Mechanisms for access control and application-level recovery in context-aware applications

Abstract

Context-awareness is a central characteristic of several emerging application domains, characterizing the applications’ ability to adapt and perform tasks based on ambient context conditions. Context refers to a situation in the physical or the virtual world that may be utilized by an application for the purpose of dynamic adaptation, for example, to acquire services needed in a given location. While the envisioned advantages of context-awareness are significant, providing access control and robustness guarantees for context-aware applications is a difficult task. This is because of the inherent dynamic nature of such applications and the environments in which they are deployed. In this thesis we develop models and mechanisms for addressing the access control and robustness problems in context-aware applications. We also develop a programming framework for building context-aware applications from their high-level design specifications. An access control model for context-aware applications needs to support specification and enforcement of context-based access control policies. Such policies are related to assignment of context-based access privileges to users, access control for services that are dynamically integrated with an application, and context-based constraining of access to resources managed by a service. The first contribution of this thesis is the development of a context-aware role-based access control model (CA-RBAC) that addresses the above requirements of such applications. We identify the context invalidation problem associated with correct enforcement of contextbased access control requirements, and develop a mechanism to address it. Robustness of context-aware applications is affected due to failures in discovering the required resources and services during a context-driven reconfiguration, service crashes, and exceptions thrown by a service. Moreover, concurrent handling of context events can affect an application’s correct behavior, if not properly coordinated. The second contribution of this thesis is the development of an application-level programmed error recovery model for such applications. This model combines asynchronous event handling with synchronous exception handling for building robust context-aware applications. A novel mechanism in the form of an exception interface is provided for roles through which users may participate in executing recovery tasks. The third contribution of this thesis is the design and implementation of a generative programming framework for building context-aware applications from their high-level design specifications. The CA-RBAC model and the programmed error recovery mechanisms are integrated in this programming framework. This framework enables rapid construction of context-aware applications using a policy-driven middleware.