Managing Privacy and Effectiveness of Patient-Administered Authorization Policies

2012 ◽  
Vol 3 (2) ◽  
pp. 43-62
Author(s):  
Thomas Trojer ◽  
Basel Katt ◽  
Ruth Breu ◽  
Thomas Schabetsberger ◽  
Richard Mair
Keyword(s):  
Health Care ◽  
Information System ◽  
Access Control ◽  
Data Privacy ◽  
Evaluation Criteria ◽  
Control Policy ◽  
Health Data ◽  
Personal Health ◽  
Access Control Policy ◽  
Authorization Policies

A central building block of data privacy is the individual right of information self-determination. Following from that when dealing with shared electronic health records (SEHR), citizens, as the identified individuals of such records, have to be enabled to decide what medical data can be used in which way by medical professionals. In this context individual preferences of privacy have to be reflected by authorization policies to control access to personal health data. There are two potential challenges when enabling patient-controlled access control policy authoring: First, an ordinary citizen neither can be considered a security expert, nor does she or he have the expertise to fully understand typical activities and workflows within the health-care domain. Thus, a citizen is not necessarily aware of implications her or his access control settings have with regards to the protection of personal health data. Both privacy of citizen’s health-data and the overall effectiveness of a health-care information system are at risk if inadequate access control settings are in place. This paper refers to scenarios of a case study previously conducted and shows how privacy and information system effectiveness can be defined and evaluated in the context of SEHR. The paper describes an access control policy analysis method which evaluates a patient-administered access control policy by considering the mentioned evaluation criteria.

Research on Access Control Policy for Confidential Information System

2012 ◽  
Vol 263-266 ◽  
pp. 3064-3067 ◽  
Author(s):  
Jian Zhang ◽  
Jin Yao ◽  
Kun Huang
Keyword(s):  
Information System ◽  
Access Control ◽  
Control Policy ◽  
Research Topic ◽  
Access Control Policy ◽  
Confidential Information ◽  
Control Policies ◽  
Secure Access ◽  
Access Control Policies ◽  
Secure Access Control

How to achieve secure access control in multi-domain is a hot research topic in the information security field. The access control policy for confidential information system is different from that for ordinary commercial information system, because the former concerns about the confidentiality of the data and the latter concerns about the integrity. Emphatically discusses the access control policies for confidential information system, including single-domain and multi-domain environment, and presents two useful access control policies for multi-domain.

A Trust-Aware Access Control Policy for Cloud Data Protection

2013 ◽  
Vol 411-414 ◽  
pp. 40-44
Author(s):  
Xiao Yong Tang ◽  
Jin Wei Li ◽  
Gui Ping Liao
Keyword(s):  
Cloud Computing ◽  
Access Control ◽  
Data Privacy ◽  
Large Scale ◽  
Control Policy ◽  
Trust Model ◽  
Data Encryption ◽  
Access Control Policy ◽  
Cloud Users ◽  
Cloud User

The use of Cloud computing systems to run large-scale scientific, business and consumer based IT applications has increased rapidly in recent years. More and more Cloud users concern the data privacy protection and security in such systems. A natural way to tackle this problem is to adopt data encryption and access control policy. However, this solution is inevitably introduced a heavy computation overhead. In this paper, we first establish a trust model between Cloud servers and Cloud users. Then, we build the trust-aware attribute-based access control policies according to Cloud user trust level and Cloud request attributes. This technique can give different encryption and decryption data to Cloud user and substantive reduce the computation overhead of Cloud computing.

Sign in / Sign up

Export Citation Format

Share Document