Redirection policies for mission-based information sharing

Keppler, David; Swarup, Vipin; Jajodia, Sushil

doi:10.1145/1133058.1133088

Cited by 3 publications

(6 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also our solution never changes users classifications or privileges for managing emergencies or critical events, but it defines policies to be considered in requests that do not satisfy traditional access control policies. Keppler et al [17] discuss the problem of managing requests that are denied, by providing a range of other possible actions to use in emergencies situations. The framework extends the Flexible Authorization Framework (FAF) [16] with a sharing policy language for request and data redirection.…”

Section: Related Workmentioning

confidence: 99%

“…Policies in E U should be simple and must always grant access according to the break the glass principle since the promptness in reacting against exceptions is fundamental for preserving patients health. As a consequence, we adopt a solution different from the work in [17] where the concept of access request redirection is introduced to allow denied accesses in case of emergencies. In particular, space E U regulates access by providing post-incident capabilities (i.e., auditing) to be used subsequently to better redistribute policies and requests among the spaces.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Regulating Exceptions in Healthcare Using Policy Spaces

Ardagna

Vimercati

Grandison

et al. 2008

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. One truth holds for the healthcare industry -nothing should interfere with the delivery of care. Given this fact, the access control mechanisms used in healthcare to regulate and restrict the disclosure of data are often bypassed. This "break the glass" phenomenon is an established pattern in healthcare organizations and, though quite useful and mandatory in emergency situations, it represents a serious system weakness.In this paper, we propose an access control solution aimed at a better management of exceptions that occur in healthcare. Our solution is based on the definition of different policy spaces regulating access to patient data and used to balance the rigorous nature of traditional access control systems with the prioritization of care delivery.

show abstract

Section: Related Workmentioning

confidence: 99%

mentioning

confidence: 99%

Regulating Exceptions in Healthcare Using Policy Spaces

Ardagna

Vimercati

Grandison

et al. 2008

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Much of the existing research on information sharing during crises has extensively addressed the need for secure access, focusing on comprehensive policy designs and analysis and efficient management of users' privileges and privacy. Recent studies found that in mission-critical systems, e.g., military, firefighting or supervisory control and data acquisition (i.e., computerized monitoring and controlling system), conventional access control mechanisms may be too rigid for urgent information-sharing scenarios and often fail to provide adequate support for access in non-routine, critical situations (Cheng, Rohatgi, Keser, Karger, Wagner, & Reninger, 2007;MITRE Corp., 2004;Swarup, Seligman, and Rosenthal, 2006;Keppler, Swarup, and Jajodia, 2006;Singh, Sanders, Nicol, and Seri, 2006). In critical infrastructures such as utility networks, oil and gas pipelines, and disaster and anti-terrorist communications, there is an increasing need to secure the information collected from and about the infrastructure, and yet to be able to allow flexible data sharing to facilitate problem-solving.…”

Section: Introductionmentioning

confidence: 99%

“…These problems are unique and challenging in emergency and crisis situations because of the dynamic nature of shared data and users. Several notable papers have proposed interesting solutions to the problem of flexible and controlled information sharing (Cheng et al 2007;MITRE Corp., 2004;Swarup et al, 2006;Keppler et al, 2006;Tamassia, Yao, and Winsborough, 2004;Yao, Frikken, Atallah, and Tamassia, 2006;Yao, Tamassia, and Proctor, 2005). The MITRE Corp. (2004) report presented a tokenized access framework and an economic model for regulating the tokens.…”

Section: Introductionmentioning

confidence: 99%

“…Despite the name, the work is not based on fuzzy logic, but rather on a new probabilistic formulation of MLS model that supports quantified access decisions. Keppler et al (2006) developed a Flexible Authorization Framework that redirects mission-related denied requests to corresponding entities who may serve as an override authority, enabling dynamic information sharing.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Using a Trust Inference Model for Flexible and Controlled Information Sharing During Crises

Yang¹,

Yao²,

Garnett³

et al. 2010

Contingencies & Crisis Mgmt

View full text Add to dashboard Cite

The fluid, urgent nature of crises requires flexible, responsive information sharing. Recent studies show, however, that in business catastrophes and other kinds of crises conventional access control mechanisms favor security over flexibility. Our work addresses these seemingly contradictory needs for security and flexibility and designs a trust inference model based on fuzzy logic, a model that can be used with pervasive computing technologies using sensors and mobile devices. Drawing upon research on trust, we design a trust inference model using attributes of affiliation, task performance, and urgency; apply the model to a known crisis; discuss implementation issues; and explore issues for further research.This article is dedicated to Alan Jarman, a founding influence in the Journal of Contingencies and Crisis Management who died in Canberra 15 July 2010. Alan's quantitative, engineering background and his long standing commitment to improving crisis decision making prompted him to encourage our applying fuzzy logic to crisis information sharing. We are grateful for Alan's encouragement and advice.

show abstract

Access control for smarter healthcare using policy spaces

Ardagna

Vimercati

Foresti

et al. 2010

Computers & Security

Self Cite

View full text Add to dashboard Cite

A fundamental requirement for the healthcare industry is that the delivery of care comes first and nothing should interfere with it. As a consequence, the access control mechanisms used in healthcare to regulate and restrict the disclosure of data are often bypassed in case of emergencies. This phenomenon, called "break the glass", is a common pattern in healthcare organizations and, though quite useful and mandatory in emergency situations, from a security perspective, it represents a serious system weakness. Malicious users, in fact, can abuse the system by exploiting the break the glass principle to gain unauthorized privileges and accesses. In this paper, we propose an access control solution aimed at better regulating break the glass exceptions that occur in healthcare systems. Our solution is based on the definition of different policy spaces, a language, and a composition algebra to regulate access to patient data and to balance the rigorous nature of traditional access control systems with the "delivery of care comes first" principle.

show abstract

Redirection policies for mission-based information sharing

Cited by 3 publications

References 17 publications

Regulating Exceptions in Healthcare Using Policy Spaces

Regulating Exceptions in Healthcare Using Policy Spaces

Using a Trust Inference Model for Flexible and Controlled Information Sharing During Crises

Access control for smarter healthcare using policy spaces

Contact Info

Product

Resources

About