Research Article
On Design of A Fine-Grained Access Control Architecture for Securing IoT-Enabled Smart Healthcare Systems
@INPROCEEDINGS{10.4108/eai.7-11-2017.2274967, author={Shantanu Pal and Michael Hitchens and Vijay Varadharajan and Tahiry Rabehaja}, title={On Design of A Fine-Grained Access Control Architecture for Securing IoT-Enabled Smart Healthcare Systems}, proceedings={14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services}, publisher={ACM}, proceedings_a={MOBIQUITOUS}, year={2018}, month={4}, keywords={internet of things healthcare systems access control policy management security}, doi={10.4108/eai.7-11-2017.2274967} }
- Shantanu Pal
Michael Hitchens
Vijay Varadharajan
Tahiry Rabehaja
Year: 2018
On Design of A Fine-Grained Access Control Architecture for Securing IoT-Enabled Smart Healthcare Systems
MOBIQUITOUS
ACM
DOI: 10.4108/eai.7-11-2017.2274967
Abstract
The Internet of Things (IoT) is facilitating the development of novel and cost-effective applications that promise to deliver efficient and improved medical facilities to patients and health organisations. However, the security of patient data is an ever-present concern in the healthcare arena. In the wider deployment of IoT-enabled smart healthcare systems one particular issue is the need to protect smart ‘things’ from unauthorised access. Commonly used access control approaches e.g. Attribute Based Access Control (ABAC), Role Based Access Control (RBAC) and capability based access control do not, in isolation, provide a complete solution for securing access to IoT-enabled smart healthcare devices. They may, for example, require an overly-centralised solution or an unmanageably large policy base. To address these issues we propose a novel access control architecture which improves policy management by reducing the required number of authentication policies in a large-scale healthcare system while providing fine-grained access control. We devise a hybrid access control model employing attributes, roles and capabilities. We apply attributes for role-membership assignment and in permission evaluation. Membership of roles grants capabilities. The capabilities which are issued may be parameterised based on further attributes of the user and are then used to access specific services provided by IoT ‘things’.