Abstract
Recently, some proposals have appeared to achieve timely and flexible information sharing in support of emergency management. This is obtained by means of an emergency description language able to specify both emergency situations and temporary access control policies/obligations that have to be activated during emergencies. In this paper, we show that these languages have some limitations in capturing more critical emergency situations, which might arise when atomic emergency events are combined. Moreover, we show that such critical situations might require a new response plan (i.e., new temporary access control policies and obligations), with respect to those already in place for atomic emergencies. Therefore, we introduce the concept of composed emergency and related emergency policies. We also propose some overriding strategies to determine how temporary access control policies and obligations associated with a composed emergency have to be combined with those associated with atomic emergencies. Finally, we propose a tree-data structure in support of efficient emergency policy enforcement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The 9/11 commission report. Technical report, National Commission on Terrorist Attacks Upon the United States (July 2004)
Break-glass: An approach to granting emergency access to healthcare systems. White paper, Joint NEMA/COCIR/JIRA Security and Privacy Committee, SPC (2004)
Federal response to hurricane Katrina: Lessons learned. Technical report, Assistant to the President for Homeland Security and Counter Terrorism (February 2006)
Brucker, A.D., Petritsch, H., Weber, S.G.: Attribute-Based Encryption with Break-Glass. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 237–244. Springer, Heidelberg (2010)
Alghathbar, K., Wijesekera, D.: Consistent and Complete Access Control Policies in Use Cases. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 373–387. Springer, Heidelberg (2003)
Ardagna, C.A., De Capitani di Vimercati, S., Foresti, S., Grandison, T., Jajodia, S., Samarati, P.: Access control for smarter healthcare using policy spaces. Computers and Security 29(8), 848–858 (2010)
Bertolissi, C., Fernández, M.: A rewriting framework for the composition of access control policies. In: Proceedings of the 10th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming, PPDP 2008, pp. 217–225. ACM, New York (2008)
Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 197–206. ACM, New York (2009)
Bruns, G., Huth, M.: Access control via belnap logic: Intuitive, expressive, and analyzable policy composition. ACM Trans. Inf. Syst. Secur. 14(1), 9:1–9:27 (2011)
Carminati, B., Ferrari, E., Guglielmi, M.: Secure information sharing on support of emergency management. In: Proceeding of the Third IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT), pp. 988–995 (October 2011)
Ferreira, A., Chadwick, D., Farinha, P., Correia, R., Zao, G., Chilro, R., Antunes, L.: How to securely break into RBAC: The BTG-RBAC model. In: Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC 2009, pp. 23–31. IEEE Computer Society, Washington, DC (2009)
Ferreira, A., Cruz-Correia, R., Antunes, L., Farinha, P., Oliveira-Palhares, E., Chadwick, D.W., Costa-Pereira, A.: How to break access control in a controlled manner. In: Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems, pp. 847–854. IEEE Computer Society, Washington, DC (2006)
Dantas, D., Bruns, G., Huth, M.: A simple and expressive semantic framework for policy composition in access control. In: Proceedings of the 2007 ACM Workshop on Formal Methods in Security Engineering, FMSE 2007, pp. 12–21. ACM, New York (2007)
Kohler, M., Brucker, A.D.: Access control caching strategies: an empirical evaluation. In: Proceedings of the 6th International Workshop on Security Measurements and Metrics, MetriSec 2010, pp. 8:1–8:8. ACM, New York (2010)
Krishnan, R., Niu, J., Sandhu, R., Winsborough, W.H.: Group-centric secure information-sharing models for isolated groups. ACM Trans. Inf. Syst. Secur. 14(3), 23:1–23:29 (2011)
Lockhart, H., Marinovic, P.B.: Extensible access control markup language (XACML) specification 3.0 (August 2010)
Marinovic, S., Craven, R., Ma, J., Dulay, N.: Rumpole: a flexible break-glass access control model. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, pp. 73–82. ACM, New York (2011)
Ni, Q., Bertino, E., Lobo, J.: D-algebra for composing access control policy decisions. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS 2009, pp. 298–309. ACM, New York (2009)
De Capitani di Vimercati, S., Bonatti, P., Samarati, P.: An algebra for composing access control policies. ACM Trans. Inf. Syst. Secur. 5(1), 1–35 (2002)
Phillips Jr., C.E., Ting, T.C., Demurjian, S.A.: Information sharing and security in dynamic coalitions. In: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, SACMAT 2002, pp. 87–96. ACM, New York (2002)
Warner, J., Atluri, V.I., Mukkamala, R., Vaidya, J.: Using semantics for automatic enforcement of access control policies among dynamic coalitions. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, SACMAT 2007, pp. 235–244. ACM, New York (2007)
Wei, Q., Crampton, J., Beznosov, K., Ripeanu, M.: Authorization recycling in hierarchical rbac systems. ACM Trans. Inf. Syst. Secur. 14(1), 3:1–3:29 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Carminati, B., Ferrari, E., Guglielmi, M. (2012). Policies for Composed Emergencies in Support of Disaster Management. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2012. Lecture Notes in Computer Science, vol 7482. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32873-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-32873-2_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32872-5
Online ISBN: 978-3-642-32873-2
eBook Packages: Computer ScienceComputer Science (R0)