International Journal of Computer Systems (ISSN: 2394-1065), Volume- 03, Issue-02, February 2016

Available at http://www.ijcsonline.com/

Context and Trust based adaptive security policy: A Survey

Jagadamba G , and Sathish Babu BB
A

Department of Information Science and Engineering, Siddaganga Institute of Technology, Karnataka, India
Department of Computer Science and Engineering, Siddaganga Institute of Technology, Karnataka, India

Abstract
Networks are distributed, and nodes spontaneously move from one network to another to access service in the ubiquitous
computing environments. In these situations, adaptive security is systems require self adaptive nature by monitoring the
changes occurring in the operating environment and act accordingly at the runtime to overcome the security trade-offs.
The adaptive security is achieved through continuous monitoring, observations, analysis and working adaptive security
policies for the applications. This paper surveys adaptive security systems and evaluates critical security services (i.e.
authentication, and authorization,). Based on our evaluation results, we provide future research recommendation in the
ubiquitous computing environment.
Keywords: Policy, Trust, Taxonomy, Context, Adaptive Security, Ubiquitous Network

I.

INTRODUCTION

A computing history [4] began with the centralized

computing followed with Client-Server computing, Internet
computing,
and
Pervasive/Ubiquitous
computing.
Ubiquitous computing applications are found to operate in
an open, dynamic, and flexible environment and have
enough freedom in selection and utilization of services at
any time and place. The high spontaneity and heterogeneity
of ubiquitous computing environments include selfadaptive applications [5] that are essential to realizing the
ubiquitous computing vision of invisibility and ubiquity.
This nature of ubiquity and mobility is in need of security
issues including privacy, authentication, access control, and
trust. Usually, researchers concentrate on particular
security aspects such as secure service discovery, contextaware services, or trust model, or risk aware security,
intrusion detection without looking at the capacity of the
device or security requirements reflecting towards
changing network. There are no such works found which is
aware of the deserved security level and define new
security policy accordingly to the changing environment.
The characteristics of heterogeneity in operating
application, network, and service require security in many
ubiquitous environments including the smart spaces [8] and
intelligent area. The necessary security in smart spaces of
the ubiquitous computing and related technologies is
achieved by considering the necessary adaptive
mechanisms/policies [6]. The smart spaces include smart
devices that are aware of the context in which they operate
and adapt themselves to the new surroundings and
requirements through security policies. A protection policy
defined at the design time is not enough and cannot be
considered to provide the security in the operational
environment. Protection policy deployed automatically at
run-time conquers much security to the current safety
requirements of the environment [2]. The adopted security
continue to protect valuable assets from harm, even when
security concerns change dynamically based on the
available context in the computing environment [3].

However, the security mechanism should be aware of the

capacity and context of the device for computation to
perform the analysis of the user behavior or environment.
Thus, there is the need to focus the research on the adaptive
security policies by considering the operating context
through the trusted environment. From [7], adaptation does
not only mean dynamic loading/replacement of software
components or technologies but satisfying the requirements
of application adaptation policies.
The security adaptation is not a new concept [1], it is the
desirability of a system, which adapts security in an
autonomous manner, to answer as quickly and efficiently to
perceived security issues in the environment. In
conjunction with the above, an adaptive security is defined
as the "security solution/protocol that senses, learns the
changes in the environment, device capacity, variations in
the network services with the anticipated threats and to
adopt the new security requirements and execute itself
without the intrusion of the humans".
In our survey the security schemes based on adaptive
policy generation for adopting security in the ubiquitous
computing environment was reviewed and proposed a
novel methodology to design an adaptive security
framework.
The organization of the paper is as follows: section II
introduces the motivation behind the review work, section
III with the policy based security review, section IV with
the context and trust based security policy system, and
section V concludes the survey work.

II.

MOTIVATION

In the current scenario, the context-aware systems have

reached the real world from the working laboratories. This
situation necessarily gives scope to [9] the user trust and
security in context-aware systems with the feature of
adaptability. The exposed real world applications such as
military applications, health care management, tourism, e-

102 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016

Jagadamba G and Sathish Babu B

Context and Trust based adaptive policy for Security: A Survey

business [10] smart spaces [11], [12] like - home, offices,

university, etc., require incorporation of adaptive security
approaches by integrating runtime adaptive security
policies.
Many research works stressed the importance of context
and trust based policy generation in the resource
constrained ubiquitous computing environment. According
to [13], the ubiquitous/pervasive computing includes a
complex socio-technical system that needs beyond
traditional system-centric approaches for designing security
with a well-approached analysis. The changing computing
resources, accessing services, network, contexts, and user
trust characterized the ubiquitous environments a need for
self-adaptive security policy [14].
Adaptive security methods can be classified by the utilized
attributes in the design. The classification also considers
how the security parameters are adapted for the new
vulnerabilities in the ubiquitous environment. However,
most of the security schemes limit the efficiency of a node
by consuming a significant amount of node resources.
Thus, the objective is to identify the adaptive security
schemes and sub-classifies them by the effectiveness of
security they offer in the resource constrained ubiquitous
network.

III.

POLICY BASED SECURITY

A security policy according to [15], is defined as a set of

rules for authorization, access control, and so on in the
operating environments. Policies are usually defined to
evaluate trust, context, available computing resource in
devices and networks [17], and roles played in the
computing environment. The security policies are also
planned according to business needs while providing
services or applications to render security in
pervasive/ubiquitous/mobile networks. Hence, a clear
stated specifications and goals [18] regarding adaptive
security based on policies are concentrated in the
ubiquitous security network.
The taxonomy of policy-based security in the ubiquitous
computing system is given in Fig. 1. The figure shows the
categorization of policies based on the operation nature,
i.e., the policies can be predefined or adaptive while
designing the security scheme/protocol.

Policy
Role based policy

Application based policy

(adaptive or predefined)

(adaptive or predefined)

Context based policy

(adaptive or predefined)

Trust based policy

(adaptive or predefined)

Security based policy

High Level Security
(adaptive or predefined)

(adaptive or predefined)

Hierarchy of role
(adaptive or predefined)
Context of role
(adaptive or predefined)

High Level Security

(adaptive or predefined)

Medium Level security

(adaptive or predefined)

Medium Level security

(adaptive or predefined)

low Level security

(adaptive or predefined)

low Level security

(adaptive or predefined)

Figure 1: Taxonomy of policy based security

From the Fig 1, the policies are based on various attributes.

Among them, application based security policies provide
procedures according to the requirement of the application.
Further, the application security can depend on the service
level or context based. The context based security policy
can be defined once and continued accordingly or can
dynamically change with the user context. The user context
can depend upon the role he is playing in the environment.
The policies are set according to the job hierarchy the user
is playing in the organization or environment in which he is
present. Besides these, the security policy can solely
depend on the trust the user has gained in the operating
environment. Other than the discussed categories, the
security
policies
can
be
according
to
the
application/environment security levels. Hence, all these
categories contribute to design the security policies.
The policies are defined as rules governing choices in
actions of the system derived from trust relationships,
enterprisers goals and service level agreements. The
disclosure of policies is again a security breach [16] that

can hamper the whole system security when the policies

are predefined. Hence, the policies are altered dynamically
to endow security.
The translation of the adaptive policies from old to the new
policy is achieved through ontology [19]. Ontology is
represented like an administrator with the domain
knowledge and security reasoning on best practice rules by
creating desired configurations for network-level security
controls (e.g., firewall and secure channels). An absence of
automated reasoning for policy derivation and the usage of
the human administrator always make the system nonadaptive. The system becomes partial adaptive when some
access services using multiple channels. Though most of
the channels assure secure communication, it is not
practically remarkable. Hence, a well-managed contextaware security characterization of access services by
adaptivity and multichannel access is much needed [21].
However, greater challenges were faced while developing
frameworks to address security and privacy issues
associated with the context-aware systems [22]. On the

103 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016

Jagadamba G and Sathish Babu B

Context and Trust based adaptive policy for Security: A Survey

contradictory,
context
awareness
enhances
the
effectiveness of the mechanisms by incorporating
contextual data into a decision-making process [23]. The
context can be behavioral, computing or physical. Context
is nothing but the information that defines the situation,
status, environment, device capability, QoS (Quality of
Service), availability and activity about an entity. Fig 2 and
Fig 3 shows the detailed taxonomy of the context and trust
respectively in the ubiquitous environment.

[20]. The technologies evolved nowadays enable users to

Context-based security applied through policies express
clear and concise practices [25]. An inclusion of context
aware security through policies may be a guideline to
design the framework. The security policies based on
context gets on appropriate mechanism to enforce the
required level of security for the existing or future
situations. An access control models always try to use
location and time as a context, but [26] used state/situation
and relations between the entity as a context.

IV. SECURITY POLICY BASED ON CONTEXT AND

TRUST

An Ontology-based Context-Aware Access Control based

on policy model was considered for the context model.
Except the inference of high-level implicit context
information according to operator-defined rules and some
performance overhead for access control, the work was
appraisable.

The idea of adaptive and ubiquitous systems is already a

subject of intense research for several years to see context
information as intellectual property to enforce security

Location
Activity

Behavioural
context

Time
Situation
Surroundings

Device
Capacity

Context

Computing
context

Network
Capacity
Service
Bandwidth
Communication
Cost
Computation
Cost

Physical
context

Temperature
Light
Noise
Sensitivity level

Figure 2: Taxonomy of Context

Moreover, the policy based securities are adopted for
centralized mechanism and rarely on the decentralized
mechanism. The concept of the centralized approach used
sharing of resources by the policy based secure
communication.
Some of the works that are adaptive towards security using
a centralized approach were reviewed and found some of
the interesting things about context based security. The
approach in [27] followed design specification and
modifications without coding into automated agents. The
policies defined could do with persistent and can be
dynamically modified accordingly to change the system
behavior without changing implementation (not new
functionality). The [28] supported applications in a
pervasive computing environment by presenting a software
architecture adaptation for a set of mobile users accessing
shared information through a variety of devices
communicating over a heterogeneous communications

infrastructure. The design uses queuing models and

security analysis on policies with the performance
modeling on mobile users with time-varying resources and
heterogeneous devices. The work neglected to consider
environmental context and trust about the user. Secure and
trusted context information [29] was considered by the
security policy enforcement in the dynamic environment.
The context-aware services raise a risk of security and
privacy, but a straightforward approach keeps the risk
behind. The usage of context [24] provides security as a
primary attribute of the ubiquitous network, where the
services more often are context-aware.
A context sensible policy based solution to secure access to
service through service discovery in small scale and large
scale ubiquitous computing environment will provide best
adaptive security [30]. But, trust related issues [30] like
trust evaluation or investigations about trusted party and
how context is acquitted in the system is absent.

104 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016

Jagadamba G and Sathish Babu B

Context and Trust based adaptive policy for Security: A Survey

Service based trust

Context based trust

Service coupled with

context

Trust requirement for individual

service according to context

Level of security
service requirement

Trust requirement according to level

of service

Physical context

Context based on temperature,

light, noise, sensitivity level

Computing context

Context based device capacity,

network capacity, service,
bandwidth, communication and
computational cost

Behavioural/User
context

Trust based
security

Attributes based trust

Policy based trust

Entity based trust

Context based on location, time,

situation, activity surroundings

Direct/Experience
trust

Direct observation or experience

Recommendation/
Indirect trust

Indirect observation or experience

through recommendation

Reputation trust

Continues positive/negative
feedback

Predefined policy

Timely defined static polices defined

at runtime based on applications/
services

Adaptive Policy

Dynamic polices defined according

to context and scenarios of
applications/services utilized

Role based trust

Hierarchy based role trust and role

played in the computing
environment,

Contest-Role based
trust

Role based polices defined according

to context and scenarios for
applications/services

Figure 3: Taxonomy of Trust

An attempt to combine centralized and decentralized

approach [31] was done using the trust parameter for the ecommerce applications. Where, a policy based trust
mechanisms are utilized for centralized approach and
reputation-based mechanism for the decentralized
approach. The work concentrated more on the verification
of the source of information through authentication. The
utilization of encryption and signature mechanisms delayed
the performance and extravagant to computational
capacity.
In the health care application, an adaptive policy definer
and the manager consider the predefined context (critical,
dangerous, and stable) for access control according to
severity level. As per the required treatment, an
administrator does not have the privilege to change the
access related policy mathematically, but a specialist
recommendation is most solicited in this situation The
proposal in [32] includes a context-driven trust to evaluate
the authenticity of a user through adaptive security through
the evaluation process. The complexity of trust
computation level depends upon the security level. A
consideration of the capacity of users device was
neglected while computing the required level of security.
Another proposal [33] was found to ignore the availability
of computational resources. Here, the levels of trust are
realized according to the user behavior, to access the
application software based on experience, recommendation

and knowledge-based. In [34], higher level trust requires

more computational time and cost resulted in higher
overhead. The proposal [33] also neglects to verify the
capacity of the device while evaluating the authentication
of a user. The policies for access control implemented in
trust negotiation or for defining context priority [35] is
based on available computational capacity. Ontology based
information is used to determine the trust levels of the
clients or for assigning trust rights in the given context. A
testbed for an intelligence security system was created to
test the efficiency of the work. The analysis shows to
concentrate on security for acted actions, instead of
working for each action on a large scale ubiquitous
network communicated through heterogeneous devices and
services. Finally, designing of the trust based security
policies in the operating context was a major thought. To
do so, a high level of flexibility, without a considerable loss
of simplicity, was the central principle. A service-based
application modeled and expressed in the form of selfadaptation policies [36] based on utility functions adopted
context-aware security using the MAUT(i.e., MAPE model
represented as MAUT) and GRBAC (General Role Based
Access Control) in RFID/USN environments. The policies
were defined according to the number of targets,
requirements, applications and services available. In
addition to this, the proposal [36] was adaptive to consider
context integration with the detection and modification
policies. The performance was compared with the Gaia

105 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016

Jagadamba G and Sathish Babu B

Context and Trust based adaptive policy for Security: A Survey

[37] and Aura [38] with the security context. A negligence

of security concern to context-aware service was found
with the inclusion of heterogeneity below the lower level of
an application layer.
The user behavior analysis using context variables of the
environment and trust, to define an adaptive security policy
for the information security management was the thought
[39]. The security aspects of user behavior analysis and
trust in behavior complimented the environmental context
and biometric technologies as a base for defining an
adaptive security policy. The policy set is defined to work
in a flexible way by utilizing the trust and context of the
human. This provided the proper approach to propose a
context and trust based adaptive security policies for
human behaviors. The involvement of self-adaptive nature
will make any application or system more dynamic to
security actions.
Work [40] focused more on need-to-know principle by
using context and events to authorize subjects (users in the
airport) to access data and physical objects (resources) on
the activation of attribute based access control as security
rules. Security rules depend upon the meta-rules defined
while determining activation/deactivation of contexts. The
risk modeling has been mapped to attribute based access
control to identify vulnerabilities in the environment. The
environmental information is found to be unbounded with
the spatial information to make the model adaptive towards
access control. Another user behavior based access control
model using ontology is presented [41]. The access control
is based on security policy formed from the prediction of
future actions of dependent people using historical data,
contextual data and user behavior data. The method used
for user behaviors extraction and contextual data gathering
was found to be absent in the approach.
An entity oriented security model based on trust assessment
for e-Health system is proposed [42]. Here a novel set of
trust assessment metrics was utilized to assess a particular
property of a security system (i.e. partial metrics) or entire
properties (i.e. total metrics) to make the model flexible in
its approach and facilitates an entity trust depending on the
contextual need. The architectural design of the trust
assessment system was well structured with trust
computation. These characteristics are well-guided
approaches to non-generic and non-awareness towards
environmental context.
From the above reviews, it was found that the security
frameworks based on policies are becoming a hot research
topic in the ubiquitous networks. The framework of
security policies involved for evaluation of context and
trust towards performance based on ontology may be a one
of the ideas for adaptive security. Otherwise, the security
policies are designed for proper monitoring and collection
of contextual and trust informations and generation of
security policies according to the required level is an
another criteria that suit well for the ubiquitous
environment. Fig 5 shows the security design lifecycle
based on context and trust to build an adaptive security
policy. The policy generation according to the situation
need makes the security framework adaptive and will be
able to work efficiently regarding energy and time
consumption compared to non-adaptive security
framework.

Trust Evalauation
Classification

Situation Analysis

Change in context

Security policy

New Request

Observe User behaviour

Ubiquitous Computing Environment

Figure 5: Lifecycle of adaptive security using policy

IV.

FUTURE WORK

The existing works never cover the whole process of

providing the adaptive security. While designing adaptive
security, many works in the field of ubiquitous are based
on the trust and contextual information. A framework to
gather operational environmental information, analyzing
and planning the relevant security attributes are necessary
for the heterogeneous world.
In future, the security policies for the today scenarios are to
be adaptive by analyzing the changing situation. A runtime adaptive security policy is required while designing
the framework. If adaptivity is not included, the static
nature can create a route for the malicious activities.
Hence, adaptive security policies are to be defined while
providing the security to the applications in the ubiquitous
network through proper monitoring, classification,
planning and execution based on context and trust
attributes.
Consequently, an additional research work is needed in the
field of risk and threat management.

V.

CONCLUSION

The world of heterogeneous network and devices do not

drive with the regular static security policies. Hence, a
dynamic policy nature is most required in the ubiquitous
network, where the service and resources are shared and
provided according to the user requirements.
This paper proposed a framework to design an adaptive
security scheme that is based on contextual information and
level of the trust the user is possessing in the ubiquitous
environment. The framework also provides the automatic
generation of right policy at the run time.

REFERENCES
[1]

[2]

[3]

Alexis Olivereau, Basil Hess, Emil Slusanschi, Enrico Lehmann,

Specication of adaptive security protocols-secure and trusted
mediation layer for wireless sensor networks, Version 2,
Trustworthy Wireless Industrial Sensor (TWIS) Networks, 2013.
He, Ruan and Lacoste, Marc, Applying component-based design
to self-protection of ubiquitous systems, in: Proceedings of the 3rd
ACM workshop on Software engineering for pervasive services,
ACM, pp. 9-14, 2008.
Pasquale L, Ghezzi C, Menghi C, Tsigkanos C, Nuseibeh B ,
Topology aware adaptive security,. in: Proceedings of the 9th

106 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016

Jagadamba G and Sathish Babu B

[4]

[5]
[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

Context and Trust based adaptive policy for Security: A Survey

International Symposium on Software Engineering for Adaptive

and Self-Managing Systems, ACM, pp. 43-48, 2014.
Patel A, Nordin R, Al-Haiqi A, Beyond ubiquitous computing:
The malaysian honeybee project for innovative digital economy,
Computer Standards & Interfaces, vol. 36(5), pp. 844-854, 2014.
Lee K, Lee D, Hyun SJ, A self-adaptation model for ubiquitous
computing applications, 2010.
Cotroneo D, Graziano A, Russo S. Security requirements in service
oriented architectures for ubiquitous computing. In: Proceedings of
the 2nd workshop on Middleware for pervasive and ad-hoc
computing, ACM, pp. 172-177, 2004.
Da K, Dalmau M, Roose P, A survey of adaptation systems,
Interna tional Journal on Internet and Distributed Computing
Systems, vol. 2(1), pp. 1-18, 2011.
Evesti A, Suomalainen J, Ovaska E, Architecture and knowledgedriven self-adaptive security in smart space, Computers, vol. 2(1),
pp. 34-66, 2013.
Mayrhofer R, Schmidtke HR, Sigg S, Security and trust in contextaware applications. Personal and Ubiquitous Computing, vol. 18(1),
pp. 115-116, 2014.
Li F, Pie nkowski D, Van Moorsel A, Smith C. A holistic
framework for trust in online transactions. International Journal of
Management Reviews, vol. 14(1), pp. 85-103, 2012.
Yan Z, Zhang P, Vasilakos AV. A security and trust framework for
virtualized networks and software-de ned networking. Security and
Communication Networks, 2015.
Wilson C, Hargreaves T, Hauxwell-Baldwin R. Smart homes and
their users: a systematic analysis and key challenges. Personal and
Ubiquitous Computing, vol. 19(2), pp. 463-476, 2015.
Thomas RK, Sandhu R, Models, protocols, and architectures for
secure pervasive computing: Challenges and research directions,
2004.
Alia M, Lacoste M, A QoS and security adaptation model for
autonomic pervasive systems, iIn: 32nd Annual IEEE International
conference on Computer Software and Applications,
COMPSAC'08, IEEE, pp 943-948, 2008.
Kagal L, Finin T, Joshi A, Trust-based security in pervasive
computing environments, Computer, vol. 34(12), pp. 154-157,
2001.
Pathan, Khan AS, Editorial article: On the boundaries of trust and
security in computing and communications systems, International
Journal of Trust Management in Computing and Communications,
vol. 2(1), pp.1-6, 2014.
Thyagaraju G, Kulkarni UP , Design and implementation of user
context aware recommendation engine for mobile using bayesian
network, fuzzy logic and rule base, International Journal of
Pervasive Computing and Communications, vol. 8(2), pp.133-157,
2012.
Brosso I, La Neve A, Information security management based on
adapive security policy using user behavior analysis, Strategic and
Practical Approaches for Information Security Governance:
Technologies and Applied Solutions: Technologies and Applied
Solutions, pp. 326, 2012b.
Basile C, Lioy A, Scozzi S, Vallini M, Ontology-based security
policy translation, Journal of Information Assurance and Security,
vol. 5(1), pp. 437-445, 2010.
Fahrmair, Michael and Sitou, Wassiou and Spanfelner Bernd ,
Security and privacy rights management for mobile and ubiquitous
computing, Workshop on UbiComp Privacy, vol. 40, 2005.
Cappiello, Cinzia and Comuzzi, Marco and Mussi, Enrico and
Pernici, Barbara, Context management for adaptive information
systems, Electronic Notes in Theoretical Computer Science,
vol.146(1), pp.69-84, Elsevier, 2006.
Han, Dae-Man and Lim, Jae-Hyun, Design and implementation of
smart home energy management systems based on zigbee,
Transactions on Consumer Electronics, IEEE, vol.56(3), pp. 14171425, 2010.
Habib, Kashif and Leister, Wolfgang, Context-Aware
Authentication for the Internet of Things, in Eleventh International
Conference on Autonomic and Autonomous Systems, 2015,
Available from: Wolfgang Leister, Retrieved on 10th, July 2015.

[24] A K Dey, Understanding and using context, Personal and

Ubiquitous Computing, vol.5(1), pp. 4-7, 2001.
[25] Brezillon, Patrick and Most{\'e}faoui, Ghita Kouadri , Contextbased security policies: A new modeling approach, in proceedings
of the 2nd IEEE Annual Conference on Pervasive Computing and
Communications Workshops, IEEE, pp. 154-158, 2004.
[26] Kayes A, Han J, Colman A, Ontcaac: an ontology-based approach
to context-aware access control for software services, The
Computer Journal, pp. 0-3, 2015.
[27] Sloman, Morris, Will Pervasive Computing be Manageable?,
Imperial College, Department of Computing, London UK,
Presented in Open Vie Users Conference, 2001.
[28] Cheng, Shang-Wen and Garlan, David and Schmerl, Bradley and
Sousa, Joao Pedro and Spitznagel, Bridget and Steenkiste, Peter and
Hu, Ningning, Software architecture-based adaptation for
pervasive systems, in Trends in Network and Pervasive
ComputingARCS, Springer, pp. 67--82, 2002.
[29] Pasquale L, Ghezzi C, Menghi C, Tsigkanos C, Nuseibeh B,
Topology aware adaptive security, in: Proceedings of the 9th
International Symposium on Software Engineering for Adaptive
and Self-Managing Systems, ACM, pp. 43-48, 2014.
[30] Kang S, Kim D, Lee Y, Hyun SJ, Lee D, Lee B , A semantic
service discovery network for large-scale ubiquitous computing
environments, ETRI journal, vol. 29(5), pp.545-558, 2007.
[31] Siddiqui MY, Gir A, Integration of policy and reputation based
trust mechanisms in e-commerce industry, International Journal of
Computer Applications, vol. 110(8), 2015.
[32] Lenzini G, Bargh MS, Hulsebosch B, Trust-enhanced security in
location-based adaptive authentication, Electronic Notes in
Theoretical Computer Science, vol. 197(2), pp.105-119, 2008.
[33] Brosso I, La Neve A, Bressan G, Ruggiero W V, A continuous
authentication system based on user behavior analysis, in:
International Conference on Availability, Reliability, and Security,
IEEE, pp. 380-385, 2010.
[34] Rajesh A K, Mohan N, Multilevel trust architecture for mobile
adhoc networks based on context-aware, Journal of Theoretical
and Applied Information Technology, vol. 59(2), 2014.
[35] Abi-Char P, Mokhtari M, Mhamed A, El-Hassan B, A dynamic
trustbased context-aware authentication framework with privacy
preserving, in ternational Journal of Computer and Network
Security, vol. 2, pp. 2, 2010.
[36] Lee K, Yang S, Jun S, Chung M, Context-aware security service
in RFID/USN environments using MAUT and extended GRBAC
in: 2nd In ternational Conference on Digital Information
Management, IEEE, vol 1, pp. 303-308, 2007.
[37] Ranganathan A, A task execution framework for autonomic
ubiquitous computing, PhD thesis, University of Illinois at
Urbana-Champaign, 2005.
[38] Sousa JP, Scaling task management in space and time: Reducing
user overhead in ubiquitous-computing environments, Tech. rep.,
DTIC Document, 2005.
[39] Brosso I, La Neve A, Adaptive Security Policy Using User
Behavior Analysis and Human Elements of Information Security,
Fuzzy Logic Emerging Technologies and Applications, INTECH
Open Access Publisher, 2012a.
[40] Fugini M, Hadjichristo G, Teimourikia M,Dynamic security
modeling in risk management using environmental knowledge,
iIn: 23rd International WETICE Conference, IEEE, pp. 429-434,
2014.
[41] Zerkouk, Meriem and Mhamed, Abdallah and Messabih, Belhadri ,
A user profile based access control model and architecture, arXiv
preprint arXiv:1302.1667, 2013.
[42] Bahtiyar S, C aglayan M U, Trust assessment of security for ehealth systems:, Electronic Commerce Research and Applications,
vol. 13(3), pp.164-177, 2014.

107 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016