Controlled information sharing for unspecified emergencies

During emergency situations a key requirement is information sharing. If emergencies are known a-priori, it is possible to specify them using emergency policies, modeling the extra sharing needs usually arising during emergencies. However, there are many situations where emergencies can be unspecified and yet they require a timely information sharing. Therefore, in this paper, we present an extended model which is able to deal with such emergencies. The idea is to open the system to some controlled violations, i.e., those denied access requests that signal the occurrence of an unspecified emergency. We have defined measures to determine whether a denied access request represents an information need for an unspecified emergency or the risk of an attempted abuse, and we have carried out experiments to verify the effectiveness of the proposed measures comparing them with a human-based evaluation.

[1]  Sandro Etalle,et al.  Audit-Based Access Control for Electronic Health Records , 2007, Electron. Notes Theor. Comput. Sci..

[2]  Dong Han,et al.  Appearance-Order-Based Schema Matching , 2012, J. Comput. Sci. Eng..

[3]  Aida Boukottaya,et al.  Schema matching for transforming structured documents , 2005, DocEng '05.

[4]  Lior Rokach,et al.  Detecting data misuse by applying context-based data linkage , 2010, Insider Threats '10.

[5]  David W. Chadwick,et al.  How to Securely Break into RBAC: The BTG-RBAC Model , 2009, 2009 Annual Computer Security Applications Conference.

[6]  Sushil Jajodia,et al.  Access control for smarter healthcare using policy spaces , 2010, Comput. Secur..

[7]  Jorge Lobo,et al.  An approach to evaluate policy similarity , 2007, SACMAT '07.

[8]  C. V. Anderson,et al.  The Federal Emergency Management Agency (FEMA) , 2002 .

[9]  Ting Yu,et al.  Towards Quantitative Analysis of Proofs of Authorization: Applications, Framework, and Techniques , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[10]  Jorge Lobo,et al.  EXAM: a comprehensive environment for the analysis of access control policies , 2010, International Journal of Information Security.

[11]  Elisa Bertino,et al.  Detecting anomalous access patterns in relational databases , 2008, The VLDB Journal.

[12]  Jorge Lobo,et al.  Analysis of privacy and security policies , 2009, IBM J. Res. Dev..

[13]  Achim D. Brucker,et al.  Attribute-Based Encryption with Break-Glass , 2010, WISTP.

[14]  Elisa Bertino,et al.  Privacy-preserving similarity measurement for access control policies , 2010, DIM '10.

[15]  D. Richard Kuhn,et al.  Adding Attributes to Role-Based Access Control , 2010, Computer.

[16]  Joerg Evermann,et al.  Theories of meaning in schema matching: An exploratory study , 2009, Inf. Syst..

[17]  Graeme Hirst,et al.  Distributional Measures of Semantic Distance: A Survey , 2012, ArXiv.

[18]  Martha Palmer,et al.  Verb Semantics and Lexical Selection , 1994, ACL.

[19]  Barbara Carminati,et al.  Secure Information Sharing on Support of Emergency Management , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.