A novel approach of privacy-preserving data sharing system through data-tagging with role-based access control

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Tanvi Garg ◽  
Navid Kagalwalla ◽  
Shubha Puthran ◽  
Prathamesh Churi ◽  
Ambika Pawar
Keyword(s):  
Health Care ◽  
Access Control ◽  
International Classification Of Diseases ◽  
Role Based Access Control ◽  
Content Type ◽  
Health Care Data ◽  
Novel Approach ◽  
Classification Of Diseases ◽  
Role Based ◽  
Access Policies

Purpose This paper aims to design a secure and seamless system that ensures quick sharing of health-care data to improve the privacy of sensitive health-care data, the efficiency of health-care infrastructure, effective treatment given to patients and encourage the development of new health-care technologies by researchers. These objectives are achieved through the proposed system, a “privacy-aware data tagging system using role-based access control for health-care data.” Design/methodology/approach Health-care data must be stored and shared in such a manner that the privacy of the patient is maintained. The method proposed, uses data tags to classify health-care data into various color codes which signify the sensitivity of data. It makes use of the ARX tool to anonymize raw health-care data and uses role-based access control as a means of ensuring only authenticated persons can access the data. Findings The system integrates the tagging and anonymizing of health-care data coupled with robust access control policies into one architecture. The paper discusses the proposed architecture, describes the algorithm used to tag health-care data, analyzes the metrics of the anonymized data against various attacks and devises a mathematical model for role-based access control. Originality/value The paper integrates three disparate topics – data tagging, anonymization and role-based access policies into one seamless architecture. Codifying health-care data into different tags based on International Classification of Diseases 10th Revision (ICD-10) codes and applying varying levels of anonymization for each data tag along with role-based access policies is unique to the system and also ensures the usability of data for research.

scholarly journals A Survey on Securing and Optimizing Health Care Bigdata

2018 ◽  
Vol 7 (4.10) ◽  
pp. 504
Author(s):  
K. Kavitha ◽  
D. Anuradha ◽  
P. Pandian
Keyword(s):  
Health Care ◽  
Big Data ◽  
Access Control ◽  
Mathematical Optimization ◽  
Optimization Techniques ◽  
Role Based Access Control ◽  
Attribute Based Access Control ◽  
Optimization And Simulation ◽  
Role Based ◽  
The Cost

Huge amount of health care data are available online to improve the overall performance of health care system. Since this huge health care Big-data is valuable and sensitive, it requires safety. In this paper we analyze numerous ways in which the health care Big-data can be protected. In recent days many augmented security algorithm that are suitable for Big-data have emerged like, El-Gamal, Triple-DES, and Homomorphic algorithms. Also authentication and access control can be implemented over Big-data using Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) schemes.Along with security to Big-data we try to evolve the ways in which the valuable Big-data can be optimized to improve the Big-data analysis. Mathematical optimization techniques such as simple and multi-purpose optimization and simulation are employed in Big-data to maximize the patient satisfaction and usage of doctor’s consulting facility. And also, to minimize the cost spent by patient and energy wasted.  

Adding Context into an Access Control Model for Computer Security Policy

2011 ◽  
pp. 439-456
Author(s):  
Shangping Ren ◽  
Jeffrey J.P. Tsai ◽  
Ophir Frieder
Keyword(s):  
Access Control ◽  
Computer Security ◽  
Security Policy ◽  
Contextual Information ◽  
Control Model ◽  
External Information ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Role Based ◽  
Access Policies

In this chapter, we present the role-based context constrained access control (RBCC) model. The model integrates contextual constraints specified in first-order logic with the standard role-based access control (RBAC). In the RBCC access control model, the permission assignment functions are constrained by the user’s current accessing contexts. The accessing contests are further categorized in two classes, that is, system contexts and application contexts. System contexts may contain accessing time, accessing location, and other security-related system information; while application contexts are abstractions of relationships among different types of entities (i.e., subjects, roles, and objects) as well as implicit relationships derived from protected information content and external information. The ability to integrate contextual information allows the RBCC model to be flexible and capable of specifying a variety of complex access policies and providing tight and just-intime permission activations. A set of medical domain examples will be used to demonstrate the expressiveness of the RBCC model.

Towards a flexible framework to support a generalized extension of XACML for spatio-temporal RBAC model with reasoning ability

2014 ◽  
Vol 10 (2) ◽  
pp. 131-150 ◽  
Author(s):  
Tran Khanh Dang ◽  
Tuyen Thi Kim Le ◽  
Anh Tuan Dang ◽  
Ha Duc Son Van
Keyword(s):  
Access Control ◽  
Research Result ◽  
Security Requirements ◽  
Role Based Access Control ◽  
Reasoning Ability ◽  
Content Type ◽  
Flexible Framework ◽  
Spatio Temporal ◽  
Role Based ◽  
Suitable Framework

Purpose – The paper aims to propose a flexible framework to support X-STROWL model. Extensible access control markup language (XACML) is an international standard used for access control in distributed systems. However, XACML and its existing extensions are not sufficient to fulfill sophisticated security requirements (e.g. access control based on user’s roles, context-aware authorizations and the ability of reasoning). Remarkably, X-STROWL, a generalized extension of XACML for spatiotemporal role-based access control (RBAC) model with reasoning ability, is a comprehensive model that overcomes these shortcomings. It mainly focuses on the architecture design as well as the implementation and evaluation of proposed framework and the comparison with others. Design/methodology/approach – Based on the concept of X-STROWL model, the paper reviewed a large amount of open sources implementing XACML with defined criteria and chose the most suitable framework to be extended for the implementation. The paper also presented a case study used to evaluate the research result. Findings – Holistic enterprise-ready application security framework – architecture framework (HERAS-AF) is chosen as the most suitable framework to be extended to implement X-STROWL model. Extending HERAS-AF to support spatiotemporal aspect and other contextual conditions as well as the way to integrate security in the access request, together with ability of reasoning for hierarchical roles, are striking features that make the proposed framework able to meet more sophisticated security requirements in comparison with others. Research limitations/implications – Due to the research content, the performance of proposed framework is not the focused issue of this work. Originality/value – The proposed framework is a crucial contribution of our research to provide a holistic, extensible and intelligent authorization decision engine.

scholarly journals On automated RBAC assessment by constructing a centralized perspective for microservice mesh

2021 ◽  
Vol 7 ◽  
pp. e376
Author(s):  
Dipta Das ◽  
Andrew Walker ◽  
Vincent Bushong ◽  
Jan Svacina ◽  
Tomas Cerny ◽  
...  
Keyword(s):  
Access Control ◽  
Software Development ◽  
Communication Pattern ◽  
Role Based Access Control ◽  
Penetration Testing ◽  
Novel Approach ◽  
Unified View ◽  
Role Based ◽  
Rest Api ◽  
Software Services

It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies.

scholarly journals Automated identification of diagnostic labelling errors in medicine

Diagnosis ◽  
2021 ◽  
Vol 0 (0) ◽  
Author(s):  
Wolf E. Hautz ◽  
Moritz M. Kündig ◽  
Roger Tschanz ◽  
Tanja Birrenbach ◽  
Alexander Schuster ◽  
...  
Keyword(s):  
Health Care ◽  
Diagnostic Error ◽  
International Classification Of Diseases ◽  
Index Test ◽  
Reference Standard ◽  
Operating Characteristics ◽  
Automated Identification ◽  
Health Care Data ◽  
Classification Of Diseases ◽  
Definition Of

Abstract Objectives Identification of diagnostic error is complex and mostly relies on expert ratings, a severely limited procedure. We developed a system that allows to automatically identify diagnostic labelling error from diagnoses coded according to the international classification of diseases (ICD), often available as routine health care data. Methods The system developed (index test) was validated against rater based classifications taken from three previous studies of diagnostic labeling error (reference standard). The system compares pairs of diagnoses through calculation of their distance within the ICD taxonomy. Calculation is based on four different algorithms. To assess the concordance between index test and reference standard, we calculated the area under the receiver operating characteristics curve (AUROC) and corresponding confidence intervals. Analysis were conducted overall and separately per algorithm and type of available dataset. Results Diagnoses of 1,127 cases were analyzed. Raters previously classified 24.58% of cases as diagnostic labelling errors (ranging from 12.3 to 87.2% in the three datasets). AUROC ranged between 0.821 and 0.837 overall, depending on the algorithm used to calculate the index test (95% CIs ranging from 0.8 to 0.86). Analyzed per type of dataset separately, the highest AUROC was 0.924 (95% CI 0.887–0.962). Conclusions The trigger system to automatically identify diagnostic labeling error from routine health care data performs excellent, and is unaffected by the reference standards’ limitations. It is however only applicable to cases with pairs of diagnoses, of which one must be more accurate or otherwise superior than the other, reflecting a prevalent definition of a diagnostic labeling error.

A Clark-Wilson and ANSI role-based access control model

2020 ◽  
Vol 28 (3) ◽  
pp. 373-395
Author(s):  
Tamir Tsegaye ◽  
Stephen Flowerday
Keyword(s):  
Content Analysis ◽  
Access Control ◽  
Patient Information ◽  
Secondary Data ◽  
Security And Privacy ◽  
Role Based Access Control ◽  
Content Type ◽  
Wilson Model ◽  
Key Concepts ◽  
Role Based

Purpose An electronic health record (EHR) enables clinicians to access and share patient information electronically and has the ultimate goal of improving the delivery of healthcare. However, this can create security and privacy risks to patient information. This paper aims to present a model for securing the EHR based on role-based access control (RBAC), attribute-based access control (ABAC) and the Clark-Wilson model. Design/methodology/approach A systematic literature review was conducted which resulted in the collection of secondary data that was used as the content analysis sample. Using the MAXQDA software program, the secondary data was analysed quantitatively using content analysis, resulting in 2,856 tags, which informed the discussion. An expert review was conducted to evaluate the proposed model using an evaluation framework. Findings The study found that a combination of RBAC, ABAC and the Clark-Wilson model may be used to secure the EHR. While RBAC is applicable to healthcare, as roles are linked to an organisation’s structure, its lack of dynamic authorisation is addressed by ABAC. Additionally, key concepts of the Clark-Wilson model such as well-formed transactions, authentication, separation of duties and auditing can be used to secure the EHR. Originality/value Although previous studies have been based on a combination of RBAC and ABAC, this study also uses key concepts of the Clark-Wilson model for securing the EHR. Countries implementing the EHR can use the model proposed by this study to help secure the EHR while also providing EHR access in a medical emergency.

Sign in / Sign up

Export Citation Format

Share Document