A Risk-aware Access Control Model for Biomedical Research Platforms

Radja Badji, Fida K. Dankar

Abstract

Data sharing and collaboration are important success factors for modern biomedical research. As biomedical data contains sensitive information, any mechanism that governs biomedical data sharing should protect subjects’ privacy while providing high-utility data in an efficient and prompt manner. The use of biomedical data for research has been studied extensively from the legal aspect. Several regulations control its use and sharing to limit privacy risks. However, current sharing mechanisms can be a barrier to the research community needs. Going through the IRB process is time consuming and will become a bottleneck for the intensive data need of the biomedical research community. Alternatively, creating a universal de-identified research sub-dataset accessible through honest-broker-systems will not satisfy all research use-cases, as stringent de-identification methods can reduce data utility. A risk-aware access control model is a good alternative toward making data more available. In such a model, data requests are evaluated against their incurred privacy risks, and are granted access after the application of appropriate protection levels. In this paper, we describe a formal risk-aware model that will be used in the access control layer and describe the different risk components that can be combined to provide a decision against a data access request.

References

Download


Paper Citation


in Harvard Style

Badji R. and Dankar F. (2018). A Risk-aware Access Control Model for Biomedical Research Platforms.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-282-0, pages 322-328. DOI: 10.5220/0006608403220328


in Bibtex Style

@conference{icissp18,
author={Radja Badji and Fida K. Dankar},
title={A Risk-aware Access Control Model for Biomedical Research Platforms},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2018},
pages={322-328},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006608403220328},
isbn={978-989-758-282-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Risk-aware Access Control Model for Biomedical Research Platforms
SN - 978-989-758-282-0
AU - Badji R.
AU - Dankar F.
PY - 2018
SP - 322
EP - 328
DO - 10.5220/0006608403220328