2018 IEEE 19th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM) (2018)
June 12, 2018 to June 15, 2018
Shantanu Pal , Macquarie University, Department of Computing, Sydney, NSW, 2109, Australia
Michael Hitchens , Macquarie University, Department of Computing, Sydney, NSW, 2109, Australia
Vijay Varadharajan , University of Newcastle, Advanced Cyber Security Engineering Research Centre, NSW, 2308, Australia
Tahiry Rabehaja , Macquarie University, Department of Computing, Sydney, NSW, 2109, Australia
In this paper, we propose an access control architecture for constrained healthcare resources in the IoT. Our policy-based approach provides fine-grained access for authorised users to services while protecting valuable resources from unauthorised access. We use a hybrid approach by employing attributes, roles and capabilities for our authorisation design. We apply attributes for role membership assignment and in permission evaluation. Membership of roles grants capabilities. The capabilities which are issued may be parameterised based on further attributes of the user and are then used to access specific services provided by IoT devices. This significantly reduces the number of policies required for specifying access control settings. The proposed scheme is XACML driven. Our approach requires very little additional overhead when compared to other proposals employing capabilities for access control in the IoT. We have implemented a proof of concept prototype and provide a performance evaluation of the implementation.
Cryptography, Medical services, Databases, Authorization, Engines, Protocols
S. Pal, M. Hitchens, V. Varadharajan and T. Rabehaja, "Policy-Based Access Control for Constrained Healthcare Resources," 2018 IEEE 19th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM)(WOWMOM), Chania, Greece, 2018, pp. 588-599.