Comparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for Healthcare

Ferreira, Ana; Lenzini, Gabriele

doi:10.5220/0005683600630073

Cited by 2 publications

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

SoTRAACE for active security in Ambient Assisted Living

Ferreira¹,

Teles²,

Vieira‐Marques³

2018

Preprint

Self Cite

View full text Add to dashboard Cite

Background: Ambient Assisted Living (AAL) solutions have been conquering an important place among strategies to promote ageing in place and address the societal challenges of population ageing. AAL is deeply rooted on the computing paradigm of Ambient Intelligence which strongly impacts the technological phenomenon of Internet of Things (IoT), currently covering a plethora of ageing related application areas. The pervasiveness of IoT raise, however, security challenges and require more flexible and better adapted availability and privacy measures. Still, IoT devices and services are frequently described in the literature without any reference to privacy and security issues they may integrate and the few works in the Ambient Assisted Living (AAL) field focus mostly on authentication or physical access control. Objective: This paper describes the SoTRAACE -Socio-Technical Risk-Adaptable Access Control -model, designed to better adapt users' access control needs to each AAL security context. The model is applied to use cases based on AAL for mental health personas and scenarios. Methods: SoTRAACE architecture takes into account contextual, technological and user's interaction profiling functionalities to act in each AAL situation/request and perform a quantitative and qualitative risk assessment analysis. The risk analysis supports decision-making on the most secure, private and usable way to access and display information. Results: SoTRAACE unique advantages for improved availability and privacy are discussed in contrast with existing access control models. The model is showcased and discussed within two AAL for mental health use case scenarios. SoTRAACE new and reused components are varied and versatile enough to adapt to different situations and user's goals, whether these are patient or caregiver oriented. Conclusions: SoTRAACE is an innovative and complete proposal for secure and adaptable access control in AAL or similar environments.

show abstract