Abstract: A logic-based language is suitable to define rules for deriving high-level information from raw sensor data in pervasive environments. We often adopt such a logic-based language in systems for cross-domain authorization because it provides a convenient way to define rules that consider a requester's context (situation) as well as static attributes such as roles. In general, the context information is maintained in different administrative domains, and it is, therefore, desirable to construct a proof in a distributed way while preserving each domain's confidentiality policies. In this paper, we introduce such a system, a secure distributed proof system for context-sensitive authorization, and show that our novel caching and revocation mechanism improves the performance of the system, which depends on public key cryptographic operations to protect confidential information in rules and facts. Our revocation mechanism maintains dependencies among facts and recursively revokes across multiple hosts all the cached facts that depend on a fact that has become invalid. Our experimental results provide a detailed analysis of performance overhead for cryptographic operations and show that our caching mechanism, which maintains both positive and negative facts, significantly reduces the latency for handling a logical query.
Keywords: mobile computing, pervasive computing, context-aware computing, security, access control, authorization
No online copy available.
Copyright © 2008 by the authors.
See also earlier version minami:scalability.