Towards Risk-aware Access Control Framework for Healthcare Information Sharing
Mohamed Abomhara, Geir M. Køien, Vladimir A. Oleshchuk, Mohamed Hamid
2018
Abstract
Access control models play an important role in the response to insider threats such as misuse and unauthorized disclosure of the electronic health records (EHRs). In our previous work in the area of access control, we proposed a work-based access control (WBAC) model that strikes a balance between collaboration and safeguarding sensitive patient information. In this study, we propose a framework for risk assessment that extend the WBAC model by incorporating a risk assessment process, and the trust the system has on its users. Our framework determines the risk associated with access requests (user’s trust level and requested object’s security level) and weighting such risk against the risk appetite and risk threshold of situational conditions. Specifically, an access request will be permitted if the risk threshold outweighs the risk of granting access to information, otherwise it will be denied.
DownloadPaper Citation
in Harvard Style
Abomhara M., M. Køien G., Oleshchuk V. and Hamid M. (2018). Towards Risk-aware Access Control Framework for Healthcare Information Sharing.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-282-0, pages 312-321. DOI: 10.5220/0006608103120321
in Bibtex Style
@conference{icissp18,
author={Mohamed Abomhara and Geir M. Køien and Vladimir A. Oleshchuk and Mohamed Hamid},
title={Towards Risk-aware Access Control Framework for Healthcare Information Sharing},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2018},
pages={312-321},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006608103120321},
isbn={978-989-758-282-0},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Towards Risk-aware Access Control Framework for Healthcare Information Sharing
SN - 978-989-758-282-0
AU - Abomhara M.
AU - M. Køien G.
AU - Oleshchuk V.
AU - Hamid M.
PY - 2018
SP - 312
EP - 321
DO - 10.5220/0006608103120321