K-bass: A Knowledge–Based Access Security System For Medical Environments

Enforcing security requires the application of an access control model. The access control models used today have limitations that become evident when applied in collaborative environments, such as medical environments. To overcome these problems, a system has been developed in order to introduce dynamic access security. The system at hand combines effectively (C-TMAC) Team-based access control using contexts model and knowledge base technology. The system’s security scheme fine-grains the users’ access rights by integrating the Role Based Access Controls (RBAC) model and the (C-TMAC) model through knowledge-based systems technology. The originality lies on the fact that the users in the system are authenticated by combining their individual access rights (RBAC), their team’s access rights (C-TMAC) and the context information associated with the team they belong to. Furthermore, knowledge-based technology is used for the representation of knowledge and reasoning. The system initiates with some facts and rules and is able to learn, infer knowledge and produce meta-knowledge. Therefore the system can train itself and respond in non-deterministic way to user requests. Any change in context information fires a new rule in the knowledge base. The proposed system is an automated and self-controlled system called (K-BASS) Knowledge-based Access Security System that may be used in medical environments, to dynamically assign permission rights and to add new medical staff and patients

An IoT-enabled Framework for Context-aware Role-based Access Control

We present a framework for enforcing the application of context-aware Role-based Access Control policies based on an Internet of Things eco-system inspired by the Google\u2019s Physical Web. In this setting we are interested in capturing three contextual dimensions, namely who-where-when, and using these information to restrict access to shared resources. Formally, the framework consists of features types, an automata-based model of time-sensitive roles, context-aware permission rules, and an IoT infrastructure based on Eddystone Beacons for validating a policy against the current state of users

Trusted data path protecting shared data in virtualized distributed systems

When sharing data across multiple sites, service applications should not be trusted automatically. Services that are suspected of faulty, erroneous, or malicious behaviors, or that run on systems that may be compromised, should not be able to gain access to protected data or entrusted with the same data access rights as others. This thesis proposes a context flow model that controls the information flow in a distributed system. Each service application along with its surrounding context in a distributed system is treated as a controllable principal. This thesis defines a trust-based access control model that controls the information exchange between these principals. An online monitoring framework is used to evaluate the trustworthiness of the service applications and the underlining systems. An external communication interception runtime framework enforces trust-based access control transparently for the entire system.Ph.D.Committee Chair: Karsten Schwan; Committee Member: Douglas M. Blough; Committee Member: Greg Eisenhauer; Committee Member: Mustaque Ahamad; Committee Member: Wenke Le

Context-Based Access for Infrequent Requests in Tanzania\u27s Health Care System

Access control is an important aspect of any information system. It is a way of ensuring that users can only access what they are authorised to and no more. This can be achieved by granting users access to resources based on pre-defined organisational and legislative rules. Although access control has been extensively studied, and as a result, a wide range of access control models, mechanisms and systems have been proposed, specific access control requirements for healthcare systems that needs to support the continuity of care in an accountable manner have not been addressed. This results in a gap between what is required by the application domain and what is actually practised, and thus access control solutions implemented for the domain become too restrictive. The continuity of care is defined as the delivery of seamless health care services to patients through integration, coordination and sharing of information between providers. This thesis, therefore, designs a context-based access control model that allows healthcare professionals to bypass access rules in an accountable manner in case of an infrequent access request involving an emergency situation. This research uses the Tanzania\u27s healthcare system as a case study domain

context aware retrieval going social

In this paper we present the Social Context-Aware Browser, a general purpose solution to Web content perusal by means of mobile devices. This is not just a new kind of application, but it is a novel approach for the information access based on the users' context. With the aim of overtaking the limits in current approaches to context-awareness, our solution exploits the collaborative efforts of the whole community of users to control and manage contextual knowledge, related both to situations and resources. This paper presents a general survey of our solution, describing the idea and some scenarios, presenting the model to information access, open problems and future challenges

Context-aware access control in ubiquitous computing (CRAAC)

Ubiquitous computing (UbiComp) envisions a new computing environment, where computing devices and related technology are widespread (i.e. everywhere) and services are provided at anytime. The technology is embedded discreetly in the environment to raise users' awareness. UbiComp environments support the proliferation of heterogeneous devices such as embedded computing devices, personal digital assistants (PDAs), wearable computers, mobile phones, laptops, office desktops (PCs), and hardware sensors. These devices may be interconnected by common networks (e.g. wired, wireless), and may have different levels of capabilities (i.e. computational power, storage, power consumption, etc). They are seamlessly integrated and interoperated to provide smart services (i.e. adaptive services). A UbiComp environment provides smart services to users based on the users' and/or system's current contexts. It provides the services to users unobtrusively and in turn the user's interactions with the environment should be as non-intrusive and as transparent as possible. Access to such smart services and devices must be controlled by an effective access control system that adapts its decisions based on the changes in the surrounding contextual information. This thesis aims at designing an adaptive fine-grained access control solution that seamlessly fits into UbiComp environments. The solution should be flexible in supporting the use of different contextual information and efficient, in terms of access delays, in controlling access to resources with divergent levels of sensitivity. The main contribution of this thesis is the proposal of the Context-Risk-Aware Access Control (CRAAC) model. CRAAC achieves fine-grained access control based upon the risk level in the underlying access environment and/or the sensitivity level of the requested resource object. CRAAC makes new contributions to the access control field, those include 1) introducing the concept of level of assurance based access control, 2) providing a method to convert the contextual attributes values into the corresponding level of assurance, 3) Proposing two methods to aggregate the set of level of assurance into one requester level of assurance, 4) supporting four modes of working each suits a different application context and/or access control requirements, 5) a comprehensive access control architecture that supports the CRAAC four modes of working, and 6) an evaluation of the CRAAC performance at runtime.EThOS - Electronic Theses Online Serviceral Centre and Educational BureauCairo UniversityGBUnited Kingdo

Um sistema de controlo de acessos baseado no modelo cargo-organização

Dissertação de mestrado em Engenharia de InformáticaO paradigma do controlo de acessos, em especial o controlo de acesso à informação, tem vindo a mudar nos últimos anos. Controlo este que inicialmente era efetuado pelas próprias aplicações de forma isolada e autónoma, sem a possibilidade de consultarem ou se integrarem com qualquer sistema centralizado. Todavia, com o crescente uso das tecnologias de informação nas organizações, novas soluções (tais como os serviços de diretoria LDAP) têm vindo a ser adotadas com o intuito de dar resposta à necessidade de uma política de acessos unificada e coesa, transversal aos diversos serviços e aplicações. Estas soluções representam uma mais-valia no desempenho das tarefas organizacionais. Tendo em conta esta necessidade, este trabalho propõe uma nova solução para o controlo de acessos físicos e lógicos através da apresentação e implementação de um novo modelo de controlo de acessos baseado no par Cargo-Organização. É ainda apresentada e implementada neste projeto uma nova abordagem no controlo de acessos lógicos, sendo esta assim capaz de interagir e configurar aplicações que carecem do suporte de protocolos e mecanismos padrão para o controlo de acessos.The access control paradigm has been changing in the past years, specially what regards the access control to information. Information access control was originally achieved independently by each application without querying or interacting with a central system. However, due to the increasing usage of information technologies, new solutions (such as LDAP services) have been put in place in order to obtain a unified access policy across different services and applications. These solutions greatly improve the performance of organizational tasks. This project aims to present a new access control solution for both physical and logical layers. Therefore, a new access control model based on the pair Role/Organization is presented, as well as a concrete implementation of this model. Bearing in mind that not all applications support access control protocols, another approach (which allows the interaction with these applications) is also taken. In this context, after presenting the conceptual organization of the proposed solution, along with some implementation details, some illustrative evaluation tests are also presented and discussed

Context-aware Authorization in Highly Dynamic Environments

Highly dynamic computing environments, like ubiquitous and pervasive computing environments, require frequent adaptation of applications. Context is a key to adapt suiting user needs. On the other hand, standard access control trusts users once they have authenticated, despite the fact that they may reach unauthorized contexts. We analyse how taking into account dynamic information like context in the authorization subsystem can improve security, and how this new access control applies to interaction patterns, like messaging or eventing. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS), in smart home security