Policy-based access control for constrained healthcare resources in the context of the Internet of Things

Research output: Contribution to journalArticleResearchpeer-review

Abstract

The Internet of Things (IoT), smart sensors and mobile wearable devices are helping to provide healthcare systems that are more ubiquitous, smarter, faster and easily accessible to users. However, security is a significant concern for the IoT, with access control being one of the major issues. With the growing size and presence of these systems an important question is how to manage policies in a manner that is both scalable and flexible. In this paper, we propose an access control architecture for constrained healthcare resources in the IoT. Our policy-based approach provides fine-grained access for authorized users to services while protecting valuable resources from unauthorized access. We use a hybrid approach by employing attributes, roles and capabilities for our authorization design. We apply attributes for role membership assignment and in permission evaluation. Membership of roles grants capabilities. The capabilities which are issued may be parameterized based on further attributes of the user and are then used to access specific services provided by IoT devices. This significantly reduces the number of policies required for specifying access control settings. The proposed scheme is XACML driven. We have implemented a proof of concept prototype and provide a detailed performance analysis of the implementation. Evaluation results show that, our approach requires minimal additional overhead when compared to other proposals employing capabilities for access control in the IoT.

LanguageEnglish
Pages57-74
Number of pages18
JournalJournal of Network and Computer Applications
Volume139
Early online date10 May 2019
DOIs
Publication statusPublished - 1 Aug 2019

Fingerprint

Access control
Smart sensors
Internet of things

Keywords

  • Access control
  • Constrained resources
  • Healthcare systems
  • Internet of things
  • Policy management
  • Security

Cite this

@article{fa823ce4f08947f8acf0e0b381b739df,
title = "Policy-based access control for constrained healthcare resources in the context of the Internet of Things",
abstract = "The Internet of Things (IoT), smart sensors and mobile wearable devices are helping to provide healthcare systems that are more ubiquitous, smarter, faster and easily accessible to users. However, security is a significant concern for the IoT, with access control being one of the major issues. With the growing size and presence of these systems an important question is how to manage policies in a manner that is both scalable and flexible. In this paper, we propose an access control architecture for constrained healthcare resources in the IoT. Our policy-based approach provides fine-grained access for authorized users to services while protecting valuable resources from unauthorized access. We use a hybrid approach by employing attributes, roles and capabilities for our authorization design. We apply attributes for role membership assignment and in permission evaluation. Membership of roles grants capabilities. The capabilities which are issued may be parameterized based on further attributes of the user and are then used to access specific services provided by IoT devices. This significantly reduces the number of policies required for specifying access control settings. The proposed scheme is XACML driven. We have implemented a proof of concept prototype and provide a detailed performance analysis of the implementation. Evaluation results show that, our approach requires minimal additional overhead when compared to other proposals employing capabilities for access control in the IoT.",
keywords = "Access control, Constrained resources, Healthcare systems, Internet of things, Policy management, Security",
author = "Shantanu Pal and Michael Hitchens and Vijay Varadharajan and Tahiry Rabehaja",
year = "2019",
month = "8",
day = "1",
doi = "10.1016/j.jnca.2019.04.013",
language = "English",
volume = "139",
pages = "57--74",
journal = "Journal of Network and Computer Applications",
issn = "1084-8045",
publisher = "Elsevier",

}

TY - JOUR

T1 - Policy-based access control for constrained healthcare resources in the context of the Internet of Things

AU - Pal,Shantanu

AU - Hitchens,Michael

AU - Varadharajan,Vijay

AU - Rabehaja,Tahiry

PY - 2019/8/1

Y1 - 2019/8/1

N2 - The Internet of Things (IoT), smart sensors and mobile wearable devices are helping to provide healthcare systems that are more ubiquitous, smarter, faster and easily accessible to users. However, security is a significant concern for the IoT, with access control being one of the major issues. With the growing size and presence of these systems an important question is how to manage policies in a manner that is both scalable and flexible. In this paper, we propose an access control architecture for constrained healthcare resources in the IoT. Our policy-based approach provides fine-grained access for authorized users to services while protecting valuable resources from unauthorized access. We use a hybrid approach by employing attributes, roles and capabilities for our authorization design. We apply attributes for role membership assignment and in permission evaluation. Membership of roles grants capabilities. The capabilities which are issued may be parameterized based on further attributes of the user and are then used to access specific services provided by IoT devices. This significantly reduces the number of policies required for specifying access control settings. The proposed scheme is XACML driven. We have implemented a proof of concept prototype and provide a detailed performance analysis of the implementation. Evaluation results show that, our approach requires minimal additional overhead when compared to other proposals employing capabilities for access control in the IoT.

AB - The Internet of Things (IoT), smart sensors and mobile wearable devices are helping to provide healthcare systems that are more ubiquitous, smarter, faster and easily accessible to users. However, security is a significant concern for the IoT, with access control being one of the major issues. With the growing size and presence of these systems an important question is how to manage policies in a manner that is both scalable and flexible. In this paper, we propose an access control architecture for constrained healthcare resources in the IoT. Our policy-based approach provides fine-grained access for authorized users to services while protecting valuable resources from unauthorized access. We use a hybrid approach by employing attributes, roles and capabilities for our authorization design. We apply attributes for role membership assignment and in permission evaluation. Membership of roles grants capabilities. The capabilities which are issued may be parameterized based on further attributes of the user and are then used to access specific services provided by IoT devices. This significantly reduces the number of policies required for specifying access control settings. The proposed scheme is XACML driven. We have implemented a proof of concept prototype and provide a detailed performance analysis of the implementation. Evaluation results show that, our approach requires minimal additional overhead when compared to other proposals employing capabilities for access control in the IoT.

KW - Access control

KW - Constrained resources

KW - Healthcare systems

KW - Internet of things

KW - Policy management

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85065906802&partnerID=8YFLogxK

U2 - 10.1016/j.jnca.2019.04.013

DO - 10.1016/j.jnca.2019.04.013

M3 - Article

VL - 139

SP - 57

EP - 74

JO - Journal of Network and Computer Applications

T2 - Journal of Network and Computer Applications

JF - Journal of Network and Computer Applications

SN - 1084-8045

ER -