
access attempts in real-time, thereby strengthening
the overall security of emergency PHI access.
ACKNOWLEDGEMENTS
This work was partially supported by the U.S. Na-
tional Science Foundation under Grant No. 1822118
and 2226232, the member partners of the NSF IU-
CRC Center for Cyber Security Analytics and Au-
tomation – Statnett, AMI, NewPush, Cyber Risk Re-
search, NIST, and ARL – the State of Colorado (grant
#SB 18-086), and the authors’ institutions. Any opin-
ions, findings, conclusions, or recommendations ex-
pressed in this material are those of the authors and
do not necessarily reflect the views of the National
Science Foundation or other organizations and agen-
cies.
REFERENCES
Aitzhan, N. Z. and Svetinovic, D. (2016). Security
and privacy in decentralized energy trading through
multi-signatures, blockchain and anonymous messag-
ing streams. IEEE transactions on dependable and
secure computing, 15(5):840–852.
Al Amin, M., Altarawneh, A., and Ray., I. (2023). Informed
consent as patient driven policy for clinical diagnosis
and treatment: A smart contract based approach. In
Proceedings of the 20th International Conference on
Security and Cryptography - SECRYPT, pages 159–
170. INSTICC, SciTePress.
Al Amin, M., Tummala, H., Shah, R., and Ray., I. (2024).
Balancing patient privacy and health data security:
The role of compliance in protected health informa-
tion (phi) sharing. In Proceedings of the 21st Inter-
national Conference on Security and Cryptography -
SECRYPT, pages 211–223. INSTICC, SciTePress.
Albrecht, J. S., Khokhar, B., Pradel, F., Campbell, M.,
Palmer, J., Harris, I., and Palumbo, F. (2015). Per-
ceptions of patient provider agreements. Journal of
Pharmaceutical Health Services Research, 6(3):139–
144.
Aski, V., Dhaka, V. S., and Parashar, A. (2021). An
attribute-based break-glass access control framework
for medical emergencies. In Innovations in Computa-
tional Intelligence and Computer Vision: Proceedings
of ICICV 2020, pages 587–595. Springer.
Bael, D. V., Kalantari, S., Put, A., and Decker, B. D. (2020).
A context-aware break glass access control system for
iot environments. In 7th International Conference on
Internet of Things: Systems, Management, and Secu-
rity (IOTSMS), pages 20–27. IEEE.
Conte de Leon, D., Stalick, A. Q., Jillepalli, A. A., Haney,
M. A., and Sheldon, F. T. (2017). Blockchain: prop-
erties and misconceptions. Asia Pacific Journal of In-
novation and Entrepreneurship, 11(3):286–300.
Fern
´
andez-Alem
´
an, J. L., Se
˜
nor, I. C., Lozoya, P.
´
A. O., and
Toval, A. (2013). Security and privacy in electronic
health records: A systematic literature review. Journal
of biomedical informatics, 46(3):541–562.
Ferreira, A., Cruz-Correia, R., Antunes, L., Farinha, P.,
Oliveira-Palhares, E., Chadwick, D. W., and Costa-
Pereira, A. (2006). How to break access control in
a controlled manner. In 19th IEEE Symposium on
Computer-Based Medical Systems (CBMS’06), pages
847–854. IEEE.
Gangwal, A., Gangavalli, H. R., and Thirupathi, A. (2023).
A survey of layer-two blockchain protocols. Journal
of Network and Computer Applications, 209:103539.
Gudgeon, L., Moreno-Sanchez, P., Roos, S., McCorry, P.,
and Gervais, A. (2020). Sok: Layer-two blockchain
protocols. In Financial Cryptography and Data Se-
curity: 24th International Conference, FC 2020, Kota
Kinabalu, Malaysia, February 10–14, 2020 Revised
Selected Papers 24, pages 201–226. Springer.
Haeberlen, A., Kouznetsov, P., and Druschel, P. (2007).
Peerreview: Practical accountability for distributed
systems. ACM SIGOPS operating systems review,
41(6):175–188.
Kim, S. and Hwang, S. (2023). Etherdiffer: Differential
testing on rpc services of ethereum nodes. In Pro-
ceedings of the 31st ACM Joint European Software
Engineering Conference and Symposium on the Foun-
dations of Software Engineering, pages 1333–1344.
King, J., Patel, V., Jamoom, E. W., and Furukawa, M. F.
(2014). Clinical benefits of electronic health record
use: national findings. Health services research,
49(1pt2):392–404.
Lee, W.-M. (2023). Using the metamask crypto-wallet. In
Beginning Ethereum Smart Contracts Programming:
With Examples in Python, Solidity, and JavaScript,
pages 111–144. Springer.
Loos, M. (2020). Break-glass access control systems
in medical devices. RTDS, WS 2020, Institute of
Distributed Systems, Ulm University. This work
is licensed under a Creative Commons Attribution-
ShareAlike 4.0 International License.
Menachemi, N. and Collum, T. H. (2011). Benefits and
drawbacks of electronic health record systems. Risk
management and healthcare policy, pages 47–55.
Mulamba, D. and Ray, I. (2017). Resilient reference moni-
tor for distributed access control via moving target de-
fense. In Data and Applications Security and Privacy
XXXI: 31st Annual IFIP WG 11.3 Conference, DBSec
2017, Philadelphia, PA, USA, July 19-21, 2017, Pro-
ceedings 31, pages 20–40. Springer.
Schefer-Wenzl, S., Bukvova, H., and Strembeck, M. (2013).
A review of delegation and break-glass models for
flexible access control management. In Proceed-
ings of the International Conference on Security and
Trust Management, pages 1–12. University of Applied
Sciences Campus Vienna and WU Vienna, Austria,
Springer.
Yang, Y., Liu, X., and Deng, R. H. (2017). Lightweight
break-glass access control system for healthcare
internet-of-things. IEEE Transactions on Industrial
Informatics, 14(8):3610–3617.
SECRYPT 2025 - 22nd International Conference on Security and Cryptography
208