Policy-based access control for constrained healthcare resources in the context of the Internet of Things

Shantanu Pal*, Michael Hitchens, Vijay Varadharajan, Tahiry Rabehaja

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

51 Citations (Scopus)


The Internet of Things (IoT), smart sensors and mobile wearable devices are helping to provide healthcare systems that are more ubiquitous, smarter, faster and easily accessible to users. However, security is a significant concern for the IoT, with access control being one of the major issues. With the growing size and presence of these systems an important question is how to manage policies in a manner that is both scalable and flexible. In this paper, we propose an access control architecture for constrained healthcare resources in the IoT. Our policy-based approach provides fine-grained access for authorized users to services while protecting valuable resources from unauthorized access. We use a hybrid approach by employing attributes, roles and capabilities for our authorization design. We apply attributes for role membership assignment and in permission evaluation. Membership of roles grants capabilities. The capabilities which are issued may be parameterized based on further attributes of the user and are then used to access specific services provided by IoT devices. This significantly reduces the number of policies required for specifying access control settings. The proposed scheme is XACML driven. We have implemented a proof of concept prototype and provide a detailed performance analysis of the implementation. Evaluation results show that, our approach requires minimal additional overhead when compared to other proposals employing capabilities for access control in the IoT.

Original languageEnglish
Pages (from-to)57-74
Number of pages18
JournalJournal of Network and Computer Applications
Early online date10 May 2019
Publication statusPublished - 1 Aug 2019


  • Access control
  • Constrained resources
  • Healthcare systems
  • Internet of things
  • Policy management
  • Security


Dive into the research topics of 'Policy-based access control for constrained healthcare resources in the context of the Internet of Things'. Together they form a unique fingerprint.

Cite this