IJCS_2016_0302006.pdf

8/16/2019 IJCS_2016_0302006.pdf

1/6

102 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016

International Journal of Computer Systems (ISSN: 2394-1065), Volume- 03, Issue-02, February 2016

Available at http://www.ijcsonline.com/

Context and Trust based adaptive security policy: A Survey

Jagadamba G Ȧ, and Sathish Babu B

B

ADepartment of Information Science and Engineering, Siddaganga Institute of Technology, Karnataka, IndiaBDepartment of Computer Science and Engineering, Siddaganga Institute of Technology, Karnataka, India

Abstract

Networks are distributed, and nodes spontaneously move from one network to another to access service in the ubiquitous

computing environments. In these situations, adaptive security is systems require self – adaptive nature by monitoring the

changes occurring in the operating environment and act accordingly at the runtime to overcome the security trade-offs.The adaptive security is achieved through continuous monitoring, observations, analysis and working adaptive security

policies for the applications. This paper surveys adaptive security systems and evaluates critical security services (i.e.

authentication, and authorization,). Based on our evaluation results, we provide future research recommendation in the

ubiquitous computing environment.

Keywords: Policy, Trust, Taxonomy, Context, Adaptive Security, Ubiquitous Network

I. I NTRODUCTION

A computing history [4] began with the centralizedcomputing followed with Client-Server computing, Internetcomputing, and Pervasive/Ubiquitous computing.Ubiquitous computing applications are found to operate inan open, dynamic, and flexible environment and haveenough freedom in selection and utilization of services atany time and place. The high spontaneity and heterogeneityof ubiquitous computing environments include self-adaptive applications [5] that are essential to realizing theubiquitous computing vision of invisibility and ubiquity.This nature of ubiquity and mobility is in need of securityissues including privacy, authentication, access control, andtrust. Usually, researchers concentrate on particularsecurity aspects such as secure service discovery, context-aware services, or trust model, or risk aware security,intrusion detection without looking at the capacity of thedevice or security requirements reflecting towardschanging network. There are no such works found which isaware of the deserved security level and define newsecurity policy accordingly to the changing environment.

The characteristics of heterogeneity in operatingapplication, network, and service require security in manyubiquitous environments including the smart spaces [8] andintelligent area. The necessary security in smart spaces ofthe ubiquitous computing and related technologies isachieved by considering the necessary adaptivemechanisms/policies [6]. The smart spaces include smartdevices that are aware of the context in which they operateand adapt themselves to the new surroundings andrequirements through security policies. A protection policydefined at the design time is not enough and cannot beconsidered to provide the security in the operationalenvironment. Protection policy deployed automatically atrun-time conquers much security to the current safetyrequirements of the environment [2]. The adopted security

continue to protect valuable assets from harm, even whensecurity concerns change dynamically based on theavailable context in the computing environment [3].

However, the security mechanism should be aware of thecapacity and context of the device for computation to

perform the analysis of the user behavior or environment.Thus, there is the need to focus the research on the adaptivesecurity policies by considering the operating contextthrough the trusted environment. From [7], adaptation doesnot only mean dynamic loading/replacement of softwarecomponents or technologies but satisfying the requirementsof application adaptation policies.

The security adaptation is not a new concept [1], it is the

desirability of a system, which adapts security in anautonomous manner, to answer as quickly and efficiently to

perceived security issues in the environment. Inconjunction with the above, an adaptive security is definedas the "security solution/protocol that senses, learns thechanges in the environment, device capacity, variations inthe network services with the anticipated threats and toadopt the new security requirements and execute itselfwithout the intrusion of the humans".

In our survey the security schemes based on adaptive policy generation for adopting security in the ubiquitouscomputing environment was reviewed and proposed anovel methodology to design an adaptive security

framework.The organization of the paper is as follows: section IIintroduces the motivation behind the review work, sectionIII with the policy based security review, section IV withthe context and trust based security policy system, andsection V concludes the survey work.

II. MOTIVATION

In the current scenario, the context-aware systems havereached the real world from the working laboratories. Thissituation necessarily gives scope to [9] the user trust andsecurity in context-aware systems with the feature ofadaptability. The exposed real world applications such asmilitary applications, health care management, tourism, e-

8/16/2019 IJCS_2016_0302006.pdf

2/6

Jagadamba G and Sathish Babu B Context and Trust based adaptive policy for Security: A Survey


business [10] smart spaces [11], [12] like - home, offices,university, etc., require incorporation of adaptive securityapproaches by integrating runtime adaptive security

policies.

Many research works stressed the importance of context

and trust based policy generation in the resourceconstrained ubiquitous computing environment. Accordingto [13], the ubiquitous/pervasive computing includes acomplex socio-technical system that needs beyondtraditional system-centric approaches for designing securitywith a well-approached analysis. The changing computingresources, accessing services, network, contexts, and usertrust characterized the ubiquitous environments a need forself-adaptive security policy [14].

Adaptive security methods can be classified by the utilizedattributes in the design. The classification also considershow the security parameters are adapted for the newvulnerabilities in the ubiquitous environment. However,

most of the security schemes limit the efficiency of a node by consuming a significant amount of node resources.Thus, the objective is to identify the adaptive securityschemes and sub-classifies them by the effectiveness ofsecurity they offer in the resource constrained ubiquitousnetwork.

III. POLICY BASED SECURITY

A security policy according to [15], is defined as a set ofrules for authorization, access control, and so on in theoperating environments. Policies are usually defined toevaluate trust, context, available computing resource indevices and networks [17], and roles played in thecomputing environment. The security policies are also

planned according to business needs while providingservices or applications to render security in

pervasive/ubiquitous/mobile networks. Hence, a clearstated specifications and goals [18] regarding adaptivesecurity based on policies are concentrated in theubiquitous security network.

The taxonomy of policy-based security in the ubiquitouscomputing system is given in Fig. 1. The figure shows thecategorization of policies based on the operation nature,

i.e., the policies can be predefined or adaptive whiledesigning the security scheme/protocol.

Policy

Role based policy

(adaptive or predefined)

Context based policy(adaptive or predefined)

Trust based policy


Security based policy


Application based policy


Hierarchy of role


Context of role


High Level Security


Medium Level security


low Level security


High Level Security(adaptive or predefined)

Medium Level security


low Level security


Figure 1: Taxonomy of policy based security

From the Fig 1, the policies are based on various attributes.Among them, application based security policies provide

procedures according to the requirement of the application.Further, the application security can depend on the service

level or context based. The context based security policycan be defined once and continued accordingly or candynamically change with the user context. The user contextcan depend upon the role he is playing in the environment.The policies are set according to the job hierarchy the useris playing in the organization or environment in which he is

present. Besides these, the security policy can solelydepend on the trust the user has gained in the operatingenvironment. Other than the discussed categories, thesecurity policies can be according to theapplication/environment security levels. Hence, all thesecategories contribute to design the security policies.

The policies are defined as rules governing choices in

actions of the system derived from trust relationships,enterpriser ’s goals and service level agreements. Thedisclosure of policies is again a security breach [16] that

can hamper the whole system security when the policiesare predefined. Hence, the policies are altered dynamicallyto endow security.

The translation of the adaptive policies from old to the new policy is achieved through ontology [19]. Ontology isrepresented like an administrator with the domainknowledge and security reasoning on best practice rules bycreating desired configurations for network-level securitycontrols (e.g., firewall and secure channels). An absence ofautomated reasoning for policy derivation and the usage ofthe human administrator always make the system non-adaptive. The system becomes partial adaptive when someaccess services using multiple channels. Though most ofthe channels assure secure communication, it is not

practically remarkable. Hence, a well-managed context-aware security characterization of access services byadaptivity and multichannel access is much needed [21].

However, greater challenges were faced while developingframeworks to address security and privacy issuesassociated with the context-aware systems [22]. On the

8/16/2019 IJCS_2016_0302006.pdf

3/6



contradictory, context awareness enhances theeffectiveness of the mechanisms by incorporatingcontextual data into a decision-making process [23]. Thecontext can be behavioral, computing or physical. Contextis nothing but the information that defines the situation,status, environment, device capability, QoS (Quality of

Service), availability and activity about an entity. Fig 2 andFig 3 shows the detailed taxonomy of the context and trustrespectively in the ubiquitous environment.

IV. SECURITY POLICY BASED ON CONTEXT ANDTRUST

The idea of adaptive and ubiquitous systems is already a

subject of intense research for several years to see context

information as intellectual property to enforce security

[20]. The technologies evolved nowadays enable users toContext-based security applied through policies expressclear and concise practices [25]. An inclusion of contextaware security through policies may be a guideline todesign the framework. The security policies based oncontext gets on appropriate mechanism to enforce the

required level of security for the existing or futuresituations. An access control models always try to uselocation and time as a context, but [26] used state/situationand relations between the entity as a context.

An Ontology-based Context-Aware Access Control basedon policy model was considered for the context model.Except the inference of high-level implicit contextinformation according to operator-defined rules and some

performance overhead for access control, the work wasappraisable.

Figure 2: Taxonomy of Context

Moreover, the policy based securities are adopted forcentralized mechanism and rarely on the decentralized

mechanism. The concept of the centralized approach usedsharing of resources by the policy based securecommunication.

Some of the works that are adaptive towards security usinga centralized approach were reviewed and found some ofthe interesting things about context based security. Theapproach in [27] followed design specification andmodifications without coding into automated agents. The

policies defined could do with persistent and can bedynamically modified accordingly to change the system

behavior without changing implementation (not newfunctionality). The [28] supported applications in a

pervasive computing environment by presenting a software

architecture adaptation for a set of mobile users accessingshared information through a variety of devicescommunicating over a heterogeneous communications

infrastructure. The design uses queuing models andsecurity analysis on policies with the performance

modeling on mobile users with time-varying resources andheterogeneous devices. The work neglected to considerenvironmental context and trust about the user. Secure andtrusted context information [29] was considered by thesecurity policy enforcement in the dynamic environment.

The context-aware services raise a risk of security and privacy, but a straightforward approach keeps the risk behind. The usage of context [24] provides security as a primary attribute of the ubiquitous network, where theservices more often are context-aware.

A context sensible policy based solution to secure access toservice through service discovery in small scale and largescale ubiquitous computing environment will provide bestadaptive security [30]. But, trust related issues [30] liketrust evaluation or investigations about trusted party andhow context is acquitted in the system is absent.

Physical

context

Behavioural

context

ContextComputing

context

Location

Time

Situation

Surroundings

Activity

Device

Capacity

Service

Bandwidth

CommunicationCost

Network

Capacity

Temperature

Noise

Sensitivity level

Light

Computation

Cost

8/16/2019 IJCS_2016_0302006.pdf

4/6



Attributes based trust

Service based trust

Trust basedsecurity

Policy based trust

Entity based trust

Context based trust

Physical context

Behavioural/User

context

Direct/Experiencetrust

Recommendation/

Indirect trust

Predefined policy

Adaptive Policy

Reputation trust

Computing context

Role based trust

Contest-Role basedtrust

Service coupled with

context

Level of securityservice requirement

Context based on temperature,

light, noise, sensitivity level

Context based device capacity,

network capacity, service,

bandwidth, communication and

computational cost

Context based on location, time,

situation, activity surroundings

Indirect observation or experience

through recommendation

Direct observation or experience

Continues positive/negative

feedback

Timely defined static polices defined

at runtime based on applications/

services

Dynamic polices defined according

to context and scenarios of

applications/services utilized

Hierarchy based role trust and role

played in the computing

environment,

Role based polices defined according

to context and scenarios for

applications/services

Trust requirement for individual

service according to context

Trust requirement according to level

of service

Figure 3: Taxonomy of Trust

An attempt to combine centralized and decentralizedapproach [31] was done using the trust parameter for the e-commerce applications. Where, a policy based trustmechanisms are utilized for centralized approach andreputation-based mechanism for the decentralizedapproach. The work concentrated more on the verificationof the source of information through authentication. Theutilization of encryption and signature mechanisms delayedthe performance and extravagant to computationalcapacity.

In the health care application, an adaptive policy definerand the manager consider the predefined context (critical,dangerous, and stable) for access control according toseverity level. As per the required treatment, anadministrator does not have the privilege to change theaccess related policy mathematically, but a specialistrecommendation is most solicited in this situation The

proposal in [32] includes a context-driven trust to evaluatethe authenticity of a user through adaptive security throughthe evaluation process. The complexity of trustcomputation level depends upon the security level. Aconsideration of the capacity of user’s device wasneglected while computing the required level of security.Another proposal [33] was found to ignore the availabilityof computational resources. Here, the levels of trust arerealized according to the user behavior, to access theapplication software based on experience, recommendation

and knowledge-based. In [34], higher level trust requiresmore computational time and cost resulted in higheroverhead. The proposal [33] also neglects to verify thecapacity of the device while evaluating the authenticationof a user. The policies for access control implemented intrust negotiation or for defining context priority [35] is

based on available computational capacity. Ontology basedinformation is used to determine the trust levels of theclients or for assigning trust rights in the given context. Atestbed for an intelligence security system was created totest the efficiency of the work. The analysis shows toconcentrate on security for acted actions, instead ofworking for each action on a large scale ubiquitousnetwork communicated through heterogeneous devices andservices. Finally, designing of the trust based security

policies in the operating context was a major thought. Todo so, a high level of flexibility, without a considerable lossof simplicity, was the central principle. A service-basedapplication modeled and expressed in the form of self-adaptation policies [36] based on utility functions adoptedcontext-aware security using the MAUT(i.e., MAPE modelrepresented as MAUT) and GRBAC (General Role BasedAccess Control) in RFID/USN environments. The policieswere defined according to the number of targets,

requirements, applications and services available. Inaddition to this, the proposal [36] was adaptive to considercontext integration with the detection and modification

policies. The performance was compared with the Gaia

8/16/2019 IJCS_2016_0302006.pdf

5/6



[37] and Aura [38] with the security context. A negligenceof security concern to context-aware service was foundwith the inclusion of heterogeneity below the lower level ofan application layer.

The user behavior analysis using context variables of the

environment and trust, to define an adaptive security policyfor the information security management was the thought[39]. The security aspects of user behavior analysis andtrust in behavior complimented the environmental contextand biometric technologies as a base for defining anadaptive security policy. The policy set is defined to workin a flexible way by utilizing the trust and context of thehuman. This provided the proper approach to propose acontext and trust based adaptive security policies forhuman behaviors. The involvement of self-adaptive naturewill make any application or system more dynamic tosecurity actions.

Work [40] focused more on need-to-know principle by

using context and events to authorize subjects (users in theairport) to access data and physical objects (resources) onthe activation of attribute based access control as securityrules. Security rules depend upon the meta-rules definedwhile determining activation/deactivation of contexts. Therisk modeling has been mapped to attribute based accesscontrol to identify vulnerabilities in the environment. Theenvironmental information is found to be unbounded withthe spatial information to make the model adaptive towardsaccess control. Another user behavior based access controlmodel using ontology is presented [41]. The access controlis based on security policy formed from the prediction offuture actions of dependent people using historical data,contextual data and user behavior data. The method used

for user behaviors extraction and contextual data gatheringwas found to be absent in the approach.

An entity oriented security model based on trust assessmentfor e-Health system is proposed [42]. Here a novel set oftrust assessment metrics was utilized to assess a particular

property of a security system (i.e. partial metrics) or entire properties (i.e. total metrics) to make the model flexible inits approach and facilitates an entity trust depending on thecontextual need. The architectural design of the trustassessment system was well structured with trustcomputation. These characteristics are well-guidedapproaches to non-generic and non-awareness towardsenvironmental context.

From the above reviews, it was found that the securityframeworks based on policies are becoming a hot researchtopic in the ubiquitous networks. The framework ofsecurity policies involved for evaluation of context andtrust towards performance based on ontology may be a oneof the ideas for adaptive security. Otherwise, the security

policies are designed for proper monitoring and collectionof contextual and trust information’s and generation ofsecurity policies according to the required level is ananother criteria that suit well for the ubiquitousenvironment. Fig 5 shows the security design lifecycle

based on context and trust to build an adaptive security policy. The policy generation according to the situation

need makes the security framework adaptive and will beable to work efficiently regarding energy and timeconsumption compared to non-adaptive securityframework.

Classification Situation Analysis

Change in context

Ubiquitous Computing Environment

Trust Evalauation

Observe User behaviour New Request

Security policy

Figure 5: Lifecycle of adaptive security using policy

IV. FUTURE WORK

The existing works never cover the whole process of providing the adaptive security. While designing adaptivesecurity, many works in the field of ubiquitous are based

on the trust and contextual information. A framework togather operational environmental information, analyzingand planning the relevant security attributes are necessaryfor the heterogeneous world.

In future, the security policies for the today scenarios are to be adaptive by analyzing the changing situation. A run-time adaptive security policy is required while designingthe framework. If adaptivity is not included, the staticnature can create a route for the malicious activities.Hence, adaptive security policies are to be defined while

providing the security to the applications in the ubiquitousnetwork through proper monitoring, classification,

planning and execution based on context and trust

attributes.

Consequently, an additional research work is needed in thefield of risk and threat management.

V. CONCLUSION

The world of heterogeneous network and devices do notdrive with the regular static security policies. Hence, adynamic policy nature is most required in the ubiquitousnetwork, where the service and resources are shared and

provided according to the user requirements.

This paper proposed a framework to design an adaptive

security scheme that is based on contextual information andlevel of the trust the user is possessing in the ubiquitousenvironment. The framework also provides the automaticgeneration of right policy at the run time.

R EFERENCES

[1] Alexis Olivereau, Basil Hess, Emil Slusanschi, Enrico Lehmann,“Specication of adaptive security protocols-secure and trustedmediation layer for wireless sensor networks”, Version 2,Trustworthy Wireless Industrial Sensor (TWIS) Networks, 2013.

[2] He, Ruan and Lacoste, Marc, “Applying component-based designto self- protection of ubiquitous systems”, in: Proceedings of the 3rdACM workshop on Software engineering for pervasive services,

ACM, pp. 9-14, 2008.

[3] Pasquale L, Ghezzi C, Menghi C, Tsigkanos C, Nuseibeh B ,“Topology aware adaptive security”,. in: Proceedings of the 9th

8/16/2019 IJCS_2016_0302006.pdf

6/6



International Symposium on Software Engineering for Adaptiveand Self-Managing Systems, ACM, pp. 43-48, 2014.

[4] Patel A, Nordin R, Al-Haiqi A, “ Beyond ubiquitous computing:The malaysian honeybee project f or innovative digital economy”,Computer Standards & Interfaces, vol. 36(5), pp. 844-854, 2014.

[5] Lee K, Lee D, Hyun SJ, “ A self -adaptation model for ubiquitouscomputing applications”, 2010.

[6]

Cotroneo D, Graziano A, Russo S. Security requirements in serviceoriented architectures for ubiquitous computing. In: Proceedings ofthe 2nd workshop on Middleware for pervasive and ad-hoccomputing, ACM, pp. 172-177, 2004.

[7] Da K, Dalmau M, Roose P, “ A survey of adaptation systems”,Interna tional Journal on Internet and Distributed ComputingSystems, vol. 2(1), pp. 1-18, 2011.

[8] Evesti A, Suomalainen J, Ovaska E, “ Architecture and knowledge-driven self-adaptive security in smart space”, Computers, vol. 2(1), pp. 34-66, 2013.

[9] Mayrhofer R, Schmidtke HR, Sigg S, “Security and trust in context-aware applications. Personal and Ubiquitous Computing, vol. 18(1), pp. 115-116, 2014.

[10] Li F, Pie nkowski D, Van Moorsel A, Smith C. A holisticframework for trust in online transactions. International Journal of

Management Reviews, vol. 14(1), pp. 85-103, 2012.

[11] Yan Z, Zhang P, Vasilakos AV. A security and trust framework forvirtualized networks and software-de ned networking. Security andCommunication Networks, 2015.

[12] Wilson C, Hargreaves T, Hauxwell-Baldwin R. Smart homes andtheir users: a systematic analysis and key challenges. Personal andUbiquitous Computing, vol. 19(2), pp. 463-476, 2015.

[13] Thomas RK, Sandhu R, “Models, protocols, and architectures forsecure pervasive computing: Challenges and research directions”,2004.

[14] Alia M, Lacoste M, “A QoS and security adaptation model forautonomic pervasive systems”, iIn: 32nd Annual IEEE Internationalconference on Computer Software and Applications,COMPSAC'08, IEEE, pp 943-948, 2008.

[15] Kagal L, Finin T, Joshi A, “Trust-based security in pervasive

computing environments”, Computer, vol. 34(12), pp. 154-157,2001.

[16] Pathan, Khan AS, “ Editorial article: On the boundaries of trust andsecurity in computing and communications systems”, InternationalJournal of Trust Management in Computing and Communications,vol. 2(1), pp.1-6, 2014.

[17] Thyagaraju G, Kulkarni UP , “ Design and implementation of usercontext aware recommendation engine for mobile using bayesiannetwork, fuzzy logic and rule base”, International Journal ofPervasive Computing and Communications, vol. 8(2), pp.133-157,2012.

[18] Brosso I, La Neve A, “Information security management based onadapive security policy using user behavior analysis”, Strategic andPractical Approaches for Information Security Governance:Technologies and Applied Solutions: Technologies and AppliedSolutions, pp. 326, 2012b.

[19] Basile C, Lioy A, Scozzi S, Vallini M, “ Ontology-based security policy translation”, Journal of Information Assurance and Security,vol. 5(1), pp. 437-445, 2010.

[20] Fahrmair, Michael and Sitou, Wassiou and Spanfelner Bernd ,“Security and privacy rights management for mobile and ubiquitouscomputing”, Workshop on UbiComp Privacy, vol. 40, 2005.

[21] Cappiello, Cinzia and Comuzzi, Marco and Mussi, Enrico andPernici, Barbara, “Context management for adaptive informationsystems”, Electronic Notes in Theoretical Computer Science,vol.146(1), pp.69-84, Elsevier, 2006.

[22] Han, Dae-Man and Lim, Jae-Hyun, “ Design and implementation ofsmart home energy management systems based on zigbee”,Transactions on Consumer Electronics, IEEE, vol.56(3), pp. 1417-1425, 2010.

[23] Habib, Kashif and Leister, Wolfgang, “Context-Aware

Authentication for the Internet of Things”, in Eleventh InternationalConference on Autonomic and Autonomous Systems, 2015,Available from: Wolfgang Leister, Retrieved on 10th, July 2015.

[24] A K Dey, “Understanding and using context”, Personal andUbiquitous Computing, vol.5(1), pp. 4-7, 2001.

[25] Brezillon, Patrick and Most{\'e}faoui, Ghita Kouadri , “Context- based security policies: A new modeling approach”, in proceedingsof the 2nd IEEE Annual Conference on Pervasive Computing andCommunications Workshops, IEEE, pp. 154-158, 2004.

[26] Kayes A, Han J, Colman A, “ Ontcaac: an ontology-based approachto context-aware access control for softwar e services”, TheComputer Journal, pp. 0-3, 2015.

[27] Sloman, Morris, “Will Pervasive Computing be Manageable?”,Imperial College, Department of Computing, London UK,Presented in Open Vie User’s Conference, 2001.

[28] Cheng, Shang-Wen and Garlan, David and Schmerl, Bradley andSousa, Joao Pedro and Spitznagel, Bridget and Steenkiste, Peter andHu, Ningning, “Software architecture-based adaptation for pervasive systems”, in Trends in Network and PervasiveComputing — ARCS, Springer, pp. 67--82, 2002.

[29] Pasquale L, Ghezzi C, Menghi C, Tsigkanos C, Nuseibeh B,“Topology aware adaptive security”, in: Proceedings of the 9thInternational Symposium on Software Engineering for Adaptiveand Self-Managing Systems, ACM, pp. 43-48, 2014.

[30] Kang S, Kim D, Lee Y, Hyun SJ, Lee D, Lee B , “A semantic

service discovery network for large-scale ubiquitous computingenvironments”, ETRI journal, vol. 29(5), pp.545-558, 2007.

[31] Siddiqui MY, Gir A, “Integration of policy and reputation basedtrust mechanisms in e-commerce industry”, International Journal ofComputer Applications, vol. 110(8), 2015.

[32] Lenzini G, Bargh MS, Hulsebosch B, “Trust-enhanced security inlocation- based adaptive authentication”, Electronic Notes inTheoretical Computer Science, vol. 197(2), pp.105-119, 2008.

[33] Brosso I, La Neve A, Bressan G, Ruggiero W V, “A continuousauthentication system based on user behavior analysis”, in:International Conference on Availability, Reliability, and Security,IEEE, pp. 380-385, 2010.

[34] Rajesh A K, Mohan N, “Multilevel trust architecture for mobileadhoc networks based on context-aware”, Journal of Theoreticaland Applied Information Technology, vol. 59(2), 2014.

[35]

Abi-Char P, Mokhtari M, Mhamed A, El-Hassan B, “ A dynamictrustbased context-aware authentication framework with privacy preserving”, in ternational Journal of Computer and NetworkSecurity, vol. 2, pp. 2, 2010.

[36] Lee K, Yang S, Jun S, Chung M, “Context-aware security servicein RFID/USN environments using MAUT and extended GRBAC”in: 2nd In ternational Conference on Digital InformationManagement, IEEE, vol 1, pp. 303-308, 2007.

[37] Ranganathan A, “A task execution framework for autonomicubiquitous computing”, PhD thesis, University of Illinois atUrbana-Champaign, 2005.

[38] Sousa JP, “Scaling task management in space and time: Reducinguser overhead in ubiquitous-computing environments”, Tech. rep.,DTIC Document, 2005.

[39] Brosso I, La Neve A, “Adaptive Security Policy Using UserBehavior Analysis and Human Elements of Information Security”,Fuzzy Logic Emerging Technologies and Applications, INTECHOpen Access Publisher, 2012a.

[40] Fugini M, Hadjichristo G, Teimouriki”a M,Dynamic securitymodeling in risk management using environmental knowledge”,iIn: 23rd International WETICE Conference, IEEE, pp. 429-434,2014.

[41] Zerkouk, Meriem and Mhamed, Abdallah and Messabih, Belhadri ,“A user profile based access control model and architecture”, arXiv preprint arXiv:1302.1667, 2013.

[42] Bahtiyar S, C aglayan M U, “ Trust assessment of security for e -health systems:, Electronic Commerce Research and Applications,vol. 13(3), pp.164-177, 2014.

Documents

IJCS_2016_0302006.pdf