Access control for smarter healthcare using policy spaces

Ardagna, Claudio Agostino; Vimercati, Sabrina De Capitani di; Foresti, Sara; Grandison, Tyrone; Jajodia, Sushil; Samarati, Pierangela

doi:10.1016/j.cose.2010.07.001

Cited by 57 publications

(28 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…These functions are implemented using the Clark-Wilson model (see [10]). A similar approach is presented by Ardagna et al [2]. They introduce a break-glass approach where an action can be performed by finding a corresponding emergency policy.…”

Section: Comparison Of Break-glass Approachesmentioning

confidence: 99%

A Review of Delegation and Break-Glass Models for Flexible Access Control Management

Schefer-Wenzl

Bukvova²,

Strembeck³

2014

Business Information Systems Workshops

View full text Add to dashboard Cite

Abstract. Access control models provide an important means for the systematic specification and management of the permissions in a business information system. While a number of well-known access control models exists (such as the role-based access control model, for example), standard access control models are often not suited for handling exceptional situations. In this context, the demand to increase the flexibility of access management has especially been approached via the development of delegation models and break-glass models. This paper presents the results of a literature review for 329 delegation and break-glass approaches. We give an overview on the existing body of scientific literature in these two areas and compare 35 selected approaches in detail. In our literature review, we revealed different ways of providing delegation and break-glass concepts in general as well as in the context of business process management. Moreover, we identified different sub-topics that have not yet been addressed in detail and thus provide opportunities for future research.

show abstract

Section: Comparison Of Break-glass Approachesmentioning

confidence: 99%

A Review of Delegation and Break-Glass Models for Flexible Access Control Management

Schefer-Wenzl

Bukvova²,

Strembeck³

2014

Business Information Systems Workshops

View full text Add to dashboard Cite

show abstract

“…In [14], any access is legitimate and is thus granted. A similar approach is presented by Ardagna et al [2]. They introduce a break-glass approach where an action can be performed either by finding a corresponding emergency policy or by granting a break-glass override.…”

Section: Related Workmentioning

confidence: 99%

Generic support for RBAC break-glass policies in process-aware information systems

Schefer-Wenzl¹,

Strembeck²

2013

Proceedings of the 28th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

We present a break-glass extension for process-related rolebased access control (RBAC) models. Our extension ensures the static (design-time) and dynamic (runtime) consistency of corresponding break-glass models. The extension is generic in the sense that it can, in principle, be used to extend arbitrary process-aware information systems or process modeling languages with support for process-related RBAC and corresponding break-glass policies. We implemented a library and runtime engine that provides full platform support for all properties of our approach.

show abstract

“…For instance, [6], [7], [8], [9], [10], [11], [12] use the concept of Break-the-Glass (BtG) policies to enforce a more flexible access control. According to this paradigm, when a subject requests an access, the system checks regular access control policies.…”

Section: Introductionmentioning

confidence: 99%

SHARE: Secure information sharing framework for emergency management

Carminati

Ferrari

Guglielmi

2013

2013 IEEE 29th International Conference on Data Engineering (ICDE)

View full text Add to dashboard Cite

9/11, Katrina, Fukushima and other recent emergencies demonstrate the need for effective information sharing across government agencies as well as non-governmental and private organizations to assess emergency situations, and generate proper response plans. In this demo, we present a system to enforce timely and controlled information sharing in emergency situations. The framework is able to detect emergencies, enforce temporary access control policies and obligations to be activated during emergencies, simulate emergency situations for demonstrational purposes and show statistical results related to emergency activation/deactivation and consequent access control policies triggering.

show abstract

Access control for smarter healthcare using policy spaces

Cited by 57 publications

References 24 publications

A Review of Delegation and Break-Glass Models for Flexible Access Control Management

A Review of Delegation and Break-Glass Models for Flexible Access Control Management

Generic support for RBAC break-glass policies in process-aware information systems

SHARE: Secure information sharing framework for emergency management

Contact Info

Product

Resources

About