The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - May-June (2013 vol.10)
pp: 129-142
Barbara Carminati , University of Insubria, Varese
Elena Ferrari , University of Insubria, Varese
Michele Guglielmi , University of Insubria, Varese
ABSTRACT
During natural disasters or emergency situations, an essential requirement for an effective emergency management is the information sharing. In this paper, we present an access control model to enforce controlled information sharing in emergency situations. An in-depth analysis of the model is discussed throughout the paper, and administration policies are introduced to enhance the model flexibility during emergencies. Moreover, a prototype implementation and experiments results are provided showing the efficiency and scalability of the system.
INDEX TERMS
Access control, Information management, Electromyography, Monitoring, Prototypes, Context, data sharing, Access controls, privacy, security
CITATION
Barbara Carminati, Elena Ferrari, Michele Guglielmi, "A System for Timely and Controlled Information Sharing in Emergency Situations", IEEE Transactions on Dependable and Secure Computing, vol.10, no. 3, pp. 129-142, May-June 2013, doi:10.1109/TDSC.2013.11
REFERENCES
[1] "The 9/11 Commission Report," technical report, Nat'l Commission on Terrorist Attacks upon the United States, July 2004.
[2] J.G. Alfaro, "N.: Management of Exceptions on Access Control Policies," Proc. 22nd IFIP TC-11 Int'l Information Security Conf. (IFIPsec '07), pp. 97-108, 2007.
[3] C. Ardagna, S. De Capitani di Vimercati, S. Foresti, T. Grandison, S. Jajodia, and P. Samarati, "Access Control for Smarter Healthcare Using Policy Spaces," Computers and Security, vol. 29, pp. 848-858, 2010.
[4] M.Y. Becker, "A Formal Security Policy for an NHS Electronic Health Record Service," Technical Report UCAM-CL-TR-628, Computer Laboratory, Univ. of Cambridge, Mar. 2005.
[5] M.Y. Becker and P. Sewell, "Cassandra: Flexible Trust Management, Applied to Electronic Health Records," Proc. IEEE CS 17th Foundations Workshop (CSFW), pp. 139-154, 2004.
[6] H.L. Bill Parducci, "eXtensible Access Control Markup Language (XACML) Specification 3.0," Aug. 2010.
[7] W.N. Blog, "Emergency Responders Take 911 Calls Side by Side," 2012.
[8] A. Brucker and D. Hutter, "Information Flow in Disaster Management Systems," Proc. 10 Int'l Conf. Availability, Reliability, and Security (ARES '10), pp. 156-163, Feb. 2010.
[9] A.D. Brucker and H. Petritsch, "Extending Access Control Models with Break-Glass," Proc. 14th ACM Symp. Access Control Models and Technologies (SACMAT '09), pp. 197-206, 2009.
[10] A.D. Brucker, H. Petritsch, and S.G. Weber, "Attribute-Based Encryption with Break-Glass," Proc. Workshop In Information Security Theory and Practice (WISTP), P. Samarati, M. Tunstall, and J. Posegga, eds., pp. 237-244, 2010.
[11] B. Carminati, E. Ferrari, and M. Guglielmi, "Secure Information Sharing on Support of Emergency Management," Proc. IEEE Third Int'l Conf. Privacy, Security, Risk and Trust (PASSAT), and IEEE Third Int'l Conf. Social Computing (SocialCom), pp. 988-995, Oct. 2011.
[12] J. Crampton and G. Loizou, "Administrative Scope: A Foundation for Role-Based Administrative Models," ACM Trans. Information System Security, vol. 6, pp. 201-231, 2003.
[13] T. F. E. M. A. (FEMA), "Emergency Response Plan Implementation @ONLINE," Sept. 2012.
[14] A. Ferreira, D. Chadwick, P. Farinha, R. Correia, G. Zao, R. Chilro, and L. Antunes, "How to Securely Break into RBAC: The BTG-RBAC Model," Proc. Ann. Computer Security Applications Conf. (ACSAC '09), pp. 23-31, 2009.
[15] A. Ferreira, R. Cruz-Correia, L. Antunes, P. Farinha, E. Oliveira-Palhares, D.W. Chadwick, and A. Costa-Pereira, "How to Break Access Control in a Controlled Manner," Proc. IEEE 19th Symp. Computer-Based Medical Systems, pp. 847-854, 2006.
[16] E. Freudenthal, T. Pesin, L. Port, E. Keenan, and V. Karamcheti, "dRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments," Proc. 22nd Int'l Conf. Distributed Computing Systems (ICDCS '02), pp. 411-420, 2002.
[17] C.K. Georgiadis, I. Mavridis, G. Pangalos, and R.K. Thomas, "Flexible Team-Based Access Control Using Contexts," Proc. Sixth ACM Symp. Access Control Models and Technologies (SACMAT '01), pp. 21-27, 2001.
[18] D.R. Kuhn, E.J. Coyne, and T.R. Weil, "Adding Attributes to Role-Based Access Control," Computer, vol. 43, no. 6, pp. 79-81, June 2010.
[19] H.K. Lee and H. Luedemann, "Lightweight Decentralized Authorization Model for Inter-Domain Collaborations," Proc. ACM Workshop Secure Web Services (SWS '07), pp. 83-89, 2007.
[20] N. Li and Z. Mao, "Administration in Role-Based Access Control," Proc. Second ACM Symp. Information, Computer and Comm. Security (ASIACCS '07), pp. 127-138, 2007.
[21] A. Margara and G. Cugola, "Processing Flows of Information: From Data Stream to Complex Event Processing," Proc. Fifth ACM Int'l Conf. Distributed Event-Based System (DEBS '11), pp. 359-360, 2011.
[22] European Network and Information Security Agency, "Inventory of Risk Management/Risk Assessment Methods," Sept. 2012.
[23] OASIS, "XACML v3.0 Administration and Delegation Profile Version 1.0," 2009.
[24] C.E. PhillipsJr., T. Ting, and S.A. Demurjian, "Information Sharing and Security in Dynamic Coalitions," Proc. Seventh ACM Symp. Access Control Models and Technologies (SACMAT '02), pp. 87-96, 2002.
[25] R. Sandhu, V. Bhamidipati, and Q. Munawer, "The ARBAC97 Model for Role-Based Administration of Roles," ACM Trans. Information Systems Security, vol. 2, pp. 105-135, 1999.
[26] Security and P. C. (SPC), "Break-Glass: An Approach to Granting Emergency Access to Healthcare Systems," White Paper, Joint NEMA/COCIR/JIRA, 2004.
[27] N. Shang, F. Paci, and E. Bertino, "Efficient and Privacy-Preserving Enforcement of Attribute-Based Access Control," Proc. ACM Ninth Symp. Identity and Trust on the Internet (IDTRUST '10), pp. 63-68, 2010.
[28] StreamBase, http:/www.streambase.com/, Sept. 2012.
[29] L. Wang, D. Wijesekera, and S. Jajodia, "A Logic-Based Framework for Attribute Based Access Control," Proc. ACM Workshop Formal Methods in Security Eng. (FMSE '04), pp. 45-55, 2004.
[30] M. Xu and D. Wijesekera, "A Role-Based XACML Administration and Delegation Profile and Its Enforcement Architecture," Proc. ACM Workshop Secure Web Services (SWS '09), pp. 53-60, 2009.
[31] M. Xu, D. Wijesekera, X. Zhang, and D. Cooray, "Towards Session-Aware RBAC Administration and Enforcement with XACML," Proc. IEEE Int'l Symp. Policies for Distributed Systems and Networks (POLICY '09), pp. 9-16, July 2009.
16 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool