47 research outputs found

    Steps towards adaptive situation and context-aware access: a contribution to the extension of access control mechanisms within pervasive information systems

    Get PDF
    L'Ă©volution des systĂšmes pervasives a ouvert de nouveaux horizons aux systĂšmes d'information classiques qui ont intĂ©grĂ© des nouvelles technologies et des services qui assurent la transparence d'accĂšs aux resources d'information Ă  n'importe quand, n'importe oĂč et n'importe comment. En mĂȘme temps, cette Ă©volution a relevĂ© des nouveaux dĂ©fis Ă  la sĂ©curitĂ© de donnĂ©es et Ă  la modĂ©lisation du contrĂŽle d'accĂšs. Afin de confronter ces challenges, differents travaux de recherche se sont dirigĂ©s vers l'extension des modĂšles de contrĂŽles d'accĂšs (en particulier le modĂšle RBAC) afin de prendre en compte la sensibilitĂ© au contexte dans le processus de prise de dĂ©cision. Mais la liaison d'une dĂ©cision d'accĂšs aux contraintes contextuelles dynamiques d'un utilisateur mobile va non seulement ajouter plus de complexitĂ© au processus de prise de dĂ©cision mais pourra aussi augmenter les possibilitĂ©s de refus d'accĂšs. Sachant que l'accessibilitĂ© est un Ă©lĂ©ment clĂ© dans les systĂšmes pervasifs et prenant en compte l'importance d'assurer l'accĂ©ssibilitĂ© en situations du temps rĂ©el, nombreux travaux de recherche ont proposĂ© d'appliquer des mĂ©canismes flexibles de contrĂŽle d'accĂšs avec des solutions parfois extrĂȘmes qui depassent les frontiĂšres de sĂ©curitĂ© telle que l'option de "Bris-de-Glace". Dans cette thĂšse, nous introduisons une solution modĂ©rĂ©e qui se positionne entre la rigiditĂ© des modĂšles de contrĂŽle d'accĂšs et la flexibilitĂ© qui expose des risques appliquĂ©es pendant des situations du temps rĂ©el. Notre contribution comprend deux volets : au niveau de conception, nous proposons PS-RBAC - un modĂšle RBAC sensible au contexte et Ă  la situation. Le modĂšle rĂ©alise des attributions des permissions adaptatives et de solution de rechange Ă  base de prise de dĂ©cision basĂ©e sur la similaritĂ© face Ă  une situation importanteÀ la phase d'exĂ©cution, nous introduisons PSQRS - un systĂšme de rĂ©Ă©criture des requĂȘtes sensible au contexte et Ă  la situation et qui confronte les refus d'accĂšs en reformulant la requĂȘte XACML de l'utilisateur et en lui proposant une liste des resources alternatives similaires qu'il peut accĂ©der. L'objectif est de fournir un niveau de sĂ©curitĂ© adaptative qui rĂ©pond aux besoins de l'utilisateur tout en prenant en compte son rĂŽle, ses contraintes contextuelles (localisation, rĂ©seau, dispositif, etc.) et sa situation. Notre proposition a Ă©tĂ© validĂ© dans trois domaines d'application qui sont riches des contextes pervasifs et des scĂ©narii du temps rĂ©el: (i) les Équipes Mobiles GĂ©riatriques, (ii) les systĂšmes avioniques et (iii) les systĂšmes de vidĂ©o surveillance.The evolution of pervasive computing has opened new horizons to classical information systems by integrating new technologies and services that enable seamless access to information sources at anytime, anyhow and anywhere. Meanwhile this evolution has opened new threats to information security and new challenges to access control modeling. In order to meet these challenges, many research works went towards extending traditional access control models (especially the RBAC model) in order to add context awareness within the decision-making process. Meanwhile, tying access decisions to the dynamic contextual constraints of mobile users would not only add more complexity to decision-making but could also increase the possibilities of access denial. Knowing that accessibility is a key feature for pervasive systems and taking into account the importance of providing access within real-time situations, many research works have proposed applying flexible access control mechanisms with sometimes extreme solutions that depass security boundaries such as the Break-Glass option. In this thesis, we introduce a moderate solution that stands between the rigidity of access control models and the riskful flexibility applied during real-time situations. Our contribution is twofold: on the design phase, we propose PS-RBAC - a Pervasive Situation-aware RBAC model that realizes adaptive permission assignments and alternative-based decision-making based on similarity when facing an important situation. On the implementation phase, we introduce PSQRS - a Pervasive Situation-aware Query Rewriting System architecture that confronts access denials by reformulating the user's XACML access request and proposing to him a list of alternative similar solutions that he can access. The objective is to provide a level of adaptive security that would meet the user needs while taking into consideration his role, contextual constraints (location, network, device, etc.) and his situation. Our proposal has been validated in three application domains that are rich in pervasive contexts and real-time scenarios: (i) Mobile Geriatric Teams, (ii) Avionic Systems and (iii) Video Surveillance Systems

    Towards a Pervasive Access Control within Video Surveillance Systems

    Get PDF
    Part 1: Cross-Domain Conference and Workshop on Multidisciplinary Research and Practice for Information Systems (CD-ARES 2013)International audienceThis paper addresses two emerging challenges that multimedia distributed systems have to deal with: the user’s constant mobility and the information’s sensitivity. The systems have to adapt, in real time, to the user’s context and situation in order to provide him with relevant results without breaking the security and privacy policies. Distributed multimedia systems, such as the oneproposed by the LINDO project, do not generally consider both issues. In this paper, we apply an access control layer on top of the LINDO architecture that takes into consideration the user’s context and situation and recommends alternative resources to the user when he is facing an important situation. The proposed solution was implemented and tested in a video surveillance use case

    Towards a Pervasive Access Control within Video Surveillance Systems

    Get PDF
    This paper addresses two emerging challenges that multimedia distributed systems have to deal with: the user’s constant mobility and the information’s sensitivity. The systems have to adapt, in real time, to the user’s context and situation in order to provide him with relevant results without breaking the security and privacy policies. Distributed multimedia systems, such as the oneproposed by the LINDO project, do not generally consider both issues. In this paper, we apply an access control layer on top of the LINDO architecture that takes into consideration the user’s context and situation and recommends alternative resources to the user when he is facing an important situation. The proposed solution was implemented and tested in a video surveillance use case

    Adaptive Solutions for Access Control within Pervasive Healthcare Systems

    No full text
    International audienceIn the age of mobile computing and distributed systems, healthcare systems are employing service-oriented computing to provide users with transparent accessibility to reach their distributed resources at anytime, anywhere and anyhow. Meanwhile, these systems tend to strengthen their security shields to ensure the limitation of access to authorized entities. In this paper, we examine mobile querying of distributed XML databases within a pervasive healthcare system. In such contexts, policies - as XACML - are needed to enforce access control. We study the reactivity of this policy in the case of a user demanding access to unauthorized data sources showing that the policy will respond negatively to user demands. Thus, we propose to employ an adaptive mechanism that would provide users with reactive and proactive solutions. Our proposal is accomplished by using the RBAC scheme, the user profile and some predefined semantics in order to provide users with alternative and relevant solutions without affecting the system’s integrity

    La mise en oeuvre d'un modÚle de contrÎle d'accÚs adapté aux systÚmes pervasifs. Application aux équipes mobiles gériatriques.

    No full text
    International audienceMobile Geriatric Teams (EMG) are evolving to meet the needs of the growing number of elder patients and to guarantee the delivery of better services through a comprehensive consultation. The EMG need an interoperable system that allows easy acquisition of patient data that are distributed and managed by several authorities. In this paper, we present a pervasive information system dedicated to serve the EMG. Such a system will strengthen the quality and increase the efficiency of medical decision-making, it will ensure seamless access to medical resources from anywhere, anyhow and anytime. We also implement access control based on XACML to ensure the security of systems holding such information that is highly private and confidentialLes Ă©quipes mobiles gĂ©riatriques (EMG) se dĂ©placent auprĂšs du plus grand nombre de personnes ĂągĂ©es afin d'assurer des services dans le cadre d'une consultation globale. Les EMG ont besoin d'un systĂšme interopĂ©rable qui permet une facilitĂ© d'acquisition des donnĂ©es du patient qui sont distribuĂ©es et gĂ©rĂ©es par plusieurs autoritĂ©s. Dans ce papier, nous montrons un systĂšme d'information pervasif dĂ©diĂ© aux EMG. Un tel systĂšme permettra une Ă©volution du domaine en termes de qualitĂ© et d'efficacitĂ© ; il garantira un accĂšs transparent aux ressources mĂ©dicales depuis n'importe oĂč, n'importe comment et Ă  n'importe quel moment. Nous mettons Ă©galement en oeuvre un contrĂŽle d'accĂšs basĂ© sur XACML pour assurer la sĂ©curitĂ© de tels systĂšmes dĂ©tenant des informations privĂ©es et confidentielles

    Une Vision Pour un ContrĂŽle d’AccĂšs Adaptatif aux SystĂšmes de SantĂ© Pervasifs

    No full text
    Nouvelles technologies de l’information et gouvernance des systĂšmes de santĂ©International audienceL’évolution des systĂšmes de santĂ© pervasifs a permis aux utilisateurs d’accĂ©der aux diffĂ©rentes ressources mĂ©dicales depuis n’ importe oĂč, n’importe comment et Ă  n’importe quel moment. Les administrateurs de tels systĂšmes ouverts et dĂ©tenant des informations privĂ©es essayent d’en fortifier la sĂ©curitĂ© pour en garantir l’intĂ©gritĂ©. XACML est une politique de contrĂŽle d’accĂšs dĂ©veloppĂ©e pour gĂ©rer l’accĂšs aux donnĂ©es dans un service, cette politique supporte le modĂšle RBAC qui prend en compte le rĂŽle de l’utilisateur pour la prise de dĂ©cision. En analysant l’efficacitĂ© de XACML dans le cas d’une demande urgente pour accĂ©der Ă  un Ă©lĂ©ment non autorisĂ©, nous avons trouvĂ© que la demande d’accĂšs sera refusĂ©e. Nos travaux visent Ă  adapter la prise de dĂ©cision dans les contraintes du temps rĂ©el et proposer aux utilisateurs des solutions alternatives qui rĂ©pondent mieux Ă  leurs besoins
    corecore