Publication
Information Flow in Disaster Management Systems
Achim Brucker; Dieter Hutter
In: M. Takizawa; A M. Tjoa (Hrsg.). Proceedings of the 5th International Conference on Availability, Reliability and Security 2010. International Conference on Availability, Reliability and Security (ARES-2010), February 15-18, Krakau, Poland, IEEE Computer Society, 1/2010.
Abstract
Collaborations between organizations in the public sector, \eg, fire
brigades, polices, military units, is often done via liaison
officers. A liaison officer liaises between two organizations by
providing a single point of contact and ensuring the efficient
communication and coordination of their activities. Usually an
organization embeds a liaison officer in another organization to
provide face-to-face coordination. Liaison officers demand special
requirements to the security mechanism of the IT infrastructure of
the organization that act as host for a liaison officer.
This holds, in particular, for Disaster Management Information
Systems (DMIS). Such systems need, on the one hand, to support
various ways of communication in a flexible and ad hoc manner. On
the other hand, these systems need to protect, by law, the leakage
of sensitive data.
In this paper, we present a novel mechanism, based on role-based
access control (RBAC), for supporting the flexible and secure
information exchange between organizations using liaison
officers. Our mechanism enables liaison officers to decide on their
own authority which information they wants share with their home
organizations while allowing the host organization to limit the
access of liaisons officers to their system in a fine-grained
manner.