Policy-Controlled Authenticated Access to LLN-Connected Healthcare Resources

Computing devices already permeate working and living environments; a trend which affects all aspects of modern everyday lives, and one which is expected to intensify in the coming years. In the residential setting, the enhanced features and services provided by said computing devices constitute what is typically referred to as a "smart home". However, the long-promised improvement in the quality of residential life cannot be realized without overcoming some significant obstacles introduced by these technological advancements. The direct interaction smart devices often have with the physical world, along with the processing, storage and communication of data pertaining to users' lives, i.e. private sensitive in nature, bring security concerns into the limelight. The resource-constraints of the platforms being integrated into a smart home environment, and their heterogeneity in hardware, network and overlaying technologies, only exacerbate the above issues. This paper presents Cross-domain Service Access Control for devices (XSACd), a framework that combines the well-studied fine-grained access control provided by the eXtensible Access Control Markup Language (XACML) with the benefits of Service Oriented Architectures through the use of the Devices Profile for Web Services (DPWS). Based on standardized technologies, it enables seamless interaction and fine-grained policy-based management of the heterogeneous embedded devices that may be found in a smart residential setting, including support for interactions between users and devices residing on different locations and networks. The proposed framework is implemented in full and its performance is evaluated on a test bed featuring relatively resource-constrained smart platforms and embedded devices.

show abstract

“…To this end, the integration of XSACd with the work we presented in [32], will be investigated in the future.…”

Section: Discussionmentioning

confidence: 99%

XSACd—Cross-domain resource sharing & access control for smart environments

Fysarakis

Soultatos

Manifavas

et al. 2018

Future Generation Computer Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…The policies are securely maintained at the framework's back-end framework, which is installed on a laptop. Furthermore, we use the lightweight cryptographic library (ULCL) [71] to develop a service for secure storage. This service encrypts information at the device-end to safeguard data from disclosure in case where the equipment gets compromised.…”

Section: Motivating Examplementioning

confidence: 99%

Artificial Intelligence-Driven Composition and Security Validation of an Internet of Things Ecosystem

et al. 2020

View full text Add to dashboard Cite

Key challenges in Internet-of-Things (IoT) system design and management include the secure system composition and the calculation of the security and dependability level of the final system. This paper presents an event-based model-checking framework for IoT systems’ design and management, called CompoSecReasoner. It invokes two main functionalities: (i) system composition verification, and (ii) derivation and validation of security, privacy, and dependability (SPD) metrics. To measure the SPD values of a system, we disassemble two well-known types of security metrics—the attack surface methodologies and the medieval castle approach. The first method determines the attackable points of the system, while the second one defines the protection level that is provided by the currently composed system-of-systems. We extend these techniques and apply the Event Calculus method for modelling the dynamic behavior of a system with progress in time. At first, the protection level of the currently composed system is calculated. When composition events occur, the current system status is derived. Thereafter, we can deploy reactive strategies and administrate the system automatically at runtime, implementing a novel setting for Moving Target Defenses. We demonstrate the overall solution on a real ambient intelligence application for managing the embedded devices of two emulated smart buildings.

show abstract

“…The RBAC model lacks support for time and location constraints. Towards this end, researchers have developed new models to accommodate spatio-temporal requirements [3,5,7,9]. The Generalized Spatio-Temporal Role-Based Access Control model (GSTRBAC) is an extension of RBAC [1] that integrates time and location into authorization decisions.…”

Section: Introductionmentioning

confidence: 99%

Poster: Towards Cloud-Based Software for Incorporating Time and Location into Access Control Decisions

Lail

2021

Proceedings of the 26th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

The increasing dependency on cloud computing has drawn attention to the security weaknesses of cloud providers. Not only how information is accessed, but also where and when have become important considerations in cloud security. Certain situations exist where it is necessary to restrict access to cloud resources based on time and location. An example is a policy for a medical institution where doctors can only access patient records at hospitals during their shifts. The Generalized Spatio-Temporal Role-Based Access Control model (GSTRBAC) determines users' access to resources based on such information. This poster proposes a cloud-based software architecture and outlines it possible implementation of the GSTRBAC model. CCS CONCEPTS• Software and application security → Software and application security; • Security and privacy → Systems security.

show abstract

Policy-Controlled Authenticated Access to LLN-Connected Healthcare Resources

Cited by 11 publications

References 36 publications

XSACd—Cross-domain resource sharing & access control for smart environments

XSACd—Cross-domain resource sharing & access control for smart environments

Artificial Intelligence-Driven Composition and Security Validation of an Internet of Things Ecosystem

Poster: Towards Cloud-Based Software for Incorporating Time and Location into Access Control Decisions

Contact Info

Product

Resources

About