Towards Shrink-Wrapped Security: Practically Incorporating Context Into Security Services

The mobile workforce is rapidly increasing, and technological advances make it feasible for these workers to have ubiquitous access to a variety of resources with various protection requirements. The dynamic computing environment of these workers mandates a security paradigm in which security is tightly coupled with a user’s current situation. We have proposed a security paradigm to achieve this, called Shrink-Wrapped Security, in which security is constantly adapting to a user’s current situation, and a comprehensive amount of security-relevant context is used to characterize a user’s situation. We present an approach that uses generalized annotated programs (GAPs) to practically incorporate such context into security services, with a focus on access control. This allows us to represent context in a principled manner; consistently make security-related decisions; easily make temporary, ad-hoc changes to a security policy; and give a user feedback when access is denied so that she can make the appropriate adjustments.