loading
Papers

Research.Publish.Connect.

Paper

Authors: Yaira K. Rivera Sánchez 1 ; Steven A. Demurjian 1 and Lukas Gnirke 2

Affiliations: 1 University of Connecticut, United States ; 2 Oberlin College

ISBN: 978-989-758-246-2

Keyword(s): Access Control, Application Programming Interface (API), Authorization, Data Management, Mobile Application, Mobile Computing, Representational State Transfer (REST), Role-Based Access Control (RBAC).

Related Ontology Subjects/Areas/Topics: Mobile APIs and Services ; Mobile Information Systems ; Web Information Systems and Technologies

Abstract: Mobile device users employ mobile applications to realize tasks once limited to desktop devices, e.g., web browsing, media (audio, video), managing health and fitness data, etc. While almost all of these applications require a degree of authentication and authorization, some involve highly sensitive data (PII and PHI) that must be strictly controlled as it is exchanged back and forth between the mobile application and its server side repository/database. Role-based access control (RBAC) is a candidate to protect highly sensitive data of such applications. There has been recent research related to authorization in mobile computing that has focused on extending RBAC to provide a finer-grained access control. However, most of these approaches attempt to apply RBAC at the application-level of the mobile device and/or require modifications to the mobile OS. In contrast, the research presented in this paper focuses on applying RBAC to the business layer of a mobile application, specifically to the API(s) that a mobile application utilizes to manage data. To support this, we propose an API-Based approach to RBAC for permission definition and enforcement that intercepts API service calls to alter information delivered/stored to the app. The proposed intercepting API-based approach is demonstrated via an existing mHealth application. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 34.204.173.45

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
K. Rivera Sánchez, Y.; A. Demurjian, S. and Gnirke, L. (2017). An Intercepting API-Based Access Control Approach for Mobile Applications.In Proceedings of the 13th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-758-246-2, pages 137-148. DOI: 10.5220/0006354301370148

@conference{webist17,
author={Yaira K. Rivera Sánchez. and Steven A. Demurjian. and Lukas Gnirke.},
title={An Intercepting API-Based Access Control Approach for Mobile Applications},
booktitle={Proceedings of the 13th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2017},
pages={137-148},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006354301370148},
isbn={978-989-758-246-2},
}

TY - CONF

JO - Proceedings of the 13th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - An Intercepting API-Based Access Control Approach for Mobile Applications
SN - 978-989-758-246-2
AU - K. Rivera Sánchez, Y.
AU - A. Demurjian, S.
AU - Gnirke, L.
PY - 2017
SP - 137
EP - 148
DO - 10.5220/0006354301370148

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.