||Combining Logical and Physical Access Control for Smart Environments
||Frank, Kristine (Informatics and Mathematical Modelling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Willemoes-Wissing, Ida C.
||Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
||Traditional access control models only protect logical entities within the computer (such as les and memory) and not information displayed on a computer monitor. Furthermore, it is processes that are granted or denied access to resources, not the persons who are physically present in front of the computer. Logical access control models are inadequate if the environment is physically unprotected and an intruder uses coercion to obtain access to otherwise classi ed information. The coercion could include weapons, leaving the user with no option but to grant access to the computer.
The theoretical contribution of this thesis is an access control model that not only takes les and process into consideration when making access control decisions, but also the persons physically present in the environment and the information displayed on a computer monitor. The model is a multilevel security model where files, processes, windows and unauthorized persons are associated with security levels. These levels are used as the basis for mandatory access control decisions. If a person in the environment is denied viewing access to a window, the window will disappear from the computer monitor so that it no longer is human-readable.
The technical contributions fall in three modules. Firstly, a stackable file system has been extended so that it can enforce mandatory access control. Secondly, a simple movement sensor based on two web-cameras can detect whether unauthorized persons enter or leave the environment. Finally, a module combines the logical and physical access control and ensures that windows on the computer monitor are made invisible when the data received from the sensor indicates that unauthorized persons are present. The system has been developed so that it can be integrated with a Unix operating system.
The security policy enforced by the system is set by parameters during startup. These parameters can, for instance, specify that the system should conform to the Bell-LaPadula model or the Biba model and thus address confidentiality or integrity, respectively.
||Supervised by Assoc. Prof. Christian D. Jensen
||access control; multilevel security models; sensors; motion detection; operating systems; and stackable file systems
Creation date: 2006-06-22
Update date: 2007-09-11