Controlled information sharing for unspecified emergencies

During emergency situations a key requirement is information sharing. If emergencies are known a-priori, it is possible to specify them using emergency policies, modeling the extra sharing needs usually arising during emergencies. However, there are many situations where emergencies can be unspecified and yet they require a timely information sharing. Therefore, in this paper, we present an extended model which is able to deal with such emergencies. The idea is to open the system to some controlled violations, i.e., those denied access requests that signal the occurrence of an unspecified emergency. We have defined measures to determine whether a denied access request represents an information need for an unspecified emergency or the risk of an attempted abuse, and we have carried out experiments to verify the effectiveness of the proposed measures comparing them with a human-based evaluation.