SlideShare una empresa de Scribd logo

Passat 2001

Descargar como PPTX, PDF
Michele Guglielmi
Michele Guglielmi

Presented during The Third IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT), MIT, Boston, USA, October 9 - 11, 2011.

EmpresarialesTecnología
1 de 24
Barbara Carminati, Elena Ferrari, Michele Guglielmi European Office of Aerospace University of Insubria, Italy Research & Development
Emergency Management  Do you think it would have been Federal possible for the United States government to intercept 9/11 attack ?  Do you think it would have been Information possible for the United States to DHS State manage a more effective Sharing response and recovery after the hurricane Katrina? Local Agencies Traditional Access Emergency Access Control Control
Traditional vs Emergency Access Control Traditional access control models are regulated by a proper set of pre-defined access control policies. An Emergency access control model should (during an emergency) bypass the regular access control policies and grant users access to resources not normally authorized. Downgrading of information security Complex Event Processing Temporary Controlled Timely (CEP)
Emergency Access Control Policies 1. Make a user able to specify emergency policies 2. Detect the events that cause the triggering of an emergency policy 3. Make immediately available to the authorized subjects information covered by the emergency policy Temporary Complex Emergency access Event Obligations policies control Processing policies (CEP)
Our Model vs BtG (Break the Glass)  a subject requests an access  the system checks regular access control policies  if the access request is denied, the system verifies whether this decision can be overridden by a BtG policy  the subject is notified and asked to confirm. In our proposal, when an access is denied by a regular policy, the system checks if this decision can be overridden by a temporary access control policy and, in this case, the access is granted.  BtG policies are always active  emergency policies are active only during emergencies  a user can decide when to use a BtG  only the system can override a policy to override a regular one regular policy  a user can wait a while to respond  system overrides immediately when the system prompts the BtG regular policies when an request emergency is detected
Emergency Events Simple query on a Bradycardia: patient single data stream heart rate lower than Simple/Complex 60 Event Epileptic attack: join Complex query like an aggregation query on a many information joint set of streams about patient vital stream and movement Emergency sensors stream Event Patient fall: it is Relationships necessary to detect between simple/complex this sequence of Event Pattern events that might events: the patient happen with different temporal falls to the ground and order. does not stand up by the next 2 minutes.
Event Language The literature offers several languages for event pattern specification (e.g., Amit, XChangeEQ, SpaTec, TESLA and SASE+). Some languages have also been proposed by vendors (e.g., Streambase, Sybase, Oracle CEP). However, up to now, a standard event specification language has not yet emerged We make use of a Core Event Specification Language (CESL).
CESL Language CESL supports the following operators:  Query Stream Operators: selection, projection, aggregation, join.  Event Operators: event type, event instance, array of event instances.  Event Pattern Operators: sequence, negation, iteration.
Reference scenario Patients wear several monitoring devices that catch their health measures (e.g., temperature, heart rate, blood pressure, glucose, etc.). All gathered measures are encoded as tuples in a data stream and sent to a CEP, which can easily detect any s.heart_rate < 60 anomaly signaling an emergency situation.
Emergency Event Given a set of streams S, and a context C, an emergency event ev is defined as (eventPattern, exp, identifier)  eventPattern: is an event pattern on streams in S  exp: is a boolean expression on attributes in C  identifier: is a subset of attributes in S
Identifier Consider the patient monitoring scenario S = (heart_rate, patient_id) (heart_rate < 60, - , patient_id) (62,a) (61,a) (59,a) (58,a) (57,b)
Emergency An emergency e is a tuple (init, end, timeout)  init: denotes the event triggering the emergency  end: is the optional event that turns off the emergency  timeout: is the time within the emergency expires even though end has not occurred
Emergency Example A cardiac arrest situation can be represented as follows: CardiacArrest { init: (VitalSigns1 v, _, patient_id); VitalSigns1 = σ(heart_rate = 0)(S); end: (VitalSigns2 v, _, patient_id); VitalSigns2 = σ (heart_rate > 60)(S); timeout: ∞; }
Emergency Policies Requirements Traditional Access Control Policy (sbj, obj, priv)  emergency: that has to trigger temporary access control policies activation/deactivation  temporary access control policy: to be activated during an emergency Emergency Access Control Policy (emg, sbj, obj, priv)
Emergency Policy Requirements In patient remote monitoring scenario: Automatically call an ambulance Emergency Obligations Paramedics are allowed to access patient EMR during the emergency Subject and object constraints An audit log is created Access Control Obligations
Emergency Policy An emergency policy is a pair (emg, ans) where emg is an emergency and ans is:  temporary access control policy template: is a tuple (sbj, obj, priv, exp, obl) when the context expression exp is true, users identified by sbj are authorized to exercise the privilege priv on the object obj . In addition, the action obl is executed.  emergency obligation: an action or a set of actions that must be executed after the detection of emg
Emergency Policy Example Monitored patient is hospitalized at home and assisted by his/her personal doctor who is allowed to read his/her EMR and to write prescriptions.  CardiacArrest emergency detection  automatically call an ambulance for the patient address.  Object: the EMR of the patient under emergency condition  Subjects: paramedics on the ambulance  Privileges: read/write  Obligation: sending an email to the patient doctor when a paramedic accesses the patient EMR.
Emergency Policy Correctness When init and end events are defined so as to have predicates that simultaneously hold, that is, when at least a tuple can exist verifying both init and end events. Bradycardia { init: (VitalSigns1 v, _, patient_id); VitalSigns1 = (heart_rate ≤ 60)(S); end: (VitalSigns2 v, _, patient_id); VitalSigns2 = (heart_rate ≥ 50)(S); timeout: ∞; } 52 54 56 creation and simultaneously removal of three instances of an emergency with the consequent activation/deactivation of the corresponding temporary access control policy. Validity Checks
Emergency Policy Enforcement Emergency Handler CEP Policies and Emergencies Repository  CEP: capture complex event patterns signaling the beginning/ending of an emergency  Emergency Handler: carries out registration and enforcement of emergency polices  Repository: contains emergency descriptions (init, end, identifier, timeout), emergency policies (emg,ans) and temporary access control policy templates (sbj, obj, priv, exp, obl)
Enforcement Example CEP Emergency CardiacArrest handler Init o1 e1 Init (VitalSigns1 v,_, patient_id); handler VitalSigns1=σ(heart_rate=0)(S); e1.heart_rate = 0 S e1.patient_id = 2 End (VitalSigns2 v,_, patient_id); o2 e2 End handler VitalSigns2=σ(heart_rate>60)(S); e2.heart_rate=80 e2.patient_id=2 Policies and Emergencies Repository
Enforcement Example Emergency Policies and Emergency Repository handler Emergencies id init end identifier timeout obligation o1 e1 Init 1 O1 O2 patient_id ∞ call(ambulance) e1.heart_rate = 0 handler Emergency_policy e1.patient_id = 2 emergency_id policy_template_id 1 10 Temporary acp templates o2 e2 End id sbj obj priv obligation handler e2.heart_rate=80 10 Paramedic.id = EMR.id = read mailto(user) call.paramedic_id emg.patient_id e2.patient_id=2 Emergency instances emergency_id identifier 1 2 Temporary acp template instances id sbj obj priv obligation 10 Paramedic.id = 12 EMR.id = 2 read mailto(user)
Experiments and Results We implemented a prototype in Java, using the Streambase CEP platform; the experiments were run on an Intel Core i7 2.00 GHz CPU machine with 4Gb RAM, running Windows 7.  Emergency retrieval time  Emergency instances retrieval time  Temporary access control template retrieval time
Experiments and Results 16 35 Emergency instance Emergency Retrieval retrieval time (ms) 14 30 12 25 10 Time (ms) 20 8 6 15 4 10 2 5 0 0 0 5000 10000 15000 0 5000 10000 15000 Number of Emergencies Number of Emergency Instances 25 Emergency retrieval time (ms) Temporary Access Control Template Retrieval Time (ms) 20 Emergency Instance 15 Temporary Access Control Template 10 80 60 5 40 0 20 0 5000 10000 15000 0 10 100 500 1000 2000 5000 10000 Number of Temporary Access Control Templates Number of Emergency, Emergency Instances, Templates
Conclusions  We have proposed a novel notion of emergency policies able to manage a flexible and secure information sharing during emergency situations. Emergency policies are capable of  expressing complex emergency situations  override regular policies with temporary access control policies  support obligations Future Extensions We plan to extend this work along several directions:  Develop of a complete prototype to carry out more extensive performance tests.  Buffering strategies to avoid latency in information deliver  Extend correctness validity checks for more complex event specification

Recomendados

Marketing strategy
Marketing strategyMarketing strategy
Marketing strategyKareem Pearson
 
2009 12 05_osc2009_fukuoka_xct
2009 12 05_osc2009_fukuoka_xct2009 12 05_osc2009_fukuoka_xct
2009 12 05_osc2009_fukuoka_xctTom Hayakawa
 
323232
323232323232
323232areerat
 
Lapeste hda
Lapeste hdaLapeste hda
Lapeste hdapierrecorneille
 
Router01
Router01Router01
Router01Paul Antony
 
STPCon 2010
STPCon 2010STPCon 2010
STPCon 2010Scott Hanson
 
Gérer ses e-mails (2004)
Gérer ses e-mails (2004)Gérer ses e-mails (2004)
Gérer ses e-mails (2004)Ardesi Midi-Pyrénées
 
Sınav öncesi 8
Sınav öncesi 8Sınav öncesi 8
Sınav öncesi 8ingilizceschool
 

Recomendados

Marketing strategy
Marketing strategyMarketing strategy
Marketing strategyKareem Pearson
 
2009 12 05_osc2009_fukuoka_xct
2009 12 05_osc2009_fukuoka_xct2009 12 05_osc2009_fukuoka_xct
2009 12 05_osc2009_fukuoka_xctTom Hayakawa
 
323232
323232323232
323232areerat
 
Lapeste hda
Lapeste hdaLapeste hda
Lapeste hdapierrecorneille
 
Router01
Router01Router01
Router01Paul Antony
 
STPCon 2010
STPCon 2010STPCon 2010
STPCon 2010Scott Hanson
 
Gérer ses e-mails (2004)
Gérer ses e-mails (2004)Gérer ses e-mails (2004)
Gérer ses e-mails (2004)Ardesi Midi-Pyrénées
 
Sınav öncesi 8
Sınav öncesi 8Sınav öncesi 8
Sınav öncesi 8ingilizceschool
 
Thesis Proposal
Thesis ProposalThesis Proposal
Thesis ProposalMichele Guglielmi
 
Universal Domain Common observation 20080808
Universal Domain Common observation 20080808Universal Domain Common observation 20080808
Universal Domain Common observation 20080808ash84
 
Fail Over mstr
Fail Over mstrFail Over mstr
Fail Over mstrToni Mctygue
 
Sub1568
Sub1568Sub1568
Sub1568International Journal of Science and Research (IJSR)
 
Sis training course_1
Sis training course_1Sis training course_1
Sis training course_1Gino Pascualli
 
[IJET-V1I3P21] Authors :Mr. D K Kamat, Ms. Pooja S Ganorkar, Mrs. R A Jain
[IJET-V1I3P21] Authors :Mr. D K Kamat, Ms. Pooja S Ganorkar, Mrs. R A Jain[IJET-V1I3P21] Authors :Mr. D K Kamat, Ms. Pooja S Ganorkar, Mrs. R A Jain
[IJET-V1I3P21] Authors :Mr. D K Kamat, Ms. Pooja S Ganorkar, Mrs. R A JainIJET - International Journal of Engineering and Techniques
 
Event driven architecture
Event driven architectureEvent driven architecture
Event driven architectureVinod Wilson
 
A New Real Time Clinical Decision Support System Using Machine Learning for C...
A New Real Time Clinical Decision Support System Using Machine Learning for C...A New Real Time Clinical Decision Support System Using Machine Learning for C...
A New Real Time Clinical Decision Support System Using Machine Learning for C...IRJET Journal
 
Event processing within the human body - Tutorial
Event processing within the human body - Tutorial Event processing within the human body - Tutorial
Event processing within the human body - Tutorial Opher Etzion
 
Gpt buchman
Gpt buchmanGpt buchman
Gpt buchmanSamantha Haas
 
Power system security
Power system securityPower system security
Power system securityAdani Institute of Infrastructure Engineering College
 
Gpt buchman
Gpt buchmanGpt buchman
Gpt buchmanSamantha Haas
 
A Context-aware Patient Safety System for the Operating Room
A Context-aware Patient Safety System for the Operating RoomA Context-aware Patient Safety System for the Operating Room
A Context-aware Patient Safety System for the Operating RoomJakob Bardram
 
Biosurveillance 2.0
Biosurveillance 2.0Biosurveillance 2.0
Biosurveillance 2.0Taha Kass-Hout, MD, MS
 
Extending UsiXML to support User-aware Interfaces
Extending UsiXML to support User-aware InterfacesExtending UsiXML to support User-aware Interfaces
Extending UsiXML to support User-aware InterfacesJean Vanderdonckt
 
PNS Overview_General
PNS Overview_GeneralPNS Overview_General
PNS Overview_GeneralJerry Hudson
 
ICU MANAGEMENT SYSTEM
ICU MANAGEMENT SYSTEMICU MANAGEMENT SYSTEM
ICU MANAGEMENT SYSTEMIRJET Journal
 
AIS
AISAIS
AISSweta Leena Panda
 
B410054
B410054B410054
B410054Sweta Leena Panda
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 

Más contenido relacionado

Similar a Passat 2001

Universal Domain Common observation 20080808
Universal Domain Common observation 20080808Universal Domain Common observation 20080808
Universal Domain Common observation 20080808ash84
 
Event driven architecture
Event driven architectureEvent driven architecture
Event driven architectureVinod Wilson
 
A New Real Time Clinical Decision Support System Using Machine Learning for C...
A New Real Time Clinical Decision Support System Using Machine Learning for C...A New Real Time Clinical Decision Support System Using Machine Learning for C...
A New Real Time Clinical Decision Support System Using Machine Learning for C...IRJET Journal
 
Event processing within the human body - Tutorial
Event processing within the human body - Tutorial Event processing within the human body - Tutorial
Event processing within the human body - Tutorial Opher Etzion
 
A Context-aware Patient Safety System for the Operating Room
A Context-aware Patient Safety System for the Operating RoomA Context-aware Patient Safety System for the Operating Room
A Context-aware Patient Safety System for the Operating RoomJakob Bardram
 
Extending UsiXML to support User-aware Interfaces
Extending UsiXML to support User-aware InterfacesExtending UsiXML to support User-aware Interfaces
Extending UsiXML to support User-aware InterfacesJean Vanderdonckt
 
PNS Overview_General
PNS Overview_GeneralPNS Overview_General
PNS Overview_GeneralJerry Hudson
 
ICU MANAGEMENT SYSTEM
ICU MANAGEMENT SYSTEMICU MANAGEMENT SYSTEM
ICU MANAGEMENT SYSTEMIRJET Journal
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 

Similar a Passat 2001 (20)

Thesis Proposal
Thesis ProposalThesis Proposal
Thesis Proposal
 
Universal Domain Common observation 20080808
Universal Domain Common observation 20080808Universal Domain Common observation 20080808
Universal Domain Common observation 20080808
 
Fail Over mstr
Fail Over mstrFail Over mstr
Fail Over mstr
 
Sub1568
Sub1568Sub1568
Sub1568
 
Sis training course_1
Sis training course_1Sis training course_1
Sis training course_1
 
[IJET-V1I3P21] Authors :Mr. D K Kamat, Ms. Pooja S Ganorkar, Mrs. R A Jain
[IJET-V1I3P21] Authors :Mr. D K Kamat, Ms. Pooja S Ganorkar, Mrs. R A Jain[IJET-V1I3P21] Authors :Mr. D K Kamat, Ms. Pooja S Ganorkar, Mrs. R A Jain
[IJET-V1I3P21] Authors :Mr. D K Kamat, Ms. Pooja S Ganorkar, Mrs. R A Jain
 
Event driven architecture
Event driven architectureEvent driven architecture
Event driven architecture
 
A New Real Time Clinical Decision Support System Using Machine Learning for C...
A New Real Time Clinical Decision Support System Using Machine Learning for C...A New Real Time Clinical Decision Support System Using Machine Learning for C...
A New Real Time Clinical Decision Support System Using Machine Learning for C...
 
Event processing within the human body - Tutorial
Event processing within the human body - Tutorial Event processing within the human body - Tutorial
Event processing within the human body - Tutorial
 
Gpt buchman
Gpt buchmanGpt buchman
Gpt buchman
 
Power system security
Power system securityPower system security
Power system security
 
Gpt buchman
Gpt buchmanGpt buchman
Gpt buchman
 
A Context-aware Patient Safety System for the Operating Room
A Context-aware Patient Safety System for the Operating RoomA Context-aware Patient Safety System for the Operating Room
A Context-aware Patient Safety System for the Operating Room
 
Biosurveillance 2.0
Biosurveillance 2.0Biosurveillance 2.0
Biosurveillance 2.0
 
Extending UsiXML to support User-aware Interfaces
Extending UsiXML to support User-aware InterfacesExtending UsiXML to support User-aware Interfaces
Extending UsiXML to support User-aware Interfaces
 
PNS Overview_General
PNS Overview_GeneralPNS Overview_General
PNS Overview_General
 
ICU MANAGEMENT SYSTEM
ICU MANAGEMENT SYSTEMICU MANAGEMENT SYSTEM
ICU MANAGEMENT SYSTEM
 
AIS
AISAIS
AIS
 
B410054
B410054B410054
B410054
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
 

Último

RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 

Último (20)

RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 

Passat 2001

  • 1. Barbara Carminati, Elena Ferrari, Michele Guglielmi European Office of Aerospace University of Insubria, Italy Research & Development
  • 2. Emergency Management  Do you think it would have been Federal possible for the United States government to intercept 9/11 attack ?  Do you think it would have been Information possible for the United States to DHS State manage a more effective Sharing response and recovery after the hurricane Katrina? Local Agencies Traditional Access Emergency Access Control Control
  • 3. Traditional vs Emergency Access Control Traditional access control models are regulated by a proper set of pre-defined access control policies. An Emergency access control model should (during an emergency) bypass the regular access control policies and grant users access to resources not normally authorized. Downgrading of information security Complex Event Processing Temporary Controlled Timely (CEP)
  • 4. Emergency Access Control Policies 1. Make a user able to specify emergency policies 2. Detect the events that cause the triggering of an emergency policy 3. Make immediately available to the authorized subjects information covered by the emergency policy Temporary Complex Emergency access Event Obligations policies control Processing policies (CEP)
  • 5. Our Model vs BtG (Break the Glass)  a subject requests an access  the system checks regular access control policies  if the access request is denied, the system verifies whether this decision can be overridden by a BtG policy  the subject is notified and asked to confirm. In our proposal, when an access is denied by a regular policy, the system checks if this decision can be overridden by a temporary access control policy and, in this case, the access is granted.  BtG policies are always active  emergency policies are active only during emergencies  a user can decide when to use a BtG  only the system can override a policy to override a regular one regular policy  a user can wait a while to respond  system overrides immediately when the system prompts the BtG regular policies when an request emergency is detected
  • 6. Emergency Events Simple query on a Bradycardia: patient single data stream heart rate lower than Simple/Complex 60 Event Epileptic attack: join Complex query like an aggregation query on a many information joint set of streams about patient vital stream and movement Emergency sensors stream Event Patient fall: it is Relationships necessary to detect between simple/complex this sequence of Event Pattern events that might events: the patient happen with different temporal falls to the ground and order. does not stand up by the next 2 minutes.
  • 7. Event Language The literature offers several languages for event pattern specification (e.g., Amit, XChangeEQ, SpaTec, TESLA and SASE+). Some languages have also been proposed by vendors (e.g., Streambase, Sybase, Oracle CEP). However, up to now, a standard event specification language has not yet emerged We make use of a Core Event Specification Language (CESL).
  • 8. CESL Language CESL supports the following operators:  Query Stream Operators: selection, projection, aggregation, join.  Event Operators: event type, event instance, array of event instances.  Event Pattern Operators: sequence, negation, iteration.
  • 9. Reference scenario Patients wear several monitoring devices that catch their health measures (e.g., temperature, heart rate, blood pressure, glucose, etc.). All gathered measures are encoded as tuples in a data stream and sent to a CEP, which can easily detect any s.heart_rate < 60 anomaly signaling an emergency situation.
  • 10. Emergency Event Given a set of streams S, and a context C, an emergency event ev is defined as (eventPattern, exp, identifier)  eventPattern: is an event pattern on streams in S  exp: is a boolean expression on attributes in C  identifier: is a subset of attributes in S
  • 11. Identifier Consider the patient monitoring scenario S = (heart_rate, patient_id) (heart_rate < 60, - , patient_id) (62,a) (61,a) (59,a) (58,a) (57,b)
  • 12. Emergency An emergency e is a tuple (init, end, timeout)  init: denotes the event triggering the emergency  end: is the optional event that turns off the emergency  timeout: is the time within the emergency expires even though end has not occurred
  • 13. Emergency Example A cardiac arrest situation can be represented as follows: CardiacArrest { init: (VitalSigns1 v, _, patient_id); VitalSigns1 = σ(heart_rate = 0)(S); end: (VitalSigns2 v, _, patient_id); VitalSigns2 = σ (heart_rate > 60)(S); timeout: ∞; }
  • 14. Emergency Policies Requirements Traditional Access Control Policy (sbj, obj, priv)  emergency: that has to trigger temporary access control policies activation/deactivation  temporary access control policy: to be activated during an emergency Emergency Access Control Policy (emg, sbj, obj, priv)
  • 15. Emergency Policy Requirements In patient remote monitoring scenario: Automatically call an ambulance Emergency Obligations Paramedics are allowed to access patient EMR during the emergency Subject and object constraints An audit log is created Access Control Obligations
  • 16. Emergency Policy An emergency policy is a pair (emg, ans) where emg is an emergency and ans is:  temporary access control policy template: is a tuple (sbj, obj, priv, exp, obl) when the context expression exp is true, users identified by sbj are authorized to exercise the privilege priv on the object obj . In addition, the action obl is executed.  emergency obligation: an action or a set of actions that must be executed after the detection of emg
  • 17. Emergency Policy Example Monitored patient is hospitalized at home and assisted by his/her personal doctor who is allowed to read his/her EMR and to write prescriptions.  CardiacArrest emergency detection  automatically call an ambulance for the patient address.  Object: the EMR of the patient under emergency condition  Subjects: paramedics on the ambulance  Privileges: read/write  Obligation: sending an email to the patient doctor when a paramedic accesses the patient EMR.
  • 18. Emergency Policy Correctness When init and end events are defined so as to have predicates that simultaneously hold, that is, when at least a tuple can exist verifying both init and end events. Bradycardia { init: (VitalSigns1 v, _, patient_id); VitalSigns1 = (heart_rate ≤ 60)(S); end: (VitalSigns2 v, _, patient_id); VitalSigns2 = (heart_rate ≥ 50)(S); timeout: ∞; } 52 54 56 creation and simultaneously removal of three instances of an emergency with the consequent activation/deactivation of the corresponding temporary access control policy. Validity Checks
  • 19. Emergency Policy Enforcement Emergency Handler CEP Policies and Emergencies Repository  CEP: capture complex event patterns signaling the beginning/ending of an emergency  Emergency Handler: carries out registration and enforcement of emergency polices  Repository: contains emergency descriptions (init, end, identifier, timeout), emergency policies (emg,ans) and temporary access control policy templates (sbj, obj, priv, exp, obl)
  • 20. Enforcement Example CEP Emergency CardiacArrest handler Init o1 e1 Init (VitalSigns1 v,_, patient_id); handler VitalSigns1=σ(heart_rate=0)(S); e1.heart_rate = 0 S e1.patient_id = 2 End (VitalSigns2 v,_, patient_id); o2 e2 End handler VitalSigns2=σ(heart_rate>60)(S); e2.heart_rate=80 e2.patient_id=2 Policies and Emergencies Repository
  • 21. Enforcement Example Emergency Policies and Emergency Repository handler Emergencies id init end identifier timeout obligation o1 e1 Init 1 O1 O2 patient_id ∞ call(ambulance) e1.heart_rate = 0 handler Emergency_policy e1.patient_id = 2 emergency_id policy_template_id 1 10 Temporary acp templates o2 e2 End id sbj obj priv obligation handler e2.heart_rate=80 10 Paramedic.id = EMR.id = read mailto(user) call.paramedic_id emg.patient_id e2.patient_id=2 Emergency instances emergency_id identifier 1 2 Temporary acp template instances id sbj obj priv obligation 10 Paramedic.id = 12 EMR.id = 2 read mailto(user)
  • 22. Experiments and Results We implemented a prototype in Java, using the Streambase CEP platform; the experiments were run on an Intel Core i7 2.00 GHz CPU machine with 4Gb RAM, running Windows 7.  Emergency retrieval time  Emergency instances retrieval time  Temporary access control template retrieval time
  • 23. Experiments and Results 16 35 Emergency instance Emergency Retrieval retrieval time (ms) 14 30 12 25 10 Time (ms) 20 8 6 15 4 10 2 5 0 0 0 5000 10000 15000 0 5000 10000 15000 Number of Emergencies Number of Emergency Instances 25 Emergency retrieval time (ms) Temporary Access Control Template Retrieval Time (ms) 20 Emergency Instance 15 Temporary Access Control Template 10 80 60 5 40 0 20 0 5000 10000 15000 0 10 100 500 1000 2000 5000 10000 Number of Temporary Access Control Templates Number of Emergency, Emergency Instances, Templates
  • 24. Conclusions  We have proposed a novel notion of emergency policies able to manage a flexible and secure information sharing during emergency situations. Emergency policies are capable of  expressing complex emergency situations  override regular policies with temporary access control policies  support obligations Future Extensions We plan to extend this work along several directions:  Develop of a complete prototype to carry out more extensive performance tests.  Buffering strategies to avoid latency in information deliver  Extend correctness validity checks for more complex event specification