24 research outputs found
Steps towards adaptive situation and context-aware access: a contribution to the extension of access control mechanisms within pervasive information systems
Get PDFL'Ă©volution des systĂšmes pervasives a ouvert de nouveaux horizons aux systĂšmes d'information classiques qui ont intĂ©grĂ© des nouvelles technologies et des services qui assurent la transparence d'accĂšs aux resources d'information Ă n'importe quand, n'importe oĂč et n'importe comment. En mĂȘme temps, cette Ă©volution a relevĂ© des nouveaux dĂ©fis Ă la sĂ©curitĂ© de donnĂ©es et Ă la modĂ©lisation du contrĂŽle d'accĂšs. Afin de confronter ces challenges, differents travaux de recherche se sont dirigĂ©s vers l'extension des modĂšles de contrĂŽles d'accĂšs (en particulier le modĂšle RBAC) afin de prendre en compte la sensibilitĂ© au contexte dans le processus de prise de dĂ©cision. Mais la liaison d'une dĂ©cision d'accĂšs aux contraintes contextuelles dynamiques d'un utilisateur mobile va non seulement ajouter plus de complexitĂ© au processus de prise de dĂ©cision mais pourra aussi augmenter les possibilitĂ©s de refus d'accĂšs. Sachant que l'accessibilitĂ© est un Ă©lĂ©ment clĂ© dans les systĂšmes pervasifs et prenant en compte l'importance d'assurer l'accĂ©ssibilitĂ© en situations du temps rĂ©el, nombreux travaux de recherche ont proposĂ© d'appliquer des mĂ©canismes flexibles de contrĂŽle d'accĂšs avec des solutions parfois extrĂȘmes qui depassent les frontiĂšres de sĂ©curitĂ© telle que l'option de "Bris-de-Glace". Dans cette thĂšse, nous introduisons une solution modĂ©rĂ©e qui se positionne entre la rigiditĂ© des modĂšles de contrĂŽle d'accĂšs et la flexibilitĂ© qui expose des risques appliquĂ©es pendant des situations du temps rĂ©el. Notre contribution comprend deux volets : au niveau de conception, nous proposons PS-RBAC - un modĂšle RBAC sensible au contexte et Ă la situation. Le modĂšle rĂ©alise des attributions des permissions adaptatives et de solution de rechange Ă base de prise de dĂ©cision basĂ©e sur la similaritĂ© face Ă une situation importanteĂ la phase d'exĂ©cution, nous introduisons PSQRS - un systĂšme de rĂ©Ă©criture des requĂȘtes sensible au contexte et Ă la situation et qui confronte les refus d'accĂšs en reformulant la requĂȘte XACML de l'utilisateur et en lui proposant une liste des resources alternatives similaires qu'il peut accĂ©der. L'objectif est de fournir un niveau de sĂ©curitĂ© adaptative qui rĂ©pond aux besoins de l'utilisateur tout en prenant en compte son rĂŽle, ses contraintes contextuelles (localisation, rĂ©seau, dispositif, etc.) et sa situation. Notre proposition a Ă©tĂ© validĂ© dans trois domaines d'application qui sont riches des contextes pervasifs et des scĂ©narii du temps rĂ©el: (i) les Ăquipes Mobiles GĂ©riatriques, (ii) les systĂšmes avioniques et (iii) les systĂšmes de vidĂ©o surveillance.The evolution of pervasive computing has opened new horizons to classical information systems by integrating new technologies and services that enable seamless access to information sources at anytime, anyhow and anywhere. Meanwhile this evolution has opened new threats to information security and new challenges to access control modeling. In order to meet these challenges, many research works went towards extending traditional access control models (especially the RBAC model) in order to add context awareness within the decision-making process. Meanwhile, tying access decisions to the dynamic contextual constraints of mobile users would not only add more complexity to decision-making but could also increase the possibilities of access denial. Knowing that accessibility is a key feature for pervasive systems and taking into account the importance of providing access within real-time situations, many research works have proposed applying flexible access control mechanisms with sometimes extreme solutions that depass security boundaries such as the Break-Glass option. In this thesis, we introduce a moderate solution that stands between the rigidity of access control models and the riskful flexibility applied during real-time situations. Our contribution is twofold: on the design phase, we propose PS-RBAC - a Pervasive Situation-aware RBAC model that realizes adaptive permission assignments and alternative-based decision-making based on similarity when facing an important situation. On the implementation phase, we introduce PSQRS - a Pervasive Situation-aware Query Rewriting System architecture that confronts access denials by reformulating the user's XACML access request and proposing to him a list of alternative similar solutions that he can access. The objective is to provide a level of adaptive security that would meet the user needs while taking into consideration his role, contextual constraints (location, network, device, etc.) and his situation. Our proposal has been validated in three application domains that are rich in pervasive contexts and real-time scenarios: (i) Mobile Geriatric Teams, (ii) Avionic Systems and (iii) Video Surveillance Systems
Vers un accÚs adaptatif sensible à la situation et au contexte (une contribution à l'extension des mécanismes de contrÎle d'accÚs aux systÚmes d'information pervasifs)
No full textTOULOUSE3-BU Sciences (315552104) / SudocSudocFranceF
Adaptive Solutions for Access Control within Pervasive Healthcare Systems
No full textInternational audienceIn the age of mobile computing and distributed systems, healthcare systems are employing service-oriented computing to provide users with transparent accessibility to reach their distributed resources at anytime, anywhere and anyhow. Meanwhile, these systems tend to strengthen their security shields to ensure the limitation of access to authorized entities. In this paper, we examine mobile querying of distributed XML databases within a pervasive healthcare system. In such contexts, policies - as XACML - are needed to enforce access control. We study the reactivity of this policy in the case of a user demanding access to unauthorized data sources showing that the policy will respond negatively to user demands. Thus, we propose to employ an adaptive mechanism that would provide users with reactive and proactive solutions. Our proposal is accomplished by using the RBAC scheme, the user profile and some predefined semantics in order to provide users with alternative and relevant solutions without affecting the systemâs integrity
La mise en oeuvre d'un modÚle de contrÎle d'accÚs adapté aux systÚmes pervasifs. Application aux équipes mobiles gériatriques.
No full textInternational audienceMobile Geriatric Teams (EMG) are evolving to meet the needs of the growing number of elder patients and to guarantee the delivery of better services through a comprehensive consultation. The EMG need an interoperable system that allows easy acquisition of patient data that are distributed and managed by several authorities. In this paper, we present a pervasive information system dedicated to serve the EMG. Such a system will strengthen the quality and increase the efficiency of medical decision-making, it will ensure seamless access to medical resources from anywhere, anyhow and anytime. We also implement access control based on XACML to ensure the security of systems holding such information that is highly private and confidentialLes Ă©quipes mobiles gĂ©riatriques (EMG) se dĂ©placent auprĂšs du plus grand nombre de personnes ĂągĂ©es afin d'assurer des services dans le cadre d'une consultation globale. Les EMG ont besoin d'un systĂšme interopĂ©rable qui permet une facilitĂ© d'acquisition des donnĂ©es du patient qui sont distribuĂ©es et gĂ©rĂ©es par plusieurs autoritĂ©s. Dans ce papier, nous montrons un systĂšme d'information pervasif dĂ©diĂ© aux EMG. Un tel systĂšme permettra une Ă©volution du domaine en termes de qualitĂ© et d'efficacitĂ© ; il garantira un accĂšs transparent aux ressources mĂ©dicales depuis n'importe oĂč, n'importe comment et Ă n'importe quel moment. Nous mettons Ă©galement en oeuvre un contrĂŽle d'accĂšs basĂ© sur XACML pour assurer la sĂ©curitĂ© de tels systĂšmes dĂ©tenant des informations privĂ©es et confidentielles
La RĂ©Ă©criture de RequĂȘtes XACML : Un mĂ©canisme pour assurer une sĂ©curitĂ© adaptable pour les systĂšmes de gestion de donnĂ©es pervasifs
No full textInternational audienc
La RĂ©Ă©criture de RequĂȘtes XACML : Un mĂ©canisme pour assurer une sĂ©curitĂ© adaptable pour les systĂšmes de gestion de donnĂ©es pervasifs
No full textInternational audienc
Une Vision Pour un ContrĂŽle dâAccĂšs Adaptatif aux SystĂšmes de SantĂ© Pervasifs
No full textNouvelles technologies de lâinformation et gouvernance des systĂšmes de santĂ©International audienceLâĂ©volution des systĂšmes de santĂ© pervasifs a permis aux utilisateurs dâaccĂ©der aux diffĂ©rentes ressources mĂ©dicales depuis nâ importe oĂč, nâimporte comment et Ă nâimporte quel moment. Les administrateurs de tels systĂšmes ouverts et dĂ©tenant des informations privĂ©es essayent dâen fortifier la sĂ©curitĂ© pour en garantir lâintĂ©gritĂ©. XACML est une politique de contrĂŽle dâaccĂšs dĂ©veloppĂ©e pour gĂ©rer lâaccĂšs aux donnĂ©es dans un service, cette politique supporte le modĂšle RBAC qui prend en compte le rĂŽle de lâutilisateur pour la prise de dĂ©cision. En analysant lâefficacitĂ© de XACML dans le cas dâune demande urgente pour accĂ©der Ă un Ă©lĂ©ment non autorisĂ©, nous avons trouvĂ© que la demande dâaccĂšs sera refusĂ©e. Nos travaux visent Ă adapter la prise de dĂ©cision dans les contraintes du temps rĂ©el et proposer aux utilisateurs des solutions alternatives qui rĂ©pondent mieux Ă leurs besoins
Sécurité et SystÚmes Ambiants : une étude sur l'évolution de la gestion des accÚs dans les SystÚmes d'Information Pervasifs
No full textInternational audienc
Interoperability In Pervasive Enterprise Information Systems: A Double-Faced Coin Between Security And Accessability
No full textInternational audienceAs transparency becomes a key requirement for assuring service quality and user satisfaction, Enterprise Information Systems are seeking to become pervasive in order to deal with the heterogeneity problem of their sub components. In this position paper, we expose the challenges that face Enterprise Information Systems in achieving better data integration, representation and management, while ensuring homogeneous interaction between different software sub components, improving the interaction between different customers and business partners and providing services on different terminals with dynamic connectivity constraints. Finally, we highlight the importance of applying adaptive, proactive and interoperable access control policies that would differentiate between providing local system users with full data accessibility and providing external users with multi-levelled security controls
Adaptive Solutions for Access Control within Pervasive Healthcare Systems
No full textInternational audienceIn the age of mobile computing and distributed systems, healthcare systems are employing service-oriented computing to provide users with transparent accessibility to reach their distributed resources at anytime, anywhere and anyhow. Meanwhile, these systems tend to strengthen their security shields to ensure the limitation of access to authorized entities. In this paper, we examine mobile querying of distributed XML databases within a pervasive healthcare system. In such contexts, policies - as XACML - are needed to enforce access control. We study the reactivity of this policy in the case of a user demanding access to unauthorized data sources showing that the policy will respond negatively to user demands. Thus, we propose to employ an adaptive mechanism that would provide users with reactive and proactive solutions. Our proposal is accomplished by using the RBAC scheme, the user profile and some predefined semantics in order to provide users with alternative and relevant solutions without affecting the systemâs integrity
