Access Control Model Based on Dynamic Delegations and Privacy in a Health System of Connected Objects

The Internet of Things (IoT) promotes the development of new platforms, services and applications that connect the physical world to the virtual world. Defining access control policies for these platforms remains a challenge for researchers, as security gaps are still observed in several domains, including health. There are much scientific work on systems for remote patient monitoring and most of them have technological limits in access control of patients’ personal and confidential information. Moreover, these systems do not allow collaborative work because the doctor, in case of unavailability or in case of need of collegial decision, cannot delegate his role to another doctor having the same skills and the same attributes as him. In this paper, we propose a model based on dynamic role delegation, emphasizing on collaborative work and the protection of patients’ privacy. This model is a redefinition of the ORBAC model taking into account the notion of user attributes. We use first order logic and non-monotonic logic T-JCLASSICε to perform an axiomatic interpretation of the model. We implement the model with WebRTC, Node.js and Kurento Media Server technologies to facilitate real-time communication between users, and raspberry pi for collecting biometric information received from sensors.