CS seminar series presents
Application architecture for context-aware security
by Michal Trnka
Thursday, March 31 at 14:00 in 205.
Huge contemporary trend is adding context awareness into software applications. It allows both better user experience as well as a lot useful features for application owner. Nowadays, there are various approaches enabling particular context awareness but none of them concerns security. We tackle this problem and describe it further in the paper. Our solution extends role based access control with certain context awareness elements. Based on already existing solutions we propose own lightweight, universal solutions, which allows instant enhancement of current RBAC even in existing applications. The uniqueness of our solution is based on using security levels, which are granted to user based on his context. Security levels represents how the users can be trusted and are determined during users login procedure. The levels are used as additional security constrain so to access resources in application user need to have not only right permission granted through roles, but also to have corresponding level.