论文部分内容阅读
Abstract: In public spaces, there are a number of different contents such as visitors, physical information resources, and virtual information resources via their embedded output devices. Therefore, the author might unexpectedly enter the public spaces that have our unauthorized contents and/or unwanted characteristics. The author’s previous papers have introduced the novel concept of “Secure Spaces”, physical environments in which any visitor is protected from being pushed her unwanted information resources on and also any information resource is always protected from being accessed by its unauthorized visitors, and the model and architecture for space entry control and information access control based on their dynamically changing contents. Aiming to build more flexible Secure Spaces, this paper proposes an extended model for context-aware query control and search control based on how preferentially a virtual information resource should be outputted in a Secure Space as well as spatial entry control based on whether a virtual information resource should be granted or denied to be outputted in a Secure Space.
Key words: Access control, authorization, authentication, context-awareness, web search.
1. Introduction
In recent years, it has become one of the hottest research topics to make physical spaces smarter and more intelligent. Smart Spaces [1-6] are often physically isolated environments such as individual rooms that have been made smart by various information communication technologies and are expected to become increasingly convenient for our information access. Meanwhile, Information Security also becomes very significant and increasingly critical for any people in diverse scenes, especially in public places such as indoor work places, educational facilities, and healthcare centers, and so forth. The amount of physical or virtual information resources which should be protected in the physical world keeps growing exponentially.
Physical environments are becoming smart but not necessarily secure. When a user requests to access a virtual (computational) information resource via an output device, conventional access control systems make a decision by using its access policies on whether the user should be granted or denied to access it and then assuredly enforce the access decision. However, even if the requester is authorized by the resource, it should not be immediately offered to her via the output device, because there might be its unauthorized users as well as the authorized requester around the output device, especially in public places. Meanwhile, when a user enters a physical environment, the user might be unexpectedly forced to access her unwanted information resources (e.g., although she does not want to know about the result of a football game that she had recorded on video to watch later, she unfortunately encounters it in her train), and/or hate its real characteristics (e.g., degrees of dismal and danger).
There are two kinds of conventional access controls for the purpose of protecting information resource security. One approach is Information Access Control. When a user requests to perform an action on a virtual information resource such as a sensitive data file on computer, information access control systems make an authorization decision on whether the access request should be granted or denied, in order to protect it from its unauthorized users. However, they are not aware of the other users who are surrounding a device outputting it, and thus there might be its unauthorized user(s) in the surrounding area. If there are its unauthorized user as well as the authorized user, both users become able to access it and thus its confidentiality is not always protected. To protect it from its unauthorized users assuredly, they have to ensure that the area surrounding a device which will be granted to output the requested virtual information resource is truly secure, i.e., there is nobody unauthorized in the surrounding area.
Another approach is Space Entry Control. When a user requests to enter a physically isolated space such as a room and a building, physical entry control systems make an entry decision on whether the entry request should be granted or denied, in order to protect any physical information resource inside the space from its unauthorized users. However, they often determine the entry decision statically regardless of what physical or virtual information resources there are actually in the physical space, and thus there might not be any resource which should be protected from her. To ensure effective entry control, space entry control systems must be aware of dynamically changing contents such as visitors, physical or virtual information resources.
My previous papers [7-13] have introduced the novel concept of “Secure Spaces”, physically isolated environments where any visitor is protected from being pushed her unwanted information resources on and also any information resource is always protected from being accessed by its unauthorized visitors, and the model and architecture for space entry control and information access control based on their dynamically changing contents.
Aiming to build more flexible Secure Spaces, this paper proposes an extended model for Context-aware Query Control and Search Control based on how preferentially a virtual information resource should be outputted in a Secure Space as well as spatial entry control based on whether a virtual information resource should be granted or denied to be outputted in a Secure Space.
The remainder of this paper is organized as follows: Section 2 introduces the mechanism and formalized model of Secure Spaces. Section 3 and Section 4 propose the space-dependent query control and search control, respectively. Section 5 concludes this paper.
2. Secure Spaces and Entry Control
This section describes the architecture to build Secure Spaces in the physical world and the mechanism and formalized model of Space Entry Control for Secure Spaces by summarizing my previous papers [7-13].
2.1 Architecture
To build Secure Spaces in the real world by using space entry control based on their dynamically changing contents such as their visitors, physical information resources and virtual information resources via their embedded output devices, each Secure Space requires the following facilities (Fig. 1):
Space Management is responsible for managing a Secure Space, i.e., for constantly figuring out its contents such as its visitors, its embedded physical information resources and virtual information resources outputted via its embedded output devices and also for ad-hoc making an authorization decision on whether an entry request to enter the Secure Space by a visitor or a physical/virtual information resource should be granted or denied, and for notifying the entry decisions to the Electrically Lockable Doors or enforcing entry control over virtual information resources according to the entry decisions by itself;
User/Object Authentication is responsible for authenticating what physical entity such as a user or a physical information resource requests to enter or exit the Secure Space (e.g., by using Radio Frequency IDentification or biometrics technologies) and also for notifying it to the space management;
Electrically Lockable Door is responsible for electrically locking or unlocking itself, i.e., for assuredly enforcing entry control over physical entities such as users and physical information resources, according to instructions by the space management;
Physically Opaque Wall is responsible for physically isolating inside a Secure Space from outside there with regard to information access, i.e., for validating the basic assumption that any user inside a Secure Space can access any resource inside the Secure Space while any user outside the Secure Space can never access any resource inside the Secure Space.
To protect us from our unwanted characteristics of physical spaces as well as our unauthorized contents, the following additional facilities are required:
Real Sensor is responsible for physically sensing inside a Secure Space for its real characteristics to make access decisions in the Secure Space and also for notifying the sensor data stream to the space management. For example, thermometers, hygrometers, cameras;
Weblog Sensor [11, 13-14] is responsible for logically sensing the Weblog for the approximate characteristics of each Secure Space to make access decisions in the Secure Space and also for notifying the Web-mined data to the space management. Note that any Secure Space does not have to equip the extra devices unlike Real Sensors.
2.2 Mechanism
When a user requests to enter a Secure Space, the space entry control system will make an entry decision on whether the entry request should be granted or denied, by checking whether or not the requester is granted to access by all information resources inside the Secure Space and whether or not the Secure Space itself as well as all resources inside the Secure Space are granted to be accessed by the requester, in order to protect her preference as well as information security for all contents of the Secure Space.
If the Secure Space is not granted to be accessed by the requester because its real characteristics (e.g., degrees of dismal or danger) are unfavorable for the requester, the space entry control system has only one approach of preventing the requester from entering the Secure Space. If the requester is not granted to access by at least one physical information resource inside the Secure Space or if at least one physical information resource inside the Secure Space is not granted to be access by the requester, the space entry control system has also only one approach of preventing the requester from entering the Secure Space (Fig. 2). Reversely, when a physical information resource requests to enter a Secure Space, the space entry control system will also prevent the physical information resource from entering the Secure Space that contains at least one visitor who does not have access right to access the physical information resource (Fig. 3).
Meanwhile, if the requester is not granted to access by at least one virtual information resource via an output device embedded inside the Secure Space or if at least one virtual information resource is not granted to be access by the requester, the space entry control system has two approaches of not only preventing the requester from entering the Secure Space but also permitting the requester to enter there after revoking the virtual information resource (Fig. 4).
2.3 Formalized Model
The formalized model of space entry control for Secure Spaces based on their dynamically changing contents such as their visitors, physical information resources and virtual information resources via their embedded output devices, by listing component primitives and by defining the syntax and semantics of the model components.
Definition 1: Model Entities
The space entry control model has the following four kinds of entities and protects all of them with respect to their information security and preferences to the others:
Secure Spaces are physically isolated environments (e.g., a closed room by opaque walls with electrically lockable doors) whose contents such as users and physical/virtual resources are always protected according to their access policies. The universal set of Secure Spaces and Secure Spaces’Access Policies are denoted by S and SAP;
Users are physical entities who request to enter or exit a Secure Space and who are assumed to be able to access any resource inside their current Secure Space but not to access any resource outside there. The universal set of Users and Users’ Access Policies are denoted by U and UAP;
Physical Resources are physical information entities (e.g., a hardcopy of sensitive information) which request to enter or exit a Secure Space and which are assumed to be able to be accessed by any user inside their current Secure Space but not to be accessed by any user outside there. In order to assuredly enforce a physical resource’s access policies, the space entry control system has to prevent its unauthorized users from entering its current Secure Space at any cost. The universal set of Physical Resources and Physical Resources’ Access Policies are denoted by PR and PRAP;
Virtual Resources are virtual information entities(e.g., sensitive information on the Internet) which request to be outputted or revoked via an output device embedded in a Secure Space and which are assumed to be able to be accessed by any user inside their current Secure Space but not to be accessed by any user outside there. In order to assuredly enforce a virtual resource’s access policies, the space entry control system has to prevent its unauthorized users from entering its current Secure Space or to prevent itself from being outputted in the Secure Spaces where there are its unauthorized users. The universal set of Virtual Resources and Virtual Resources’ Access Policies are denoted by VR and VRAP;
Resources: R ? PR ? VR;
Contents (Contexts): C ? U ? PR ? VR. Definition 2: Model Functions
The model uses the following functions in order to keep up on the set of ad-hoc entities in each Secure Space and evaluate the weight of a set of its dynamically changing contents:
? cu: S?2U, is a function mapping each Secure Space ??, to its current set of Containing Users cu????;
? cpr: S?2PR, is a function mapping each Secure Space ??, to its current set of Containing Physical Resources cpr????;
? cvr: S?2VR, is a function mapping each Secure Space ??, to its current set of Containing Virtual Resources cvr????;
? cc: S?2C, is a function mapping each Secure Space ??, to its current set of Containing Contents such as Users, Physical Resources, and Virtual Resources cc?????cu?????cpr?????cvr????;
? w: S ?2C?R , is a function mapping a set of contents cc???? in each Secure Space ??, to its evaluated Weight w???,cc?????;
? authU: UER?{grant, deny}, is a function mapping each User’s Entry Request ????, to the Authorization decision for Users authU??????;
? authR: RER?{grant, deny}, is a function mapping each Resource’s Entry Request ????, to the Authorization decision for Resources authR??????. Definition 2.1: Content Weighting of Secure Spaces
The weight that evaluates contents such as Users cu????, Physical Resources cpr???? and Virtual Resources cvr???? in each Secure Space ?? could be defined in different manners. Here, I introduce one definition of content weighting function which seems to be more understandable for its space administrator and most often used.
The weight w??,??? of a Secure Space ?? S who has a set of Contents ???2C is defined as the summation of positive weights w??,?,?? that evaluates each User’s accessing each Resource in each Secure Space.
w??,?????w??,?,??
?????U,?????R
Definition 3: Access Policies
The model stores the following four kinds of access policies for Secure Spaces, Users and Physical/Virtual Resources:
? Secure Space’s Access Policy is an access policy by a Secure Space, defined as a 3-tuple of the Secure Space, a User/Resource and a set of its containing entities as contextual conditions,
SAP ? S ? C ? 2C
??,?,???? SAP where ?? S, ?? C, and ???2C, states that the Secure Space ? grants the User/Resource ? to enter there when it contains the set of Contents ??;
? User’s Access Policy is an access policy by a User, defined as a 4-tuple of the User and her qualified physical/virtual Resource, a Secure Space, and a set of its containing entities as contextual conditions,
UAP ? U ? R ? S ? 2C
??,?,?,???? UAP where ?? U, ?? R, ?? S, and???2C, states that the User ? grants the Resource ? to be pushed on herself in the Secure Space ? who contains the set of Contents ??;
? Physical Resource’s Access Policy is an access policy by a Physical Resource, defined as a 4-tuple of the Physical Resource, its qualified User, a Secure Space, and a set of its containing entities as contextual conditions,
PRAP ? PR ? U ? S ? 2C
???,?,?,???? PRAP where ??? PR, ?? U, ?? S, and ???2C, states that the Physical Resource ?? grants the User ? to access itself in the Secure Space? who contains the set of Contents ??;
? Virtual Resource’s Access Policy is an access policy by a Virtual Resource, defined as a 4-tuple of the Virtual Resource, its qualified User, a Secure Space, and a set of its containing entities as contextual conditions,
VRAP ? VR ? U ? S ? 2C
???,?,?,???? VRAP where ??? VR, ?? U, ?? S, and ???2C, states that the Virtual Resource ?? grants the User ? to access itself in the Secure Space? who contains the set of Contents ??. Definition 4: Entry Requests
The model has the following three kinds of entry requests for Users and Physical/Virtual Resources:
? User’s Entry Request is an entry request by a
User, defined as a 2-tuple of the User and a Secure Space which she is requesting to enter,
UER ? U ? S
??,??? UER where ?? U and ?? S, states that the User ? requests to enter the Secure Space ? and also to access its containing Resources cpr????cvr??? inside there;
? Physical Resource’s Entry Request is an entry request by a Physical Resource, defined as a 2-tuple of the Physical Resource and a Secure Space which it is requesting to enter,
PRER ? PR ? S
???,??? PRER where ??? PR and ?? S, states that the Physical Resource ?? requests to enter the Secure Space ? and also to be accessed by the visitors cu??? inside there;
? Virtual Resource’s Entry Request is an entry request by a Virtual Resource, defined as a 2-tuple of the Virtual Resource and a Secure Space which it is requesting to enter,
VRER ? VR ? S
???,??? VRER where ??? VR and ?? S, states that the Virtual Resource ?? requests to enter the Secure Space ? and also to be accessed by the visitors cu??? inside there.
Algorithm 1.1: Authorization for Users
An entry request ??????,??? UER that a User ? requests to enter a Secure Space ? is granted, if and only if any content inside there grants the User ? to access itself and is granted to be accessed by the User? or if the Assumptive Weight aw??,?? of the Assumptive Contents ac??,?? in case of granting the User ? to enter the Secure Space s after revoking any Virtual Resource inside there which denies the User ? to access itself or is denied to be accessed by the User? is higher than the Current Weight cw??? in case of denying the user to enter there.
authU??????authU??,??? grant
??apr??,???cpr????
???avr??,???cvr??????aw??,???cw????? where au??,??, apr??,?? and avr??,?? are the
Assumptive set of Users, Physical Resources or Virtual Resources inside the Secure Space ? after granting the User ? to enter there and regulating its contents to keep secure, respectively.
au??,???cu?s?????
apr??,???????cpr???|???,?,?,ac??,???? PRAP and ??,??,?,ac??,???? UAP? avr??,???????cvr???|???,?,?,ac??,???? VRAP and ??,??,?,ac??,???? UAP? ac??,???au??,???apr??,???avr??,?? cw????w??,cc????
aw??,???w??,ac??,???
Algorithm 1.2: Authorization for Resources
An entry request ????????,??? PRER that a Physical Resource ?? requests to enter a Secure Space ? is granted, if and only if the Physical Resource ?? grants any User inside the Secure Space to access itself and also is granted to be accessed by any User inside there.
authR???????authR???,??? grant
?au??,????cu???
where au??,??? is the Assumptive set of authorized Users who have right to access any Resource in the Secure Space ? even after granting the Physical Resource ?? to enter there.
au??,???????cu???|???,?,?,ac??,????? PRAP and ??,??,?,ac??,????? UAP?
apr??,????cpr????????
avr??,????????cvr???|???cu??????,?,?,ac??,????? VRAP and ??,??,?,ac??,????? UAP? ac??,????au??,????apr??,????avr??,???
Similarly, an entry request ????????,??? VRER that a Virtual Resource ?? requests to enter a Secure Space ? is granted, i.e., to be outputted via an output device embedded in a Secure Space ?, if and only if the Virtual Resource ?? grants any User inside the Secure Space to access itself and also is granted to be accessed by any User inside there.
authR???????authR???,??? grant?au??,????cu???
where au??,??? is the Assumptive set of authorized Users who have right to access any Resource in the Secure Space ? even after granting the Virtual Resource ?? to enter there.
au??,???????cu???|???,?,?,ac??,????? VRAP and ??,??,?,ac??,????? UAP? apr??,????????cpr???|???cu???
???,?,?,ac??,????? PRAP and ??,??,?,ac??,????? UAP?
avr??,????cvr????????
ac??,????au??,????apr??,????avr??,???
3. Space-Dependent Query Control
This section proposes an extended model of Space-dependent (Context-aware) Query Control for Secure Spaces based on their dynamically changing contents such as visitors, physical information resources, and virtual information resources via their embedded output devices, aiming to apply my developed techniques [15-19] of query refinement for mobile/ubiquitous Web search to Secure Spaces.
Definition 2.2: Weighting of Search Queries
The weight w???,?? of a search Query ?? Q, where Q stands for the universal set of queries to search for virtual information resources, by a Secure Space ?? S who has a set of Contents cc?s??2C, is defined as follows:
w???,????1?????????????·w???,?,cc????? ???????w???,?,?,cc????
where w???,?,??? stands for the weight of the Query? by the administrator of the Secure Space ? who has the set of Contents ??, w???,?,?,??? stands for the weight of the search Query ? by each User ? in the Secure Space ? who has the set of Contents ??, w???,?,?,??? stands for the weight of the search Query ? by the administrator of each Resource ? in the Secure Space ? who has the set of Contents ??, and ????? and ????? stand for parameters tailored by the administrator of the Secure Space ?.
For example, a User ?? can define his/her weight function of search Queries as follows:
w???,??,??,???? where df????? stands for the Document Frequency of Web documents searched by submitting the query ? to Google or Yahoo!, and df??? & ?.name?? stands for the Document Frequency of Web documents searched by submitting the query ? expanded with the name of Secure Space ? to Google or Yahoo!.
Fig. 5 shows the top 7 search queries dependent on Secure Spaces’ names, such as “bookstore”, “cd store”, and “school”, for their initial “d”.
4. Space-Dependent Search Control
This section proposes an extended model of Space-dependent (Context-aware) Search Control for Secure Spaces based on their dynamically changing contents such as visitors, physical information resources, and virtual information resources via their embedded output devices, aiming to build more flexible Secure Smart Spaces (3S).
Definition 2.3: Weighting of Virtual Resources
The weight w????,?,?? of a Virtual Resource??? VR for a Query ?? Q by a Secure Space ?? S who has a set of Contents cc????2C, is defined as follows:
w????,?,???
?1?????????????·w????,?,?,cc????? ???????w????,?,?,?,cc????
where w????,?,?,??? stands for the weight of the Virtual Resource ?? for the search Query ? by the administrator of the Secure Space ? who has the set of Contents ??, w????,?,?,?,??? stands for the weight of the Virtual Resource ?? for the search Query ? by each User ? inside the Secure Space ? who has the set of Contents ??, w????,?,?,??? stands
for the weight of the Virtual Resource ?? by the administrator of each Resource ? inside the Secure Space ? who has the set of Contents ??, and ????? and ????? stand for parameters tailored by the administrator of the Secure Space ?.
For example, a Secure Space ?? or ?? can individually define its weight function of Virtual Resources as follows:
w????,??,?,????1/googleRank???,????
w????,??,?,????1/yahooRank???,?? & ??.name? where googleRank???,???? stands for the rank of the Virtual Resource ?? in the search results by submitting the original Query ? to Google without modification, and yahooRank???,?? & ??.name? stands for the rank of the Virtual Resource ?? in the search results by submitting the original Query ? expanded with the name ??.name (e.g., “bookstore”) of the Secure Space ?? to Yahoo!. The former is not space-dependent, while the latter is space-dependent.
Meanwhile, a User ?? or ?? can also individually define his/her weight function of Virtual Resources as follows:
w????,??,?,??,????1/googleRank???,???? w????,??,?,??,????1/yahooRank???,???? w????,??,?,??,????1/yahooRank???,?? & ?.name??
The former by the User ?? uses space-dependent Web search engines but the space-independent original Query, while the latter by the User ?? uses the space-independent Web search engine but expands the original Query with each Secure Space’s name. Definition 5: Search Requests
The extended model accepts the following two kinds of search requests by Secure Spaces and Users:
? Secure Space’s Search Request is a search request by a Secure Space, defined as a 2-tuple of the Secure Space and a search Query,
SSR ? S ? Q
where Q stands for the universal set of Queries.??,??? SSR where ?? S and ?? Q, states that the Secure Space ? requests to search by the Query ? for Virtual Resources suitable for itself to output via its embedded public device, implicitly with its current Contents cc??? such as Users cu???, Physical Resources cpr???, and Virtual Resources cvr???;
? User’s Search Request is a search request by a User, defined as a 3-tuple of the User, a search Query, and a Secure Space in which she is requesting to search,
USR ? U ? Q ? S
??,?,??? USR where ?? U, ?? Q, and ?? S, states that the User ? requests to search by the search Query ? for Virtual Resources suitable for herself to
output via her private (mobile/wearable) device in the Secure Space ?, implicitly with its current Contents cc??? such as Users cu???, Physical Resources cpr???, and Virtual Resources cvr???.
Algorithm 2.1: Search for Secure Space’s Requests
For a Secure Space’s Search Request ??????,??? SSR, the space-dependent search control system returns a set of Virtual Resources with some kind of weights as its search results. First, each Virtual Resource ???? VR from among the universal set of Virtual Resources is filtered by the Space Entry Control based on whether it should be granted or denied to be outputted in the Secure Space ?. Next, each Authorized Virtual Resource ????avr??? is assigned some kind of weight by the Context-aware Search Control based on how preferentially it should be outputted in the Secure Space ? with its set of Contents cc???. Finally, the highest-ranked Virtual Resource will be outputted via an embedded public device(s) in the Secure Space ? and be pushed on its visitors cu???.
searchS??????searchS??,??
??????,w?????,?,?,cc?????|????avr???? avr????????? VR|authR????,??? grant?
Algorithm 2.2: Search for User’s Requests
For a User’s Search Request ??????,?,??? USR when the User ? requests to search by the Query ? in the Secure Space ?, the space-dependent search control system returns a set of Virtual Resources with some kind of weights as its search results. First, each Virtual Resource ???? VR from among the universal set of Virtual Resources is filtered based on whether it should be granted or denied to be outputted in the Secure Space ?. And then each Authorized Virtual Resource ????avr??? is assigned some kind of weight on how preferentially it should be outputted to the User ? in the Secure Space ? with its set of Contents cc???. Finally, the top ? search results will be outputted via the User’s mobile device and some Virtual Resource will be pulled by herself.
searchU??????searchU??,?,??
??????,w?????,?,?,?,cc?????|????avr???? avr????????? VR|authR????,??? grant?
5. Conclusions
In public spaces, there are a number of different contents such as visitors, physical information resources, and virtual information resources via their embedded output devices (e.g., displays and speakers). Therefore, we might unexpectedly enter the public spaces that have our unauthorized contents and/or unwanted characteristics. My previous papers introduced the novel concept of “Secure Spaces”, physical environments in which any visitor is protected from being pushed her unwanted information resources on and also any information resource is always protected from being accessed by its unauthorized visitors, and the model and architecture for space entry control and information access control based on their dynamically changing contents. Aiming to build more flexible Secure Spaces, this paper has proposed an extended model for Context-aware Query Control and Search Control based on how preferentially a virtual information resource should be outputted in a Secure Space as well as spatial entry control based on whether a virtual information resource should be granted or denied to be outputted in a Secure Space.
I plan to formalize a hierarchical model, specify its description language to enable administrators to configure and maintain their Secure Spaces and physical/virtual information resources more easily and flexibly, implement a prototype of Secure Spaces and evaluate its effectiveness and functionality by applying it to actual cases in the physical world.
Acknowledgments
This work was supported in part by JSPS (Japan Society for the Promotion of Science) Grant-in-Aid for Young Scientists (B) “A research on Web Sensors to extract spatio-temporal data from the Web”(#23700129, Project Leader: Shun Hattori).
References
[1] L. Rosenthal, V. Stanford, NIST smart space: pervasive computing initiative, in: Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE’00), 2000, pp. 6-11.
[2] J.Al-Muhtadi, A. Ranganathan, R. Campbell, M.D. Mickunas, Cerberus: a context-aware security scheme for smart spaces, in: Proceedings of the 1st IEEE International Conference on Pervasive Computing and Communications (PerCom’03) 2003, pp. 489-496.
[3] G. Sampemane, P. Naldurg, R.H. Campbell, Access control for active spaces, in: Proceedings of the 18th Annual Computer Security Applications Conference(ACSAC’02), 2002, pp. 343-352.
[4] Y.J. Song, W. Tobagus, D.Y. Leong, B. Johanson, A. Fox, iSecurity: a security framework for interactive workspaces, Technical Report, Stanford University, 2003.
[5] M.J. Covington, W. Long, S. Srinivasan, A. Dey, M. Ahamad, G. Abowd, Securing context-aware applications using environment roles, in: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies(SACMAT’01), 2001, pp. 10-20.
[6] P.G. McLean, A secure pervasive environment, in: Proceedings of the Australasian Information Security Workshop 2003 (AISW’03), Conferences in Research and Practice in Information Technology, 2003, pp. 67-75.
[7] S. Hattori, T. Tezuka, K. Tanaka, Content-based entry control for secure spaces, in: Proceedings of the International Workshop on Future Mobile and Ubiquitous Information Technologies (FMUIT’06), 2006, p. 98.
[8] S. Hattori, T. Tezuka, K. Tanaka, Secure spaces: physically protected environments for information security, in: Proceedings of the Joint 3rd International Conference on Soft Computing and Intelligent Systems and 7th International Symposium on advanced Intelligent Systems (SCIS&ISIS’06), TH-B5-2, 2006, pp. 687-691.
[9] S. Hattori, K. Tanaka, Secure spaces: protecting freedom of information access in public places, LNCS 4541 (2007) 99-109.
[10] S. Hattori, K. Tanaka, Towards building secure smart spaces for information security in the physical world, Journal of Advanced Computational Intelligence and Intelligent Informatics (JACIII) 11 (8) (2007) 1023-1029.
[11] S. Hattori, K. Tanaka, Mining the web for access decision-making in secure spaces, in: Proceedings of the Joint 4th International Conference on Soft Computing and Intelligent Systems and 9th International Symposium on advanced Intelligent Systems (SCIS&ISIS’08), TH-G3-4, 2008, pp. 370-375.
[12] S. Hattori, Context-aware search control for secure spaces, in: Proceedings of the Joint 5th Int’l Conference on Soft Computing and Intelligent Systems and 11th Int’l Symposium on advanced Intelligent Systems(SCIS&ISIS’10), SA-D4-2, 2010, pp. 1348-1353.
[13] S. Hattori, Secure spaces and spatio-temporal weblog sensors with temporal shift and propagation, in: Proceedings of the 2011 1st IRAST International Conference on Data Engineering and Internet Technology(DEIT’11), 2011, pp. 1042-1047.
[14] S. Hattori, Linearly-combined web sensors for spatio-temporal data extraction from the web, in: Proceedings of the 6th International Workshop on Spatial and Spatiotemporal Data Mining (SSTDM’11), 2011.
[15] S. Hattori, T. Tezuka, K. Tanaka, Query modification based on real-world contexts for mobile and ubiquitous computing environments, in: Proceedings of the International Workshop on Managing Context Information and Semantics in Mobile Environments(MCISME’06), 2006, p. 77.
[16] S. Hattori, T. Tezuka, K. Tanaka, Activity-based query refinement for context-aware information retrieval, LNCS 4312 (2006) 474-477.
[17] S. Hattori, T. Tezuka, and K. Tanaka, Context-aware query refinement for mobile web search, in: Proceedings of the 3rd IEEE International Workshop on Next Generation Service Platforms for Future Mobile Systems(SPMS’07), 2007, p. 15.
[18] S. Hattori, T. Tezuka, H. Ohshima, S. Oyama, J. Kawamoto, K. Tajima, K. Tanaka, ReCQ: real-world context-aware querying, LNAI 4635 (2007) 248-262.
[19] S. Hattori, Alternative query discovery from the web for daily mobile decision support, in: Proceedings of the 5th IADIS International Conference on Wireless Applications and Computing (WAC’11), 2011, pp. 67-74.
Key words: Access control, authorization, authentication, context-awareness, web search.
1. Introduction
In recent years, it has become one of the hottest research topics to make physical spaces smarter and more intelligent. Smart Spaces [1-6] are often physically isolated environments such as individual rooms that have been made smart by various information communication technologies and are expected to become increasingly convenient for our information access. Meanwhile, Information Security also becomes very significant and increasingly critical for any people in diverse scenes, especially in public places such as indoor work places, educational facilities, and healthcare centers, and so forth. The amount of physical or virtual information resources which should be protected in the physical world keeps growing exponentially.
Physical environments are becoming smart but not necessarily secure. When a user requests to access a virtual (computational) information resource via an output device, conventional access control systems make a decision by using its access policies on whether the user should be granted or denied to access it and then assuredly enforce the access decision. However, even if the requester is authorized by the resource, it should not be immediately offered to her via the output device, because there might be its unauthorized users as well as the authorized requester around the output device, especially in public places. Meanwhile, when a user enters a physical environment, the user might be unexpectedly forced to access her unwanted information resources (e.g., although she does not want to know about the result of a football game that she had recorded on video to watch later, she unfortunately encounters it in her train), and/or hate its real characteristics (e.g., degrees of dismal and danger).
There are two kinds of conventional access controls for the purpose of protecting information resource security. One approach is Information Access Control. When a user requests to perform an action on a virtual information resource such as a sensitive data file on computer, information access control systems make an authorization decision on whether the access request should be granted or denied, in order to protect it from its unauthorized users. However, they are not aware of the other users who are surrounding a device outputting it, and thus there might be its unauthorized user(s) in the surrounding area. If there are its unauthorized user as well as the authorized user, both users become able to access it and thus its confidentiality is not always protected. To protect it from its unauthorized users assuredly, they have to ensure that the area surrounding a device which will be granted to output the requested virtual information resource is truly secure, i.e., there is nobody unauthorized in the surrounding area.
Another approach is Space Entry Control. When a user requests to enter a physically isolated space such as a room and a building, physical entry control systems make an entry decision on whether the entry request should be granted or denied, in order to protect any physical information resource inside the space from its unauthorized users. However, they often determine the entry decision statically regardless of what physical or virtual information resources there are actually in the physical space, and thus there might not be any resource which should be protected from her. To ensure effective entry control, space entry control systems must be aware of dynamically changing contents such as visitors, physical or virtual information resources.
My previous papers [7-13] have introduced the novel concept of “Secure Spaces”, physically isolated environments where any visitor is protected from being pushed her unwanted information resources on and also any information resource is always protected from being accessed by its unauthorized visitors, and the model and architecture for space entry control and information access control based on their dynamically changing contents.
Aiming to build more flexible Secure Spaces, this paper proposes an extended model for Context-aware Query Control and Search Control based on how preferentially a virtual information resource should be outputted in a Secure Space as well as spatial entry control based on whether a virtual information resource should be granted or denied to be outputted in a Secure Space.
The remainder of this paper is organized as follows: Section 2 introduces the mechanism and formalized model of Secure Spaces. Section 3 and Section 4 propose the space-dependent query control and search control, respectively. Section 5 concludes this paper.
2. Secure Spaces and Entry Control
This section describes the architecture to build Secure Spaces in the physical world and the mechanism and formalized model of Space Entry Control for Secure Spaces by summarizing my previous papers [7-13].
2.1 Architecture
To build Secure Spaces in the real world by using space entry control based on their dynamically changing contents such as their visitors, physical information resources and virtual information resources via their embedded output devices, each Secure Space requires the following facilities (Fig. 1):
Space Management is responsible for managing a Secure Space, i.e., for constantly figuring out its contents such as its visitors, its embedded physical information resources and virtual information resources outputted via its embedded output devices and also for ad-hoc making an authorization decision on whether an entry request to enter the Secure Space by a visitor or a physical/virtual information resource should be granted or denied, and for notifying the entry decisions to the Electrically Lockable Doors or enforcing entry control over virtual information resources according to the entry decisions by itself;
User/Object Authentication is responsible for authenticating what physical entity such as a user or a physical information resource requests to enter or exit the Secure Space (e.g., by using Radio Frequency IDentification or biometrics technologies) and also for notifying it to the space management;
Electrically Lockable Door is responsible for electrically locking or unlocking itself, i.e., for assuredly enforcing entry control over physical entities such as users and physical information resources, according to instructions by the space management;
Physically Opaque Wall is responsible for physically isolating inside a Secure Space from outside there with regard to information access, i.e., for validating the basic assumption that any user inside a Secure Space can access any resource inside the Secure Space while any user outside the Secure Space can never access any resource inside the Secure Space.
To protect us from our unwanted characteristics of physical spaces as well as our unauthorized contents, the following additional facilities are required:
Real Sensor is responsible for physically sensing inside a Secure Space for its real characteristics to make access decisions in the Secure Space and also for notifying the sensor data stream to the space management. For example, thermometers, hygrometers, cameras;
Weblog Sensor [11, 13-14] is responsible for logically sensing the Weblog for the approximate characteristics of each Secure Space to make access decisions in the Secure Space and also for notifying the Web-mined data to the space management. Note that any Secure Space does not have to equip the extra devices unlike Real Sensors.
2.2 Mechanism
When a user requests to enter a Secure Space, the space entry control system will make an entry decision on whether the entry request should be granted or denied, by checking whether or not the requester is granted to access by all information resources inside the Secure Space and whether or not the Secure Space itself as well as all resources inside the Secure Space are granted to be accessed by the requester, in order to protect her preference as well as information security for all contents of the Secure Space.
If the Secure Space is not granted to be accessed by the requester because its real characteristics (e.g., degrees of dismal or danger) are unfavorable for the requester, the space entry control system has only one approach of preventing the requester from entering the Secure Space. If the requester is not granted to access by at least one physical information resource inside the Secure Space or if at least one physical information resource inside the Secure Space is not granted to be access by the requester, the space entry control system has also only one approach of preventing the requester from entering the Secure Space (Fig. 2). Reversely, when a physical information resource requests to enter a Secure Space, the space entry control system will also prevent the physical information resource from entering the Secure Space that contains at least one visitor who does not have access right to access the physical information resource (Fig. 3).
Meanwhile, if the requester is not granted to access by at least one virtual information resource via an output device embedded inside the Secure Space or if at least one virtual information resource is not granted to be access by the requester, the space entry control system has two approaches of not only preventing the requester from entering the Secure Space but also permitting the requester to enter there after revoking the virtual information resource (Fig. 4).
2.3 Formalized Model
The formalized model of space entry control for Secure Spaces based on their dynamically changing contents such as their visitors, physical information resources and virtual information resources via their embedded output devices, by listing component primitives and by defining the syntax and semantics of the model components.
Definition 1: Model Entities
The space entry control model has the following four kinds of entities and protects all of them with respect to their information security and preferences to the others:
Secure Spaces are physically isolated environments (e.g., a closed room by opaque walls with electrically lockable doors) whose contents such as users and physical/virtual resources are always protected according to their access policies. The universal set of Secure Spaces and Secure Spaces’Access Policies are denoted by S and SAP;
Users are physical entities who request to enter or exit a Secure Space and who are assumed to be able to access any resource inside their current Secure Space but not to access any resource outside there. The universal set of Users and Users’ Access Policies are denoted by U and UAP;
Physical Resources are physical information entities (e.g., a hardcopy of sensitive information) which request to enter or exit a Secure Space and which are assumed to be able to be accessed by any user inside their current Secure Space but not to be accessed by any user outside there. In order to assuredly enforce a physical resource’s access policies, the space entry control system has to prevent its unauthorized users from entering its current Secure Space at any cost. The universal set of Physical Resources and Physical Resources’ Access Policies are denoted by PR and PRAP;
Virtual Resources are virtual information entities(e.g., sensitive information on the Internet) which request to be outputted or revoked via an output device embedded in a Secure Space and which are assumed to be able to be accessed by any user inside their current Secure Space but not to be accessed by any user outside there. In order to assuredly enforce a virtual resource’s access policies, the space entry control system has to prevent its unauthorized users from entering its current Secure Space or to prevent itself from being outputted in the Secure Spaces where there are its unauthorized users. The universal set of Virtual Resources and Virtual Resources’ Access Policies are denoted by VR and VRAP;
Resources: R ? PR ? VR;
Contents (Contexts): C ? U ? PR ? VR. Definition 2: Model Functions
The model uses the following functions in order to keep up on the set of ad-hoc entities in each Secure Space and evaluate the weight of a set of its dynamically changing contents:
? cu: S?2U, is a function mapping each Secure Space ??, to its current set of Containing Users cu????;
? cpr: S?2PR, is a function mapping each Secure Space ??, to its current set of Containing Physical Resources cpr????;
? cvr: S?2VR, is a function mapping each Secure Space ??, to its current set of Containing Virtual Resources cvr????;
? cc: S?2C, is a function mapping each Secure Space ??, to its current set of Containing Contents such as Users, Physical Resources, and Virtual Resources cc?????cu?????cpr?????cvr????;
? w: S ?2C?R , is a function mapping a set of contents cc???? in each Secure Space ??, to its evaluated Weight w???,cc?????;
? authU: UER?{grant, deny}, is a function mapping each User’s Entry Request ????, to the Authorization decision for Users authU??????;
? authR: RER?{grant, deny}, is a function mapping each Resource’s Entry Request ????, to the Authorization decision for Resources authR??????. Definition 2.1: Content Weighting of Secure Spaces
The weight that evaluates contents such as Users cu????, Physical Resources cpr???? and Virtual Resources cvr???? in each Secure Space ?? could be defined in different manners. Here, I introduce one definition of content weighting function which seems to be more understandable for its space administrator and most often used.
The weight w??,??? of a Secure Space ?? S who has a set of Contents ???2C is defined as the summation of positive weights w??,?,?? that evaluates each User’s accessing each Resource in each Secure Space.
w??,?????w??,?,??
?????U,?????R
Definition 3: Access Policies
The model stores the following four kinds of access policies for Secure Spaces, Users and Physical/Virtual Resources:
? Secure Space’s Access Policy is an access policy by a Secure Space, defined as a 3-tuple of the Secure Space, a User/Resource and a set of its containing entities as contextual conditions,
SAP ? S ? C ? 2C
??,?,???? SAP where ?? S, ?? C, and ???2C, states that the Secure Space ? grants the User/Resource ? to enter there when it contains the set of Contents ??;
? User’s Access Policy is an access policy by a User, defined as a 4-tuple of the User and her qualified physical/virtual Resource, a Secure Space, and a set of its containing entities as contextual conditions,
UAP ? U ? R ? S ? 2C
??,?,?,???? UAP where ?? U, ?? R, ?? S, and???2C, states that the User ? grants the Resource ? to be pushed on herself in the Secure Space ? who contains the set of Contents ??;
? Physical Resource’s Access Policy is an access policy by a Physical Resource, defined as a 4-tuple of the Physical Resource, its qualified User, a Secure Space, and a set of its containing entities as contextual conditions,
PRAP ? PR ? U ? S ? 2C
???,?,?,???? PRAP where ??? PR, ?? U, ?? S, and ???2C, states that the Physical Resource ?? grants the User ? to access itself in the Secure Space? who contains the set of Contents ??;
? Virtual Resource’s Access Policy is an access policy by a Virtual Resource, defined as a 4-tuple of the Virtual Resource, its qualified User, a Secure Space, and a set of its containing entities as contextual conditions,
VRAP ? VR ? U ? S ? 2C
???,?,?,???? VRAP where ??? VR, ?? U, ?? S, and ???2C, states that the Virtual Resource ?? grants the User ? to access itself in the Secure Space? who contains the set of Contents ??. Definition 4: Entry Requests
The model has the following three kinds of entry requests for Users and Physical/Virtual Resources:
? User’s Entry Request is an entry request by a
User, defined as a 2-tuple of the User and a Secure Space which she is requesting to enter,
UER ? U ? S
??,??? UER where ?? U and ?? S, states that the User ? requests to enter the Secure Space ? and also to access its containing Resources cpr????cvr??? inside there;
? Physical Resource’s Entry Request is an entry request by a Physical Resource, defined as a 2-tuple of the Physical Resource and a Secure Space which it is requesting to enter,
PRER ? PR ? S
???,??? PRER where ??? PR and ?? S, states that the Physical Resource ?? requests to enter the Secure Space ? and also to be accessed by the visitors cu??? inside there;
? Virtual Resource’s Entry Request is an entry request by a Virtual Resource, defined as a 2-tuple of the Virtual Resource and a Secure Space which it is requesting to enter,
VRER ? VR ? S
???,??? VRER where ??? VR and ?? S, states that the Virtual Resource ?? requests to enter the Secure Space ? and also to be accessed by the visitors cu??? inside there.
Algorithm 1.1: Authorization for Users
An entry request ??????,??? UER that a User ? requests to enter a Secure Space ? is granted, if and only if any content inside there grants the User ? to access itself and is granted to be accessed by the User? or if the Assumptive Weight aw??,?? of the Assumptive Contents ac??,?? in case of granting the User ? to enter the Secure Space s after revoking any Virtual Resource inside there which denies the User ? to access itself or is denied to be accessed by the User? is higher than the Current Weight cw??? in case of denying the user to enter there.
authU??????authU??,??? grant
??apr??,???cpr????
???avr??,???cvr??????aw??,???cw????? where au??,??, apr??,?? and avr??,?? are the
Assumptive set of Users, Physical Resources or Virtual Resources inside the Secure Space ? after granting the User ? to enter there and regulating its contents to keep secure, respectively.
au??,???cu?s?????
apr??,???????cpr???|???,?,?,ac??,???? PRAP and ??,??,?,ac??,???? UAP? avr??,???????cvr???|???,?,?,ac??,???? VRAP and ??,??,?,ac??,???? UAP? ac??,???au??,???apr??,???avr??,?? cw????w??,cc????
aw??,???w??,ac??,???
Algorithm 1.2: Authorization for Resources
An entry request ????????,??? PRER that a Physical Resource ?? requests to enter a Secure Space ? is granted, if and only if the Physical Resource ?? grants any User inside the Secure Space to access itself and also is granted to be accessed by any User inside there.
authR???????authR???,??? grant
?au??,????cu???
where au??,??? is the Assumptive set of authorized Users who have right to access any Resource in the Secure Space ? even after granting the Physical Resource ?? to enter there.
au??,???????cu???|???,?,?,ac??,????? PRAP and ??,??,?,ac??,????? UAP?
apr??,????cpr????????
avr??,????????cvr???|???cu??????,?,?,ac??,????? VRAP and ??,??,?,ac??,????? UAP? ac??,????au??,????apr??,????avr??,???
Similarly, an entry request ????????,??? VRER that a Virtual Resource ?? requests to enter a Secure Space ? is granted, i.e., to be outputted via an output device embedded in a Secure Space ?, if and only if the Virtual Resource ?? grants any User inside the Secure Space to access itself and also is granted to be accessed by any User inside there.
authR???????authR???,??? grant?au??,????cu???
where au??,??? is the Assumptive set of authorized Users who have right to access any Resource in the Secure Space ? even after granting the Virtual Resource ?? to enter there.
au??,???????cu???|???,?,?,ac??,????? VRAP and ??,??,?,ac??,????? UAP? apr??,????????cpr???|???cu???
???,?,?,ac??,????? PRAP and ??,??,?,ac??,????? UAP?
avr??,????cvr????????
ac??,????au??,????apr??,????avr??,???
3. Space-Dependent Query Control
This section proposes an extended model of Space-dependent (Context-aware) Query Control for Secure Spaces based on their dynamically changing contents such as visitors, physical information resources, and virtual information resources via their embedded output devices, aiming to apply my developed techniques [15-19] of query refinement for mobile/ubiquitous Web search to Secure Spaces.
Definition 2.2: Weighting of Search Queries
The weight w???,?? of a search Query ?? Q, where Q stands for the universal set of queries to search for virtual information resources, by a Secure Space ?? S who has a set of Contents cc?s??2C, is defined as follows:
w???,????1?????????????·w???,?,cc????? ???????w???,?,?,cc????
where w???,?,??? stands for the weight of the Query? by the administrator of the Secure Space ? who has the set of Contents ??, w???,?,?,??? stands for the weight of the search Query ? by each User ? in the Secure Space ? who has the set of Contents ??, w???,?,?,??? stands for the weight of the search Query ? by the administrator of each Resource ? in the Secure Space ? who has the set of Contents ??, and ????? and ????? stand for parameters tailored by the administrator of the Secure Space ?.
For example, a User ?? can define his/her weight function of search Queries as follows:
w???,??,??,???? where df????? stands for the Document Frequency of Web documents searched by submitting the query ? to Google or Yahoo!, and df??? & ?.name?? stands for the Document Frequency of Web documents searched by submitting the query ? expanded with the name of Secure Space ? to Google or Yahoo!.
Fig. 5 shows the top 7 search queries dependent on Secure Spaces’ names, such as “bookstore”, “cd store”, and “school”, for their initial “d”.
4. Space-Dependent Search Control
This section proposes an extended model of Space-dependent (Context-aware) Search Control for Secure Spaces based on their dynamically changing contents such as visitors, physical information resources, and virtual information resources via their embedded output devices, aiming to build more flexible Secure Smart Spaces (3S).
Definition 2.3: Weighting of Virtual Resources
The weight w????,?,?? of a Virtual Resource??? VR for a Query ?? Q by a Secure Space ?? S who has a set of Contents cc????2C, is defined as follows:
w????,?,???
?1?????????????·w????,?,?,cc????? ???????w????,?,?,?,cc????
where w????,?,?,??? stands for the weight of the Virtual Resource ?? for the search Query ? by the administrator of the Secure Space ? who has the set of Contents ??, w????,?,?,?,??? stands for the weight of the Virtual Resource ?? for the search Query ? by each User ? inside the Secure Space ? who has the set of Contents ??, w????,?,?,??? stands
for the weight of the Virtual Resource ?? by the administrator of each Resource ? inside the Secure Space ? who has the set of Contents ??, and ????? and ????? stand for parameters tailored by the administrator of the Secure Space ?.
For example, a Secure Space ?? or ?? can individually define its weight function of Virtual Resources as follows:
w????,??,?,????1/googleRank???,????
w????,??,?,????1/yahooRank???,?? & ??.name? where googleRank???,???? stands for the rank of the Virtual Resource ?? in the search results by submitting the original Query ? to Google without modification, and yahooRank???,?? & ??.name? stands for the rank of the Virtual Resource ?? in the search results by submitting the original Query ? expanded with the name ??.name (e.g., “bookstore”) of the Secure Space ?? to Yahoo!. The former is not space-dependent, while the latter is space-dependent.
Meanwhile, a User ?? or ?? can also individually define his/her weight function of Virtual Resources as follows:
w????,??,?,??,????1/googleRank???,???? w????,??,?,??,????1/yahooRank???,???? w????,??,?,??,????1/yahooRank???,?? & ?.name??
The former by the User ?? uses space-dependent Web search engines but the space-independent original Query, while the latter by the User ?? uses the space-independent Web search engine but expands the original Query with each Secure Space’s name. Definition 5: Search Requests
The extended model accepts the following two kinds of search requests by Secure Spaces and Users:
? Secure Space’s Search Request is a search request by a Secure Space, defined as a 2-tuple of the Secure Space and a search Query,
SSR ? S ? Q
where Q stands for the universal set of Queries.??,??? SSR where ?? S and ?? Q, states that the Secure Space ? requests to search by the Query ? for Virtual Resources suitable for itself to output via its embedded public device, implicitly with its current Contents cc??? such as Users cu???, Physical Resources cpr???, and Virtual Resources cvr???;
? User’s Search Request is a search request by a User, defined as a 3-tuple of the User, a search Query, and a Secure Space in which she is requesting to search,
USR ? U ? Q ? S
??,?,??? USR where ?? U, ?? Q, and ?? S, states that the User ? requests to search by the search Query ? for Virtual Resources suitable for herself to
output via her private (mobile/wearable) device in the Secure Space ?, implicitly with its current Contents cc??? such as Users cu???, Physical Resources cpr???, and Virtual Resources cvr???.
Algorithm 2.1: Search for Secure Space’s Requests
For a Secure Space’s Search Request ??????,??? SSR, the space-dependent search control system returns a set of Virtual Resources with some kind of weights as its search results. First, each Virtual Resource ???? VR from among the universal set of Virtual Resources is filtered by the Space Entry Control based on whether it should be granted or denied to be outputted in the Secure Space ?. Next, each Authorized Virtual Resource ????avr??? is assigned some kind of weight by the Context-aware Search Control based on how preferentially it should be outputted in the Secure Space ? with its set of Contents cc???. Finally, the highest-ranked Virtual Resource will be outputted via an embedded public device(s) in the Secure Space ? and be pushed on its visitors cu???.
searchS??????searchS??,??
??????,w?????,?,?,cc?????|????avr???? avr????????? VR|authR????,??? grant?
Algorithm 2.2: Search for User’s Requests
For a User’s Search Request ??????,?,??? USR when the User ? requests to search by the Query ? in the Secure Space ?, the space-dependent search control system returns a set of Virtual Resources with some kind of weights as its search results. First, each Virtual Resource ???? VR from among the universal set of Virtual Resources is filtered based on whether it should be granted or denied to be outputted in the Secure Space ?. And then each Authorized Virtual Resource ????avr??? is assigned some kind of weight on how preferentially it should be outputted to the User ? in the Secure Space ? with its set of Contents cc???. Finally, the top ? search results will be outputted via the User’s mobile device and some Virtual Resource will be pulled by herself.
searchU??????searchU??,?,??
??????,w?????,?,?,?,cc?????|????avr???? avr????????? VR|authR????,??? grant?
5. Conclusions
In public spaces, there are a number of different contents such as visitors, physical information resources, and virtual information resources via their embedded output devices (e.g., displays and speakers). Therefore, we might unexpectedly enter the public spaces that have our unauthorized contents and/or unwanted characteristics. My previous papers introduced the novel concept of “Secure Spaces”, physical environments in which any visitor is protected from being pushed her unwanted information resources on and also any information resource is always protected from being accessed by its unauthorized visitors, and the model and architecture for space entry control and information access control based on their dynamically changing contents. Aiming to build more flexible Secure Spaces, this paper has proposed an extended model for Context-aware Query Control and Search Control based on how preferentially a virtual information resource should be outputted in a Secure Space as well as spatial entry control based on whether a virtual information resource should be granted or denied to be outputted in a Secure Space.
I plan to formalize a hierarchical model, specify its description language to enable administrators to configure and maintain their Secure Spaces and physical/virtual information resources more easily and flexibly, implement a prototype of Secure Spaces and evaluate its effectiveness and functionality by applying it to actual cases in the physical world.
Acknowledgments
This work was supported in part by JSPS (Japan Society for the Promotion of Science) Grant-in-Aid for Young Scientists (B) “A research on Web Sensors to extract spatio-temporal data from the Web”(#23700129, Project Leader: Shun Hattori).
References
[1] L. Rosenthal, V. Stanford, NIST smart space: pervasive computing initiative, in: Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE’00), 2000, pp. 6-11.
[2] J.Al-Muhtadi, A. Ranganathan, R. Campbell, M.D. Mickunas, Cerberus: a context-aware security scheme for smart spaces, in: Proceedings of the 1st IEEE International Conference on Pervasive Computing and Communications (PerCom’03) 2003, pp. 489-496.
[3] G. Sampemane, P. Naldurg, R.H. Campbell, Access control for active spaces, in: Proceedings of the 18th Annual Computer Security Applications Conference(ACSAC’02), 2002, pp. 343-352.
[4] Y.J. Song, W. Tobagus, D.Y. Leong, B. Johanson, A. Fox, iSecurity: a security framework for interactive workspaces, Technical Report, Stanford University, 2003.
[5] M.J. Covington, W. Long, S. Srinivasan, A. Dey, M. Ahamad, G. Abowd, Securing context-aware applications using environment roles, in: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies(SACMAT’01), 2001, pp. 10-20.
[6] P.G. McLean, A secure pervasive environment, in: Proceedings of the Australasian Information Security Workshop 2003 (AISW’03), Conferences in Research and Practice in Information Technology, 2003, pp. 67-75.
[7] S. Hattori, T. Tezuka, K. Tanaka, Content-based entry control for secure spaces, in: Proceedings of the International Workshop on Future Mobile and Ubiquitous Information Technologies (FMUIT’06), 2006, p. 98.
[8] S. Hattori, T. Tezuka, K. Tanaka, Secure spaces: physically protected environments for information security, in: Proceedings of the Joint 3rd International Conference on Soft Computing and Intelligent Systems and 7th International Symposium on advanced Intelligent Systems (SCIS&ISIS’06), TH-B5-2, 2006, pp. 687-691.
[9] S. Hattori, K. Tanaka, Secure spaces: protecting freedom of information access in public places, LNCS 4541 (2007) 99-109.
[10] S. Hattori, K. Tanaka, Towards building secure smart spaces for information security in the physical world, Journal of Advanced Computational Intelligence and Intelligent Informatics (JACIII) 11 (8) (2007) 1023-1029.
[11] S. Hattori, K. Tanaka, Mining the web for access decision-making in secure spaces, in: Proceedings of the Joint 4th International Conference on Soft Computing and Intelligent Systems and 9th International Symposium on advanced Intelligent Systems (SCIS&ISIS’08), TH-G3-4, 2008, pp. 370-375.
[12] S. Hattori, Context-aware search control for secure spaces, in: Proceedings of the Joint 5th Int’l Conference on Soft Computing and Intelligent Systems and 11th Int’l Symposium on advanced Intelligent Systems(SCIS&ISIS’10), SA-D4-2, 2010, pp. 1348-1353.
[13] S. Hattori, Secure spaces and spatio-temporal weblog sensors with temporal shift and propagation, in: Proceedings of the 2011 1st IRAST International Conference on Data Engineering and Internet Technology(DEIT’11), 2011, pp. 1042-1047.
[14] S. Hattori, Linearly-combined web sensors for spatio-temporal data extraction from the web, in: Proceedings of the 6th International Workshop on Spatial and Spatiotemporal Data Mining (SSTDM’11), 2011.
[15] S. Hattori, T. Tezuka, K. Tanaka, Query modification based on real-world contexts for mobile and ubiquitous computing environments, in: Proceedings of the International Workshop on Managing Context Information and Semantics in Mobile Environments(MCISME’06), 2006, p. 77.
[16] S. Hattori, T. Tezuka, K. Tanaka, Activity-based query refinement for context-aware information retrieval, LNCS 4312 (2006) 474-477.
[17] S. Hattori, T. Tezuka, and K. Tanaka, Context-aware query refinement for mobile web search, in: Proceedings of the 3rd IEEE International Workshop on Next Generation Service Platforms for Future Mobile Systems(SPMS’07), 2007, p. 15.
[18] S. Hattori, T. Tezuka, H. Ohshima, S. Oyama, J. Kawamoto, K. Tajima, K. Tanaka, ReCQ: real-world context-aware querying, LNAI 4635 (2007) 248-262.
[19] S. Hattori, Alternative query discovery from the web for daily mobile decision support, in: Proceedings of the 5th IADIS International Conference on Wireless Applications and Computing (WAC’11), 2011, pp. 67-74.