J.Y. Zhang et al. (Eds.): MobiCASE 2011, LNICST 95, pp. 361–367, 2012. © Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2012 An User-Centric Attribute Based Access Control Model for Ubuquitous Environments Fei Li 1 , Dasun Weerasinghe 1 , Dhiren Patel 2 , and Muttukrishnan Rajarajan 1 1 Centre for Cyber & Security Sciences, School of Engineering and Mathematical Sciences, City University London, Northampton Square, London, EC1V 0HB {Fei.Li,R.Muttukrishnan}@city.ac.uk 2 Computer Engineering, NIT Surat, India, 395007 dhiren29p@gmail.com Abstract. The recent developments in mobile platforms are significant, both on the hardware and software fronts. With the huge success of the iPhone and Android phones, more and more companies are entering the mobile application market. However, there are increasing security threats for mobile phone users due to the new generation of attacks targeted purely on mobile environments. Several solutions have been proposed to date, which can generally handle consent in a fixed and coarse-grained way. However, with the increasing usage of mobile devices for high value transactions, the future access control from mobile devices should be based on ‘user-centric’ challenge response techniques based on the freatures of mobile platforms.The authors present the MLive© framework, a novel approach to establish mutual authentication between the users and the service providers using unique mobile based attirbutes to solve the threats in the mobile environments. Keywords: Attributes based access control, XACML, privacy, security, mobilepolicy. 1 Introduction The number of mobile applications based on Android and iOS platforms has an increasing presence in the mobile application stores over the last five years. Online social networks (OSNs) like Facebook, YouTube, and MySpace are encouraging the users of the latest smartphones to download applications onto their handsets to add extra functionalities. These OSNs make the user to be the content producer and are encouraging new users to join the OSNs. Currently there are more than 250 million active users accessing Facebook through their mobile devices [1]. People that use Facebook on their mobile devices are twice as active on Facebook than non-mobile users [1]. Today mobile clients are becoming dominant platform for web browsing and accessing OSNs. The OSN providers collect a large number of users’ data. Users usually share their location (including home address, work place etc.) with their friends. These sensitive data should not be collected by the OSN providers. Users