Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Flexible team-based access control using contexts
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Aspect-oriented programming: Introduction
Communications of the ACM
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A role-based delegation framework for healthcare information systems
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Dynamically authorized role-based access control for secure distributed computation
Proceedings of the 2002 ACM workshop on XML security
Cerberus: A Context-Aware Security Scheme for Smart Spaces
PERCOM '03 Proceedings of the First IEEE International Conference on Pervasive Computing and Communications
Trustworthiness in Distributed Electronic Healthcare Records-Basis for Shared Care
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A Framework for Multiple Authorization Types in a Healthcare Application System
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Dynamic Context-aware Access Control for Grid Applications
GRID '03 Proceedings of the 4th International Workshop on Grid Computing
Applications of context-aware computing in hospital work: examples and design principles
Proceedings of the 2004 ACM symposium on Applied computing
A case study in access control requirements for a Health Information System
ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
A Trust-based Context-Aware Access Control Model for Web-Services
ICWS '04 Proceedings of the IEEE International Conference on Web Services
Context sensitive access control
Proceedings of the tenth ACM symposium on Access control models and technologies
Fine-Granularity Access Control in 3-Tier Laboratory Information Systems
IDEAS '05 Proceedings of the 9th International Database Engineering & Application Symposium
Research Issues of Privacy Access Control Model for Mobile Ad Hoc Healthcare Applications with XACML
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 02
Modeling and Enforcing Advanced Access Control Policies in Healthcare Systems with Sectet
Models in Software Engineering
Engineering a Policy-Based System for Federated Healthcare Databases
IEEE Transactions on Knowledge and Data Engineering
Behavior-Based Access Control for Distributed Healthcare Environment
CBMS '08 Proceedings of the 2008 21st IEEE International Symposium on Computer-Based Medical Systems
A security policy model for clinical information systems
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
ISWC'06 Proceedings of the 5th international conference on The Semantic Web
Hi-index | 0.00 |
Sensitivity of clinical data and strict rules regarding data sharing have caused privacy and security to be critical requirements for using patient profiles in distributed healthcare systems. The amalgamation of new information technology with traditional healthcare workflows for sharing patient profiles has made the whole system vulnerable to privacy and security breaches. Standardization organizations are developing specifications to satisfy the required privacy and security requirements. In this paper we present a novel access control model compliant with healthcare standards based on a framework designed for data and service interoperability in the healthcare domain. The proposed model for customizable access control captures the dynamic behavior of the user and determines access rights accordingly.The model is generic and flexible in the sense that an access control engine dynamically receives security effective parameters from the subject user, and identifies the privilege level in accessing data using different specialized components within the engine. Standard data representation formats and ontologies are used to make the model compatible with different healthcare systems. The access control engine employs an approach to follow the user's behavior and navigates among engine components to provide the user's privilege to access a resource. A simulation environment is implemented to evaluate and test the proposed model.