Context-Aware Policy Enforcement for PaaS-Enabled Access Control

Verginadis, Yiannis; Patiniotakis, Ioannis; Gouvas, Panagiotis; Mantzouratos, Spyros; Veloudis, Simeon; Schork, Sebastian Thomas; Seitz, Lüdwig; Paraskakis, Iraklis; Mentzas, Gregoris

doi:10.1109/tcc.2019.2927341

Cited by 13 publications

(7 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We first introduced the need for context handlers capable of processing raw contextual data and inferring knowledge which is useful for access control as part of our previous work [9] in the cloud platform-as-a-service security domain. Specifically, we have developed con-text handlers that are able: i) to provide real-time measurements with respect to certain contextual attributes and ii) to uplift the registered attribute value(s) to a semantic level that is appropriate for the application domain and the access control policy at hand.…”

Section: Attribute-based Access Controlmentioning

confidence: 99%

Accessing electronic health records in critical incidents using context-aware attribute-based access control

Psarra

Verginadis

Patiniotakis

et al. 2022

IDT

Self Cite

View full text Add to dashboard Cite

In emergency situations, different actors involved in first aid services should be authorized to retrieve information from the patient’s Electronic Health Records (EHRs). The research objectives of this work involve the development and implementation of methods to characterise emergency situations requiring extraordinary access to healthcare data. The aim is to implement such methods based on contextual information pertaining to specific patients and emergency situations and also leveraging personalisation aspects which enable the efficient access control on sensitive data during emergencies. The Attribute Based Access Control paradigm is used in order to grant access to EHRs based on contextual information. We introduce an ABAC approach using personalized context handlers, in which raw contextual information can be uplifted in order to recognize critical situations and grant access to healthcare data. Results indicate that context-aware ABAC is a very effective method for detecting critical situations that require emergency access to personal health records. In comparison to RBAC implementations of emergency access control to EHRs, the proposed ABAC implementation leverages contextual information pertaining to the specific patient and emergency situations. Contextual information increases the capability of ABAC to recognize critical situations and grant access to healthcare data.

show abstract

Section: Attribute-based Access Controlmentioning

confidence: 99%

Accessing electronic health records in critical incidents using context-aware attribute-based access control

Psarra

Verginadis

Patiniotakis

et al. 2022

IDT

Self Cite

View full text Add to dashboard Cite

show abstract

“…Pham and Yeo et al in [19] designed a context-aware trust management scheme and proposed a secure and flexible framework to manage trust and privacy; however, the protocol was complex and the practicability was low. Verginadis and Patiniotakis et al [20] proposed a new overall access control framework, supported the combination of effective context-aware access control strategies; however; the evaluation of access control rules was complex. In [21], the learning algorithm can converge to equilibrium, each user can achieve a balance between accuracy and privacy, but the game equilibrium research lacked the incentive mechanism.…”

Section: B Privacy and Multiple Factorsmentioning

confidence: 99%

“…The i s is greater, the risk is greater. According to formulas (19) and (20), risk and service have an inverse proportional relationship [6]. and "maximum dispersion degree"…”

Section: ) Trust Riskmentioning

confidence: 99%

“…In this experiment (Fig.6), the application server deals with the business logic, the database is responsible for queries by the application server. In the paper, we propose to refine the access control models of trust level and role into 'SimpleAC' [1,6,20], which use " access_level represents the privacy settings for address information, as shown in Table 3. For example, three access_level values (0,1,2) are used to represent three privacy settings based on relationship type: "friend visible", "classmate visible" and "relative visible", or three privacy settings based on relationship distance and proximity (0, 1,2) are used to represent person visible, friend visible and only self visible.…”

Section: A System Implementmentioning

confidence: 99%

See 1 more Smart Citation

Research on Adaptive Relationship Between Trust and Privacy in Cloud Service

Han

2021

IEEE Access

View full text Add to dashboard Cite

To prevent privacy leakage, cloud services need to take corresponding methods, so participants often face the dilemma of service utility and privacy protection. In this paper, we propose a dynamic adaptive access control model based on trust permission and privacy protection to solve the problem of privacy disclosure and utility in the cloud service. Firstly, we add the concept of obligation and purpose into access control and establish the privacy information tree and privacy policy tree. Secondly, we establish a new trust evaluation and give the corresponding weight algorithm. Thirdly, we quantify the privacy information with the normal space and correlation coefficient method. Further, we propose a tradeoff relationship model between trust permission and privacy protection, each participant can select the corresponding parameters according to the actual requirement and personal preference. Experimental analysis and comparison results verify the feasibility, effectiveness, and superiority of our method. Finally, we summarize the work of this paper and point out the future development direction.

show abstract

“…In many cases, parts of the data remain unreachable, even in emergencies, because they are located in information systems outside the treating organisation's boundaries. This limitation could be addressed by using shared medical record systems that exploit cloud solutions [5]- [7] or distributed database systems, such as the InterPlanetary File System (IPFS) [8]. These shared systems promise to provide the required data consistency and availability for healthcare purposes.…”

Section: Introductionmentioning

confidence: 99%

SmartAccess: Attribute-Based Access Control System for Medical Records Based on Smart Contracts

et al. 2022

Self Cite

View full text Add to dashboard Cite

Cross-organisation data sharing is challenging because all the involved organisations must agree on 'how' and 'why' the data is processed. Due to a lack of transparency, the organisations need to trust that others comply with the agreements and regulations. We propose to exploit blockchain and smart contracts technologies to define an Attribute-Based Access Control System for cross-organisation medical records sharing, coined SmartAccess. SmartAccess offers joint agreement over access policies and dynamic access control besides blockchain transparency and auditability. We leverage the Attribute-Based Access Control model to implement smart contracts. We deploy and test them on a private and permissioned blockchain, transforming the access control process into a distributed smart contract execution. This paper proposes the SmartAccess system and its application in two healthcare use cases. We introduce the threat model and perform a security analysis of the system. To demonstrate the feasibility of our proposal, we implement a proof-of-concept of the smart contracts, written in Solidity language, with a size-efficient policy representation, and analyse the complexity and scalability of the contracts' functions. Furthermore, we present performance results, measuring the latency and throughput of the transactions to execute the access control functions with different blockchain network consensus setups. We also compare the performance of the SmartAccess system against two open-source Solidity implementations of smart contract-based access control, Role-based Access Control and Access Control List. Finally, we discuss the strengths and drawbacks of our proposal. SmartAccess requires the overhead of a decentralised system, but the trade-off is transparency, regulation compliance and auditability for complex cross-organisation data sharing.

show abstract

Context-Aware Policy Enforcement for PaaS-Enabled Access Control

Cited by 13 publications

References 36 publications

Accessing electronic health records in critical incidents using context-aware attribute-based access control

Accessing electronic health records in critical incidents using context-aware attribute-based access control

Research on Adaptive Relationship Between Trust and Privacy in Cloud Service

SmartAccess: Attribute-Based Access Control System for Medical Records Based on Smart Contracts

Contact Info

Product

Resources

About