Authorisation and Conflict Resolution for Hierarchical Domains

Download Report

Transcript Authorisation and Conflict Resolution for Hierarchical Domains

A Policy-Based Framework for
e-Health Application
Giovanni Russello
Changyu Dong
Naranker Dulay
Imperial College London
11 September 2007
Jatinder Singh
Jean Bacon
Ken Moody
University of Cambridge
E-Science
1
Caregrid Project
Main project goal:
Enhancements for development and
deployment of healthcare applications
Key features: trust, security, privacy and
context models
Results: working towards the realisation
of a middleware
11 September 2007
E-Science
2
Challenges



Scalability: healthcare applications range
from small-scale body sensor networks up
to large-scale distributed systems
Flexibility: dynamic environments and
unpredictable scenarios
Manageability: users and resources change
unpredictably over time
11 September 2007
E-Science
3
Assisted living
Treating and monitoring patients at home (or in
sheltered houses)
Carers visit the patients and provide the
necessary medical care to their case
Installing hardware and software for



Monitoring (body sensors, infrared cameras,
etc.)
Assisting patients and cares
Providing appropriate security and privacy
11 September 2007
E-Science
4
Framework Components

Ponder2 for management of Entities and
Resources



Domain organisation
Authorisation and Obligation policies
Communication by means of Event-based
middleware


Distribution of events for interaction
Prioritising events
11 September 2007
E-Science
5
Entity and Resource Organisation
Ponder2 allows the specification of hierarchical
domain structures that contains Managed Objects
 An Entity (such as a doctor) is defined by means of
a Managed Object Template (MOT)
 Managed Object Instance (MOI) is used to
represent a specific instance of an Entity
 Resources are represented by means of simple
Managed Objects.
11 September 2007
E-Science
6
An MOT Example
< Root Domain
< Sub-domain for carers
< Sub-domain for Doctors
< MOT specification for Doctors
11 September 2007
E-Science
7
MOI Instantiation
Entity E Presenting Credentials
Finding the matching MOT
Instantiating an MOI for a doctor
11 September 2007
E-Science
8
Authorisation Policies
Define the set of access rights that a
subject has on a target
auth+/- subject, action, target
when condition
11 September 2007
E-Science
9
Obligation Policies

Event-Condition-Action for dynamically
adapting the system to changes
on Event
when Condition
do Action
11 September 2007
E-Science
10
Obligation Policies

Capture obligations entities must fulfil
oblig MedicineIntakePolicy
after 3h 50min from MedSwallowedEvt -> AlertEvt
unless MedSwallowedEvt
after 4h 10min from MedSwallowedEvt -> AlarmEvt
unless MedSwallowedEvt
on MedSwallowedEvt do log("medicine taken", time);
on AlertEvent do alertPatient("Medicine in 10 min");
on AlarmEvent
do sendAlarmToGP("No
medicine taken");
11 September 2007
E-Science
11
Practical Case:
Edema Case Study
Edema refers to swelling caused by
excess fluid retention
Carers regularly visit patients at home
and perform:


Monitoring by measurements
Providing appropriate medications
11 September 2007
E-Science
12
Case Study in Details


Deployment in the home environment
Carers visiting the patient’s home:



Authentication when access home
Guiding the carers in their tasks
Leaving the patient’s home
11 September 2007
E-Science
13
Deployment


Carers could use PDA carrying the
necessary data and software
In the sheltered house:



Sensors for monitoring the patients
PC and set-up boxes for storing data
TV and phones for communication
11 September 2007
E-Science
14
Domain Structures for the
Edema Case Study
11 September 2007
E-Science
15
Controlling the Access to
Resources
11 September 2007
E-Science
16
Fulfilment of Obligations
oblig BMPolicy
after 30min from NurseInEvt -> AlertBMEvt unless
BMTakenEvt
after 10min from NurseOutEvt -> Alert2BMEvt
unless NurseInEvt or BMTakenEvt
after 30min from NurseOutEvt -> HNotifyBMEvt
unless EmergEvt or BMTakenEvt
on BMTakenEvt do log("MB taken", time);
on AlertBMEvt do alertNurse("BM within 30 min");
on Alert2BMEvt do alertNurse("Departed without BM");
on HNotifyBMEvt do sendNotToHosp("No BMtaken");
11 September 2007
E-Science
17
Leaving the Home Domain
When the carer completes the tasks and
leaves allocated resources must be
relinquished.
Obligation policies can be defined to respond
to such an event.
oblig NurseLeavePolicy
on NurseOutEvt
do nurseMOI.disablePolicies;
home.remove(nurseMOI);
11 September 2007
E-Science
18
Other Services


A Trust Framework for handling
autonomously decisions when
unknown entities are involved
A monitoring and auditing service for
responsiveness, reliability, and
performance
11 September 2007
E-Science
19
Conclusion and Future Work
Policy-based framework that provides the
appropriate abstraction for dynamic
environment.
Policies can be used for managing access
rights, dynamically adapt the system and
assist entities in their duties.
For the future, we envisage the use of workflow
systems for handling more complex
situations. Moreover, we are working on
extending our policy language for capturing
the notion of trust.
11 September 2007
E-Science
20