Towards Risk-aware Access Control Framework for Healthcare Information Sharing

Mohamed Abomhara, Geir M. Køien, Vladimir A. Oleshchuk, Mohamed Hamid

Abstract

Access control models play an important role in the response to insider threats such as misuse and unauthorized disclosure of the electronic health records (EHRs). In our previous work in the area of access control, we proposed a work-based access control (WBAC) model that strikes a balance between collaboration and safeguarding sensitive patient information. In this study, we propose a framework for risk assessment that extend the WBAC model by incorporating a risk assessment process, and the trust the system has on its users. Our framework determines the risk associated with access requests (user’s trust level and requested object’s security level) and weighting such risk against the risk appetite and risk threshold of situational conditions. Specifically, an access request will be permitted if the risk threshold outweighs the risk of granting access to information, otherwise it will be denied.

Download


Paper Citation


in Harvard Style

Abomhara M., M. Køien G., Oleshchuk V. and Hamid M. (2018). Towards Risk-aware Access Control Framework for Healthcare Information Sharing.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-282-0, pages 312-321. DOI: 10.5220/0006608103120321


in Bibtex Style

@conference{icissp18,
author={Mohamed Abomhara and Geir M. Køien and Vladimir A. Oleshchuk and Mohamed Hamid},
title={Towards Risk-aware Access Control Framework for Healthcare Information Sharing},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2018},
pages={312-321},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006608103120321},
isbn={978-989-758-282-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Towards Risk-aware Access Control Framework for Healthcare Information Sharing
SN - 978-989-758-282-0
AU - Abomhara M.
AU - M. Køien G.
AU - Oleshchuk V.
AU - Hamid M.
PY - 2018
SP - 312
EP - 321
DO - 10.5220/0006608103120321