A Purpose Model and Policy Enforcement Engine for Usage Control in Distributed Healthcare Information System

Annanda Thavymony Rath, Jean-Noël Colin

Abstract

This paper addresses two issues: the purpose model designed for distributed healthcare and the purpose-based usage policy enforcement engine based on our purpose-based UCON (the extended UCON model). UCON has been proposed and applied to support security requirements in different computing environments such as resources sharing in collaborative computing systems and data control in remote users or platforms, but apparently absent in its core model is “purpose”, which is important for formulating a more sound privacy sensitive policy. In this paper, by observing a lack of comprehensive enforcement mechanism for purpose, we extend the UCON core model to explicitly support purpose expression and then propose a usage purpose enforcement engine, particularly for ongoing-enforcement, applied in distributed healthcare information system.

References

  1. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R. (2001). Proposed NIST Standard for Role-Based Access Control. In ACM Transactions on Information and System Security, pages 4(3):222- 274.
  2. Ji-Won, B., Elisa, B., and Ninghui, L. (2005). Purpose based access control of complex data for privacy protection. In Proceedings of the tenth ACM symposium on Access control models and technologies, SACMAT 7805, pages 102-110, New York, NY, USA. ACM.
  3. Katt, B., Zhang, X., Breu, R., Hafner, M., and Seifert, J.- P. (2008). A general obligation model and continuity: enhanced policy enforcement engine for usage control. In Proceedings of the 13th ACM symposium on Access control models and technologies, SACMAT 7808, pages 123-132, New York, NY, USA. ACM.
  4. Li, W. and Hoang, D. (2009). A new security scheme for e-health system. In Proceedings of the 2009 International Symposium on Collaborative Technologies and Systems, pages 361-366, Washington, DC, USA. IEEE Computer Society.
  5. Mohammad, J., Philip, F., Reihaneh, S.-N., Ken, B., and Paul, S. N. (2011). Towards defining semantic foundations for purpose-based privacy policies. In Proceedings of the first ACM conference on Data and application security and privacy, CODASPY 7811, pages 213-224, New York, NY, USA. ACM.
  6. Park, J. and Sandhu, R. (2004). The uconabc usage control model. ACM Trans. Inf. Syst. Secur., 7:128-174.
  7. Park, J. and Ravi, S. (2002). Towards usage control models: beyond traditional access control. In Proceedings of the seventh ACM symposium on Access control models and technologies, SACMAT 7802, pages 57-64, New York, NY, USA. ACM.
  8. Rath, A. and Colin, J.-N. (2012a). Analogue attacks in e-health: Issues and solutions. CeHPSA - 2012 : 2nd IEEE International Workshop on Consumer eHealth Platforms, Services and Applications (CeHPSA)(accepted but unpublished).
  9. Rath, A. and Colin, J.-N. (2012b). Patient privacy preservation: P-RBAC vs OrBAC in patient controlled records type of centralized healthcare information system. case study of walloon healthcare network, belgium. The Fourth International Conference on eHealth, Telemedicine, and Social Medicine eTELEMED 2012, 4:111-118.
  10. Zhang, X., Parisi-Presicce, F., Sandhu, R., and Park, J. (2005). Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur., 8:351-387.
Download


Paper Citation


in Harvard Style

Thavymony Rath A. and Colin J. (2013). A Purpose Model and Policy Enforcement Engine for Usage Control in Distributed Healthcare Information System . In Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013) ISBN 978-989-8565-37-2, pages 174-180. DOI: 10.5220/0004223201740180


in Bibtex Style

@conference{healthinf13,
author={Annanda Thavymony Rath and Jean-Noël Colin},
title={A Purpose Model and Policy Enforcement Engine for Usage Control in Distributed Healthcare Information System},
booktitle={Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013)},
year={2013},
pages={174-180},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004223201740180},
isbn={978-989-8565-37-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013)
TI - A Purpose Model and Policy Enforcement Engine for Usage Control in Distributed Healthcare Information System
SN - 978-989-8565-37-2
AU - Thavymony Rath A.
AU - Colin J.
PY - 2013
SP - 174
EP - 180
DO - 10.5220/0004223201740180