An Intercepting API-Based Access Control Approach for Mobile Applications

Yaira K. Rivera Sánchez; Steven A. Demurjian; Lukas Gnirke

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

An Intercepting API-Based Access Control Approach for Mobile Applications

Topics: App Development Methods; Application of Mobile Information Systems; Mobile APIs and Services; Mobile Web

In Proceedings of the 13th International Conference on Web Information Systems and Technologies WEBIST - Volume 1, 137-148, 2017 , Porto, Portugal

Authors: Yaira K. Rivera Sánchez ¹ ; Steven A. Demurjian ¹ and Lukas Gnirke ²

Affiliations: ¹ University of Connecticut, United States ; ² Oberlin College

Keyword(s): Access Control, Application Programming Interface (API), Authorization, Data Management, Mobile Application, Mobile Computing, Representational State Transfer (REST), Role-Based Access Control (RBAC).

Related Ontology Subjects/Areas/Topics: Mobile APIs and Services ; Mobile Information Systems ; Web Information Systems and Technologies

Abstract: Mobile device users employ mobile applications to realize tasks once limited to desktop devices, e.g., web browsing, media (audio, video), managing health and fitness data, etc. While almost all of these applications require a degree of authentication and authorization, some involve highly sensitive data (PII and PHI) that must be strictly controlled as it is exchanged back and forth between the mobile application and its server side repository/database. Role-based access control (RBAC) is a candidate to protect highly sensitive data of such applications. There has been recent research related to authorization in mobile computing that has focused on extending RBAC to provide a finer-grained access control. However, most of these approaches attempt to apply RBAC at the application-level of the mobile device and/or require modifications to the mobile OS. In contrast, the research presented in this paper focuses on applying RBAC to the business layer of a mobile application, specificall y to the API(s) that a mobile application utilizes to manage data. To support this, we propose an API-Based approach to RBAC for permission definition and enforcement that intercepts API service calls to alter information delivered/stored to the app. The proposed intercepting API-based approach is demonstrated via an existing mHealth application. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.218.254.122

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

K. Rivera Sánchez, Y.; A. Demurjian, S. and Gnirke, L. (2017). An Intercepting API-Based Access Control Approach for Mobile Applications. In Proceedings of the 13th International Conference on Web Information Systems and Technologies - WEBIST; ISBN 978-989-758-246-2; ISSN 2184-3252, SciTePress, pages 137-148. DOI: 10.5220/0006354301370148

@conference{webist17,
author={Yaira {K. Rivera Sánchez}. and Steven {A. Demurjian}. and Lukas Gnirke.},
title={An Intercepting API-Based Access Control Approach for Mobile Applications},
booktitle={Proceedings of the 13th International Conference on Web Information Systems and Technologies - WEBIST},
year={2017},
pages={137-148},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006354301370148},
isbn={978-989-758-246-2},
issn={2184-3252},
}

TY - CONF

JO - Proceedings of the 13th International Conference on Web Information Systems and Technologies - WEBIST
TI - An Intercepting API-Based Access Control Approach for Mobile Applications
SN - 978-989-758-246-2
IS - 2184-3252
AU - K. Rivera Sánchez, Y.
AU - A. Demurjian, S.
AU - Gnirke, L.
PY - 2017
SP - 137
EP - 148
DO - 10.5220/0006354301370148
PB - SciTePress