A Security Model for Mobile Processes
Published: 2008 Juli
Buchtitel: m-business 2008: 7th International Conference on Mobile Business (ICMB 08)
Erscheinungsort: Barcelona, Spain
Technologies like mobile devices (e.g. PDAs, smartphones, notebooks) and wireless data communication (e.g. GPRS, UMTS, WiFi) have a great potential for the improvement of mobile processes, e.g. by enabling access to timecritical information and preventing media disruptions. But the usage of these technologies leads also to specific challenges, particularly with regard to security and usability. One approach to deal with mobile-specific security concerns is to control access to functions provided by mobile information systems depending on the current location of the user, e.g. a travelling salesman should only be allowed to enter a customer's order when he currently resides at the premises of that customer. A formal model to write down such rules is called "security model". There are already some security models which take the user's location into account when deciding which functions of a system a certain user is allowed to use but they are process-agnostic, i.e. location-restrictions at process level cannot be expressed. In literature also security models for process-aware information system can be found but they don't consider location. In our work we therefore propose a security model for mobile processes based on an elicitation of requirements.