Exploiting information relationships for access control in pervasive computing

Many information services in pervasive computing offer rich information, which is information that includes other types of information. For example, the information listed in a person’s calendar entry can reveal information about the person’s location or activity. To avoid rich information from leaking its included information, we must consider the semantics of the rich information when controlling access to this information. Other approaches that reason about the semantics of information (e.g., based on Semantic Web rule engines) are based on a centralized design, whose drawback is a single point of failure. In this paper, we exploit information relationships for capturing the semantics of information. We identify three types of information relationships that are common and important in pervasive computing and integrate support for them in a distributed, certificate-based access control architecture. In the architecture, individuals can either define their own information relationships or refer to relationships defined by a standardization organization. In our approach, access control is fully distributed while sophisticated rule engines can still be used to deal with more complex access control cases. To demonstrate the feasibility of our design, we give a complexity analysis of the architecture and a performance analysis of a prototype implementation.