Abstract
In the age of mobile computing and distributed systems, healthcare systems are employing service-oriented computing to provide users with transparent accessibility to reach their distributed resources at anytime, anywhere and anyhow. Meanwhile, these systems tend to strengthen their security shields to ensure the limitation of access to authorized entities. In this paper, we examine mobile querying of distributed XML databases within a pervasive healthcare system. In such contexts, policies - as XACML - are needed to enforce access control. We study the reactivity of this policy in the case of a user demanding access to unauthorized data sources showing that the policy will respond negatively to user demands. Thus, we propose to employ an adaptive mechanism that would provide users with reactive and proactive solutions. Our proposal is accomplished by using the RBAC scheme, the user profile and some predefined semantics in order to provide users with alternative and relevant solutions without affecting the system’s integrity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Al Kukhun, D., Sèdes, F.: A Taxonomy for Evaluating Pervasive Computing Environments. In: IEEE International Conference on Pervasive Systems, MAPS 2006 proceeding, Lyon, 26/06/06-29/06/06, pp. 29–34 (2006)
Al Kukhun, D., Sèdes, F.: Interoperability In Pervasive Enterprise Information Systems: A Double-Faced Coin Between Security And Accessibility. In: International Conference on Enterprise Information Systems (ICEIS 2007), Funchal, Madeira - Portugal, 12/06/07-16/06/07, pp. 237–243. INSTICC Press (2007)
Anderson, A.: A Comparison of Two Privacy Policy Languages: EPAL and XACML, consulted on 8/12/2007 (September 2005), http://research.sun.com/techrep/2005/smli_tr-2005-147/abstract.html
Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and Enforcing Access Control Policies for XML Document Sources. World Wide Web Journal 3(3), 139–151 (2000)
Bouganim, L., Dang Ngoc, F., Pucheral, P.: Client-Based Access Control Management for XML Documents. In: Proc. of the Very Large Data Bases Conference, Toronto, Canada (2004)
Bray, T., et al.: Extensible Markup Language (XML) 1.0. World Wide Web Consortium (W3C) (October 2000), http://www.w3c.org/TR/REC-xml
Damiani, E., Vimercati, S.D., Paraboschi, S., Samarati, P.: Securing XML Documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, pp. 121–135. Springer, Heidelberg (2000)
Duan, Y., Canny, J.: Protecting User Data in UbiComp: Towards trustworthy environments. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 167–185. Springer, Heidelberg (2005)
Ferraiolo, D.F., Kuhn, D.R.: Role Based Access Control. In: 15th National Computer Security Conference, October 1992, pp. 554–563 (1992)
Gabillon, A., Bruno, E.: Regulating Access to XML documents. In: Fifteenth Annual IFIP WG 11.3 Working Conference on Database Security, July 15-18, 2001. Niagara on the Lake, Ontario, Canada (2001)
Helal, A., Hammer, J.: UbiData: Requirements and Architecture for Ubiquitous Data Access. SIGMOD RECORDÂ 33(4) (December 2004)
Kudo, M., Hada, S.: XML document security based on provisional authorization. In: Proceedings of the 7th ACM CCS 2000, pp. 87–96. ACM, New York (2000)
Munoz, J., Pelechano, V.: Building a Software Factory for Pervasive Systems Development. In: Pastor, Ó., Falcão e Cunha, J. (eds.) CAiSE 2005. LNCS, vol. 3520, pp. 342–356. Springer, Heidelberg (2005)
OASIS, A brief Introduction to XACML, consulted on: October 15, 2007 (March 14, 2003), http://www.oasis-open.org/committees/download.php/2713/Brief_Introduction_to_XACML.html
OASIS, XACML Profile for Role Based Access Control (RBAC), consulted on: 15/10/2007 (13/2/2004), http://docs.oasis-open.org/xacml/cd-xacml-rbac-profile-01.pdf
Seeley, R.: SOA governance, security concerns drive XACML interop (posted on 13/6/2007), http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci1260713,00.html
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Al Kukhun, D., Sedes, F. (2008). Adaptive Solutions for Access Control within Pervasive Healthcare Systems. In: Helal, S., Mitra, S., Wong, J., Chang, C.K., Mokhtari, M. (eds) Smart Homes and Health Telematics. ICOST 2008. Lecture Notes in Computer Science, vol 5120. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69916-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-69916-3_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69914-9
Online ISBN: 978-3-540-69916-3
eBook Packages: Computer ScienceComputer Science (R0)