Role-Based Access Control for Mobile Computing and Applications
Research Mentor: Steven Demurjian
This work will be incorporated into the Connecticut Concussion Tracker mobile application. The Connecticut Concussion Tracker (CT2) application that has been developed as a joint effort between the Depts of Physiology and Neurobiology, and Computer Science & Engineering at the University of Connecticut, in collaboration with faculty in the Schools of Nursing and Medicine in support of a newly passed law on concussions to be tracked K12 http://www.cga.ct.gov/2014/act/pa/pdf/2014PA-00066-R00HB-05113-PA.pdf.
Students will have the opportunity to work on 3 different projects:
Role-Based Access Control for Mobile Computing and Applications Focusing on the authentication process to allow a mobile application to access, share, and exchange information from different sources/applications. This work demonstrates a generalizable approach to realize role-based access control (RBAC) security for mobile applications that allows an information owner to define who can do what by role, which is then enforced via a dynamically customized version of the mobile application.
Spatio-Situation-Based Access Control Model for Dynamic Permission on Mobile Applications Focusing on dynamic permissions of mobile applications a user moves from location to location – a spatio approach that is based on a situation of what a user is doing. To illustrate, suppose a physician is accessing patient medical records from the practice at his/her office. If the physician is moving from his/her office to a hospital in a distinguishable geographic location (far enough away for differentiation via GPS and/or cell tower pinging), then the spatio aspect can be utilized to determine the correct appropriate privileges and allowed/prohibited access. If the office and hospital that are located in buildings across the street from one another (geographically indistinguishable), the physician may be prohibited from access to the office EMR while in the hospital.
Trust Profiling to Enable Adaptive Trust Negotiation in Mobile Devices Focusing on using credentials (extended, dynamic, attributes, etc.) to build up a profile for a user that accesses a group of systems and has established a pattern of access and permissions over time. A trust profile that contains a proof of history of successful access to sensitive data to facilitate identification and authentication for adaptive trust negotiation. The trust profile consists of a set of X.509 identity and attribute certificates, where a certificate is added whenever a user via a mobile application makes a successful attempt to request data from a server where no relationship between the user and server has previously existed as a result of trust negotiation.
Components for Student Participation
Research tasks for REU participants will include learning about secure mobile computing from the user side (access control models, delivering custom content to users, and adaptive certification). Project supervisors along with senior graduate students will work closely with the REU students and provide mentorship.