OCL Extension of Location Based Access Control

1. OCL Extension ofLocation Based Access Control Presented by Paul Whyman Based on the work of Indrakshi Ray and Mahendra Kumar

2. Location Based Access Control • Information about Location can strengthen access control policy • Not just which subject is accessing what object • Where the subject and object are located • Extension of Mandatory Access Control (MAC) • Enables increased access constraints for critical military applications • GPS & Infrared sensors determine location

3. Class Diagram • Formall model of LBAC relationships

4. Contains implies Dominates

5. OCL Specification • Constraint 1 [ Contains implies Dominates ] -- The security level of a containing location is dominated by the -- security level of a contained location { Context location inv : Location.allInstance() -> forAll ( loc1, loc2 : Location | loc2.containment(loc1) implies dominates )} • Constraint 3 [ Userclearance dominates Userlocation ] -- The security clearance of a user must dominate the location of -- the user { Context User inv : UserLocation -> implies ( User.Clearance dominates User.Location ) }