@MASTERSTHESIS\{IMM2017-07038,
    author       = "D. Iatrou",
    title        = "Context Aware Access Control",
    year         = "2017",
    school       = "Technical University of Denmark, Department of Applied Mathematics and Computer Science",
    address      = "Richard Petersens Plads, Building 324, {DK-}2800 Kgs. Lyngby, Denmark, compute@compute.dtu.dk",
    type         = "",
    note         = "{DTU} supervisor: Christian D. Jensen, cdje@dtu.dk, {DTU} Compute",
    url          = "http://www.compute.dtu.dk/english",
    abstract     = "Logical access control aims to protect digital assets from being compromised by unauthorized users. While, in most cases, logical and physical access control have clear boundaries, this is not the case when data is projected on an external device. Even state of the art access control policies cannot ensure data confidentiality if the environment surrounding the computer that contains the data is not secured properly. All traditional access control models are based on the same assumption, that the system is physically secured. However, this is not always true since data can be represented in numerous ways and different devices. The problem becomes more distinct in corporate environments with open plan offices where monitors and printers are stationed in plain view.
In this thesis, we study the possibility of a Sensor Enhanced Access Control (SEAC) model, which is constantly aware of its surroundings, enhancing it with contextual awareness. The aim is to extend logical access control to physical objects with the use of sensors providing all the required information of the system’s environment, such as who is currently present and whether someone  is approaching. The access decisions are taking into consideration both the logical policies and the sensor readings. The theoretical model evaluates the access levels of data represented on the monitor with the access levels of an approaching user. If the approaching subject is not authorized to access any of the opened files, the system proceeds to make the windows representing them invisible.
A prototype of the model has been developed to provide proof of concept. The prototype secures the displayed data, by modifying their windows, making them invisible to unauthorized subjects nearby. A user tracking algorithm and a camera track users at all times, enabling contextual awareness. The logical access control is regulated by the Unix system and the existing access control policy. The prototype can be extended with additional sensors, that can provide additional features and strengthen security."
}