforcing the security and privacy policies in a mobile environment

Vijayalakshmi Atluri, Heechang Shin

Research output: Chapter in Book/Report/Conference proceedingChapter

2 Scopus citations

Abstract

Effective delivery of location-based services (LBS) requires efficient processing of access requests to find the past, present and future location of the mobile customers (or moving objects) that match a certain profile. However, this gives rise to a number of security and privacy concerns because LBS may need to locate and track a mobile customer, and gain access to his/her profile. Location information has the potential to allow an adversary to physically locate a person, and user profile information may include sensitive attributes such as name, address, linguistic preference, age group, income level, marital status, education level, etc. As such, mobile customers have legitimate concerns about their personal safety, if such information should fall into the wrong hands. One way to take these concerns into account is by establishing security policies and enforcing them for every access. A comprehensive security policy can encode spatiotemporal restrictions on access to location and profile. To incorporate security, an appropriate access control mechanism must be in place to enforce the authorization specifications reflecting the above security and privacy policies. Serving an access request requires to search for the desired moving objects that satisfy the query, as well as identify and enforce the relevant security policies. While this solves the security problem, it creates a performance problem. Often, enforcing security incurs overhead, and as a result may degrade the performance of a system. Thus, one way to alleviate this problem and to effectively serve access requests, is to efficiently organize the mobile objects, authorizations as well as mobile customers' profiles. The key insight is to realize that a lot of duplicate work is performed while searching for the relevant authorizations and mobile objects. In this book chapter, we present the different solutions proposed by researchers in a response to address the above issue. The solutions specifically propose unified index schemes for organizing moving object data, authorizations and profiles of users.

Original languageEnglish (US)
Title of host publicationHandbook of Database Security
Subtitle of host publicationApplications and Trends
PublisherSpringer US
Pages553-573
Number of pages21
ISBN (Print)9780387485324
DOIs
StatePublished - 2008

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Efficiently enforcing the security and privacy policies in a mobile environment'. Together they form a unique fingerprint.

Cite this