Controlled BTG: Toward Flexible Emergency Override in Interoperable Medical Systems

Authors

DOI:

https://doi.org/10.4108/eai.13-7-2018.163213

Keywords:

Break the Glass, Access control, Authorization, Medical IoT, CPS, XACML, ALFA

Abstract

INTRODUCTION: In medical cyber-physical systems (mCPS), availability must be prioritized over other security properties, making it challenging to craft least-privilege authorization policies which preserve patient safety and confidentiality even during emergency situations. For example, unauthorized access to device(s) connected to a patient or an app controlling these devices could result in patient harm. Previous work has suggested a virtual version of “Break the Glass” (BTG), an analogy to breaking a physical barrier to access a protected emergency resource such as a fire extinguisher or “crash cart”. In healthcare, BTG is used to override access controls and allow for unrestricted access to resources, e.g. Electronic Health Records. After a “BTG event” completes, the actions of all concerned parties are audited to validate the reasons and legitimacy for the override.

OBJECTIVES: Medical BTG has largely been treated as an all-or-nothing scenario: either a means to obtain unrestricted access is provided, or BTG is not supported. We show how to handle BTG natively within the ABAC model, maintaining full compatibility with existing access control frameworks, putting BTG in the policy domain rather than requiring framework modifications. This approach also makes BTG more flexible, allowing for fine-grained facility-specific policies, and even automates auditing in many situations, while maintaining the principle of least-privilege.

METHODS: We do this by constructing a BTG “meta-policy” which works with existing access control policies by explicitly allowing override when requested.

RESULTS: We present a sample BTG policy and formally verify that the resulting combined set of access control policies correctly satisfies the goals of the original policy set and allows expanded access during a BTG event. We show how to use the same verification methods to check new policies, easing the process of crafting least-privilege policies.

Downloads

Published

19-02-2020

How to Cite

Tasali, Q. ., Sublett, C. ., & Y. Vasserman, E. . (2020). Controlled BTG: Toward Flexible Emergency Override in Interoperable Medical Systems. EAI Endorsed Transactions on Security and Safety, 6(22), e2. https://doi.org/10.4108/eai.13-7-2018.163213

Issue

Vol. 6 No. 22 (2020): EAI Endorsed Transactions on Security and Safety

Section

Research article

License

Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety

Creative Commons License

This work is licensed under a Creative Commons Attribution 3.0 Unported License.

This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 3.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.