A Trust and Activity Based Access Control Model for Preserving Privacy and Sensitive Data in a Distributed and Collaborative System: Application to a Healthcare System

2021 ◽  
Vol 16 (1) ◽  
pp. 13
Author(s):  
Rabie Barhoun
Keyword(s):  
Access Control ◽  
Healthcare System ◽  
System Application ◽  
Control Model ◽  
Sensitive Data ◽  
Access Control Model ◽  
Collaborative System

Cloud-Based Identity and Identity Meta-Data

2016 ◽  
pp. 1756-1773
Author(s):  
Grzegorz Spyra ◽  
William J. Buchanan ◽  
Peter Cruickshank ◽  
Elias Ekonomou
Keyword(s):  
Access Control ◽  
Data Model ◽  
Ad Hoc ◽  
Personal Data ◽  
Data Access ◽  
Control Model ◽  
Policy Enforcement ◽  
Sensitive Data ◽  
Access Control Model ◽  
Meta Data

This paper proposes a new identity, and its underlying meta-data, model. The approach enables secure spanning of identity meta-data across many boundaries such as health-care, financial and educational institutions, including all others that store and process sensitive personal data. It introduces the new concepts of Compound Personal Record (CPR) and Compound Identifiable Data (CID) ontology, which aim to move toward own your own data model. The CID model ensures authenticity of identity meta-data; high availability via unified Cloud-hosted XML data structure; and privacy through encryption, obfuscation and anonymity applied to Ontology-based XML distributed content. Additionally CID via XML ontologies is enabled for identity federation. The paper also suggests that access over sensitive data should be strictly governed through an access control model with granular policy enforcement on the service side. This includes the involvement of relevant access control model entities, which are enabled to authorize an ad-hoc break-glass data access, which should give high accountability for data access attempts.

Cloud-Based Identity and Identity Meta-Data

2014 ◽  
Vol 3 (1) ◽  
pp. 49-66 ◽  
Author(s):  
Grzegorz Spyra ◽  
William J Buchanan ◽  
Peter Cruickshank ◽  
Elias Ekonomou
Keyword(s):  
Access Control ◽  
Data Model ◽  
Ad Hoc ◽  
Personal Data ◽  
Data Access ◽  
Control Model ◽  
Policy Enforcement ◽  
Sensitive Data ◽  
Access Control Model ◽  
Meta Data

This paper proposes a new identity, and its underlying meta-data, model. The approach enables secure spanning of identity meta-data across many boundaries such as health-care, financial and educational institutions, including all others that store and process sensitive personal data. It introduces the new concepts of Compound Personal Record (CPR) and Compound Identifiable Data (CID) ontology, which aim to move toward own your own data model. The CID model ensures authenticity of identity meta-data; high availability via unified Cloud-hosted XML data structure; and privacy through encryption, obfuscation and anonymity applied to Ontology-based XML distributed content. Additionally CID via XML ontologies is enabled for identity federation. The paper also suggests that access over sensitive data should be strictly governed through an access control model with granular policy enforcement on the service side. This includes the involvement of relevant access control model entities, which are enabled to authorize an ad-hoc break-glass data access, which should give high accountability for data access attempts.

A Spatio-Situation-Based Access Control Model for Dynamic Permission on Mobile Applications

2017 ◽  
pp. 142-165
Author(s):  
Xian Shao ◽  
Steven A. Demurjian ◽  
Thomas P. Agresta
Keyword(s):  
Access Control ◽  
Mobile Applications ◽  
Control Model ◽  
Patient Data ◽  
Role Based Access Control ◽  
Sensitive Data ◽  
Access Control Model ◽  
Data Repositories ◽  
Role Based ◽  
Dynamic Authorization

As users are now able to take their mobile devices from location to location, there has been a transition from a static program running on a PC/laptop to a dynamic application that can adapt based on a variety of conditions and criteria. This highlights an emerging need to support dynamic permissions of mobile applications as a user moves from location to location based and perform different actions in particular situation. This chapter presents a Spatio-Situation-Based Access Control model that extends role-based access control to secure sensitive data for mobile applications with the ability to make dynamic authorization decisions according to the time/location and the particular situation being encountered by a user. To demonstrate the feasibility of the work, a realistic healthcare scenario examines the complex workflow of treating a patient by a physician utilizing a mobile health (mHealth) app to access patient data, as she/he moves among multiple locations at different times throughout the day/week requiring access to different patient data repositories at different times.

An Extended Attribute-Based Access Control (ABAC) Model for Distributed Collaborative Healthcare System

2019 ◽  
Vol 10 (4) ◽  
pp. 81-94 ◽  
Author(s):  
Rabie Barhoun ◽  
Maryam Ed-daibouni ◽  
Abdelwahed Namir
Keyword(s):  
Access Control ◽  
Healthcare System ◽  
Control Model ◽  
Access Control Model ◽  
Medical Activity ◽  
Healthcare Environment ◽  
Decision Mechanism ◽  
Large Numbers ◽  
Attribute Based Access Control ◽  
Control Order

The healthcare system is a real example of a distributed collaborative system, which aims to improve the patient's healthcare. The most important requirements of the healthcare system are the sensitivity of the medical data processed, large numbers of medical and para-medical interveners, as well as the medical treatment activity is a non-static process. Protecting data from unauthorized access and data sharing security in the healthcare environment is a critical process that influences system credibility. To achieve this goal and to meet the requirements of the healthcare system, the authors propose an extended Attribute-Based Access Control (ABAC) model by introducing the medical activity concept. This article defines the medical activity concept as an abstraction of collaboration in a care unit, defined by a medical activity purpose, in which the collaborators (or actors) realize their tasks in order to achieve the treatment purpose. The current access control model ABAC and these variants do not take into account the (business process) activity concept in the decision mechanism. In this paper, the authors propose a new access control model, called Medical-Activity-Attribute-Based Access Control (MA-ABAC), which can effectively enhance the security for healthcare system and produce more perfect and flexible mechanism of access control; order to strongly respond to the requirements of the distributed healthcare environment.

Sign in / Sign up

Export Citation Format

Share Document