Enforcing spatio-temporal access control in mobile applications

Mobile application technology is quickly evolving and being progressively utilized in the commercial and public sectors. Such applications make use of spatio-temporal information to provide better services and functionalities. Authorization to such services often depends on the credentials of the user and also on the location and time. Although researchers have proposed spatio-temporal access control models for such applications, not much has been done with respect to enforcement of spatio-temporal access control. Towards this end, we provide a practical framework that allows one to enforce spatio-temporal policies in mobile applications. Our policy enforcement mechanism illustrates the practical viability of spatio-temporal authorization models and discusses potential challenges with possible solutions. Specifically, we propose an architecture for enforcing spatio-temporal access control and demonstrate its feasibility by developing a prototype. We also provide a number of protocols for granting and revoking access and formally analyze these protocols using the Alloy constraint solver to provide assurance that our proposed approach is indeed secure.