Analysis of Healthcare Workflows in Accordance with Access Control Policies

2016 ◽  
Vol 11 (1) ◽  
pp. 1-20 ◽  
Author(s):  
Sandeep Lakaraju ◽  
Dianxiang Xu ◽  
Yong Wang
Keyword(s):  
Access Control ◽  
Sensitive Information ◽  
Control Mechanisms ◽  
Healthcare Organizations ◽  
Sensitive Data ◽  
Healthcare Information ◽  
Control Policies ◽  
Crucial Element ◽  
Access Control Policies ◽  
Context Element

Healthcare information systems deal with sensitive data across complex workflows. They often allow various stakeholders from different environments to access data across organizational boundaries. This elevates the risk of exposing sensitive healthcare information to unauthorized personnel, leading ‘controlling access to resources' a major concern. To prevent unwanted access to sensitive information, healthcare organizations need to adopt effective workflows and access control mechanisms. Many healthcare organizations are not yet considering or do not know how to accommodate the ‘context' element as a crucial element in their workflows and access control policies. The authors envision the future of healthcare where ‘context' will be considered as a crucial element. They can accommodate context through a new element ‘environment' in workflows, and can accommodate context in policies through well-known attribute based access control mechanism (ABAC). This research mainly addresses these problems by proposing a model to integrate workflows and access control policies and thereby identifying workflow activities that are not being protected by access control policies and improving the workflow activities and/or existing access control policies using SARE (Subject, Action, Resource, and environment) elements.

Analysis of Healthcare Workflows in Accordance with Access Control Policies

2020 ◽  
pp. 1378-1400
Author(s):  
Sandeep Lakaraju ◽  
Dianxiang Xu ◽  
Yong Wang
Keyword(s):  
Access Control ◽  
Sensitive Information ◽  
Control Mechanisms ◽  
Healthcare Organizations ◽  
Organizational Boundaries ◽  
Healthcare Information ◽  
Control Policies ◽  
Crucial Element ◽  
Access Control Policies ◽  
Attribute Based Access Control

Healthcare information systems deal with sensitive data across complex workflows. They often allow various stakeholders from different environments to access data across organizational boundaries. This elevates the risk of exposing sensitive healthcare information to unauthorized personnel, leading ‘controlling access to resources' a major concern. To prevent unwanted access to sensitive information, healthcare organizations need to adopt effective workflows and access control mechanisms. Many healthcare organizations are not yet considering or do not know how to accommodate the ‘context' element as a crucial element in their workflows and access control policies. The authors envision the future of healthcare where ‘context' will be considered as a crucial element. They can accommodate context through a new element ‘environment' in workflows, and can accommodate context in policies through well-known attribute based access control mechanism (ABAC). This research mainly addresses these problems by proposing a model to integrate workflows and access control policies and thereby identifying workflow activities that are not being protected by access control policies and improving the workflow activities and/or existing access control policies using SARE (Subject, Action, Resource, and environment) elements.

Analysis of Healthcare Workflows in Accordance with Access Control Policies

2020 ◽  
pp. 277-299
Author(s):  
Sandeep Lakaraju ◽  
Dianxiang Xu ◽  
Yong Wang
Keyword(s):  
Access Control ◽  
Sensitive Information ◽  
Control Mechanisms ◽  
Healthcare Organizations ◽  
Organizational Boundaries ◽  
Healthcare Information ◽  
Control Policies ◽  
Crucial Element ◽  
Access Control Policies ◽  
Attribute Based Access Control

Healthcare information systems deal with sensitive data across complex workflows. They often allow various stakeholders from different environments to access data across organizational boundaries. This elevates the risk of exposing sensitive healthcare information to unauthorized personnel, leading ‘controlling access to resources' a major concern. To prevent unwanted access to sensitive information, healthcare organizations need to adopt effective workflows and access control mechanisms. Many healthcare organizations are not yet considering or do not know how to accommodate the ‘context' element as a crucial element in their workflows and access control policies. The authors envision the future of healthcare where ‘context' will be considered as a crucial element. They can accommodate context through a new element ‘environment' in workflows, and can accommodate context in policies through well-known attribute based access control mechanism (ABAC). This research mainly addresses these problems by proposing a model to integrate workflows and access control policies and thereby identifying workflow activities that are not being protected by access control policies and improving the workflow activities and/or existing access control policies using SARE (Subject, Action, Resource, and environment) elements.

A Contextual Model to Integrate Healthcare Workflows and Access Control Policies

2018 ◽  
pp. 82-103
Author(s):  
Sandeep Kumar Lakkaraju ◽  
Dianxiang Xu ◽  
Yong Wang
Keyword(s):  
Access Control ◽  
World Health ◽  
Critical Element ◽  
Control Mechanisms ◽  
Healthcare Organizations ◽  
Sensitive Data ◽  
Organizational Boundaries ◽  
Control Policies ◽  
Access Control Policies ◽  
Access To Data

In a complex healthcare world, health information technology integrated workflows play a crucial role in improving healthcare workflow efficiency. Healthcare organizations often allow various stakeholders to access sensitive data across organizational boundaries. This increases the need to secure and restrict access to this sensitive data. In a complex environment like healthcare, the need for access to data highly depends on context, and many of the traditional access control mechanisms cannot accommodate “context.” In this process, there is need for healthcare organizations to look for more efficient access control mechanisms which work in accordance with workflows and accommodates “context” as a critical element. As a solution to this problem, this chapter presents a model to integrate workflows and access control policies and thereby identifying workflow activities that are not being protected by access control policies and improving the workflow activities and/or existing access control policies using SARE (subject, action, resource, and environment) elements.

Use of Purpose and Role Based Access Control Mechanisms to Protect Data Within RDBMS

2020 ◽  
Vol 8 (1) ◽  
pp. 82-91
Author(s):  
Suraj Krishna Patil ◽  
Sandipkumar Chandrakant Sagare ◽  
Alankar Shantaram Shelar
Keyword(s):  
Access Control ◽  
Privacy Preservation ◽  
Original Data ◽  
Sensitive Information ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Sensitive Data ◽  
Access To Resources ◽  
Key Factor ◽  
Role Based

Privacy is the key factor to handle personal and sensitive data, which in large chunks, is stored by database management systems (DBMS). It provides tools and mechanisms to access and analyze data within it. Privacy preservation converts original data into some unknown form, thus protecting personal and sensitive information. Different access control mechanisms such as discretionary access control, mandatory access control is used in DBMS. However, they hardly consider purpose and role-based access control in DBMS, which incorporates policy specification and enforcement. The role based access control (RBAC) regulates the access to resources based on the roles of individual users. Purpose based access control (PuBAC) regulates the access to resources based on purpose for which data can be accessed. It regulates execution of queries based on purpose. The PuRBAC system uses the policies of both, i.e. PuBAC and RBAC, to enforce within RDBMS.

Modelling the Impact of Administrative Access Controls on Technical Access Control Measures

2017 ◽  
Vol 30 (4) ◽  
pp. 53-70
Author(s):  
Winfred Yaokumah
Keyword(s):  
Access Control ◽  
Structural Equation ◽  
Partial Least Square ◽  
Least Square ◽  
Control Measures ◽  
Control Mechanisms ◽  
Control Policies ◽  
Access Control Policies ◽  
Access Controls ◽  
The Impact

Almost all computing systems and applications in organizations include some form of access control mechanisms. Managing secure access to computing resources is an important but a challenging task, requiring both administrative and technical measures. This study examines the influence of administrative access control measures on technical access control mechanisms. Based on the four access control clauses defined by ISO/IEC27002, this study develops a model to empirically test the impact of access control policies on systems and applications control activities. The study employs Partial Least Square Structural Equation Modelling (PLS-SEM) to analyze data collected from 223 samples through a survey questionnaire. The results show that the greatest significant impact on applications and systems access control measures is through access control policies mediated by users' responsibilities and accountability and user access management activities. But the direct impact of access control policies on applications and systems access control measures is not significant.

scholarly journals PEP4Django A Policy Enforcement Point for Python Web Applications

2019 ◽  
Author(s):  
Carlos Eduardo Da Silva ◽  
Welkson De Medeiros ◽  
Silvio Sampaio
Keyword(s):  
Access Control ◽  
Web Application ◽  
Web Applications ◽  
Policy Enforcement ◽  
Control Mechanisms ◽  
Business Logic ◽  
Control Policies ◽  
Control Rules ◽  
Access Control Policies ◽  
Policy Enforcement Point

Traditionally, access control mechanisms have been hard-coded into application components. Such approach is error-prone, mixing business logic with access control concerns, and affecting the flexibility of security policies, as is the case with IFRN SUAP Django-based system. The externalization of access control rules allows their decoupling from business logic, through the use of authorization servers where access control policies are stored and queried for computing access decisions. In this context, this paper presents an approach that allows a Django Web application to delegate access control decisions to an external authorization server. The approach has been integrated into an enterprise level system, which has been used for experimentation. The results obtained indicate a negligible overhead, while allowing the modification of access control policies without interrupting the system.

Dynamic Trusted Domain: Preventing Data Leakage of Trusted Subjects

2011 ◽  
Vol 48-49 ◽  
pp. 470-473
Author(s):  
Jun Ma ◽  
Zhi Ying Wang ◽  
Jiang Chun Ren ◽  
Jiang Jiang Wu ◽  
Yong Cheng ◽  
...  
Keyword(s):  
Access Control ◽  
Decision Maker ◽  
Major Complication ◽  
Security Policies ◽  
Sensitive Data ◽  
Control Policies ◽  
Mandatory Access Control ◽  
Access Control Policies ◽  
Security Levels

The existence of trusted subjects is a major complication in implementing multilevel secure (MLS) systems. In MLS, trusted subjects are granted with privileges to perform operations possibly violating mandatory access control policies. It is difficult to prevent them from data leakage with out too strict confinement. This paper reconsiders the privilege from the view of sensitive data and presents a dynamic trusted domain (DTD) mechanism for trusted subjects. In DTD, a domain is associated with a special label structure (LabelVector) distinguishing security policies and builds an isolated environment based on virtualization for a certain trusted subject. The channel for the trusted subject to communicate with outsider is controlled by a trusted request decision maker (TRDM). Only the request satisfies the rules on domain label and security levels can be passed through.

Sign in / Sign up

Export Citation Format

Share Document