A Policy Enforcement Framework for Internet of Things Applications in the Smart Health

Internet of Things (IoT) is characterized by heterogeneous technologies, which concur to the provisioning of innovative services in different application domains. Introducing efficient mechanisms for collecting, processing, and delivering data generated by sensors, medical equipment, wearable devices, and humans, is a key enabling factor for advanced healthcare services. The adoption of IoT in smart health, however, opens the doors to some security concerns. In fact, by considering the confidentiality and sensitivity of medical data, a healthcare system must fulfill advanced access control procedures with strict security and data quality requirements. To this end, a flexible policy enforcement framework, based on the IoT paradigm, is defined hereby. It is able to face security and quality threats in dynamic large scale and heterogeneous smart hearth environments. As a key feature of the proposed framework, cross-domain policies have been defined using a specification language based on XML. In this way, it becomes possible to ease the management of interactions across different realms and policy conflicts. Moreover, to demonstrate the usefulness of the proposed approach, a running example, based on a smart health application, is detailed throughout the manuscript. This helps to highlight the different facets of the conceived enforcement framework. A preliminary performance analysis also demonstrates its feasibility in large scale environments.