Behavior-based access control for distributed healthcare systems

Authors:
Mohammad H. Yarmand;Kamran Sartipi;Douglas G. Down
Affiliations:
Department of Computing and Software, McMaster University, Hamilton, ON, Canada. E-mails: {yarmanmh, downd}@mcmaster.ca;Faculty of Engineering and Applied Science, University of Ontario Institute of Technology, Oshawa, ON, Canada. E-mail: kamran.sartipi@uoit.ca;Department of Computing and Software, McMaster University, Hamilton, ON, Canada. E-mails: {yarmanmh, downd}@mcmaster.ca
Venue:
Journal of Computer Security
Year:
2013

Citing 23
Cited 0

Role templates for content-based access control

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Flexible team-based access control using contexts

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Access control mechanisms for inter-organizational workflow

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Aspect-oriented programming: Introduction

Communications of the ACM
A scenario-driven role engineering process for functional RBAC roles

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A role-based delegation framework for healthcare information systems

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Dynamically authorized role-based access control for secure distributed computation

Proceedings of the 2002 ACM workshop on XML security
Cerberus: A Context-Aware Security Scheme for Smart Spaces

PERCOM '03 Proceedings of the First IEEE International Conference on Pervasive Computing and Communications
Trustworthiness in Distributed Electronic Healthcare Records-Basis for Shared Care

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A Framework for Multiple Authorization Types in a Healthcare Application System

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Dynamic Context-aware Access Control for Grid Applications

GRID '03 Proceedings of the 4th International Workshop on Grid Computing
Applications of context-aware computing in hospital work: examples and design principles

Proceedings of the 2004 ACM symposium on Applied computing
A case study in access control requirements for a Health Information System

ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
A Trust-based Context-Aware Access Control Model for Web-Services

ICWS '04 Proceedings of the IEEE International Conference on Web Services
Context sensitive access control

Proceedings of the tenth ACM symposium on Access control models and technologies
Fine-Granularity Access Control in 3-Tier Laboratory Information Systems

IDEAS '05 Proceedings of the 9th International Database Engineering & Application Symposium
Research Issues of Privacy Access Control Model for Mobile Ad Hoc Healthcare Applications with XACML

AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 02
Modeling and Enforcing Advanced Access Control Policies in Healthcare Systems with Sectet

Models in Software Engineering
Engineering a Policy-Based System for Federated Healthcare Databases

IEEE Transactions on Knowledge and Data Engineering
Behavior-Based Access Control for Distributed Healthcare Environment

CBMS '08 Proceedings of the 2008 21st IEEE International Symposium on Computer-Based Medical Systems
A security policy model for clinical information systems

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
A semantic context-aware access control framework for secure collaborations in pervasive computing environments

ISWC'06 Proceedings of the 5th international conference on The Semantic Web

Quantified Score

Hi-index	0.00

Visualization

Abstract

Sensitivity of clinical data and strict rules regarding data sharing have caused privacy and security to be critical requirements for using patient profiles in distributed healthcare systems. The amalgamation of new information technology with traditional healthcare workflows for sharing patient profiles has made the whole system vulnerable to privacy and security breaches. Standardization organizations are developing specifications to satisfy the required privacy and security requirements. In this paper we present a novel access control model compliant with healthcare standards based on a framework designed for data and service interoperability in the healthcare domain. The proposed model for customizable access control captures the dynamic behavior of the user and determines access rights accordingly.The model is generic and flexible in the sense that an access control engine dynamically receives security effective parameters from the subject user, and identifies the privilege level in accessing data using different specialized components within the engine. Standard data representation formats and ontologies are used to make the model compatible with different healthcare systems. The access control engine employs an approach to follow the user's behavior and navigates among engine components to provide the user's privilege to access a resource. A simulation environment is implemented to evaluate and test the proposed model.