Context-aware access control for clinical information systems

Context-aware access control for clinical information systems

Clinical records constitute one of the most sensitive and private information of any individual. With the widespread digitalization of such records - coupled with omnipresence of networks and abundant availability of advanced information communication technologies - personal security and privacy rel...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Khan, M. F. F., Sakamura, K.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
access control
Authentication
Authorization
Clinical diagnosis
clinical information system
Context
context-awareness
DAC
eHealth
eTRON
RBAC
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 128
container_issue
container_start_page 123
container_title
container_volume
creator Khan, M. F. F.
Sakamura, K.
description Clinical records constitute one of the most sensitive and private information of any individual. With the widespread digitalization of such records - coupled with omnipresence of networks and abundant availability of advanced information communication technologies - personal security and privacy related to clinical data is facing a huge challenge. Security in clinical information systems can be addressed at different levels: securing data collection by medical sensors, controlling access to clinical information, designing legislative frameworks for regulating secure usage of clinical information, and so on. In this paper, we focus on the access control issues in healthcare, with the goals of designing and developing access control mechanisms contingent upon various environmental and application-dependent contexts with provision for secure delegation of access-control rights. In particular, we propose a context-aware approach to access control, building on conventional discretionary access control (DAC) and role-based access control (RBAC) models. Taking a holistic view on access control, we effectively address its all four constituent steps of identification, authentication, authorization, and access decision. The eTRON (Entity and Economy TRON) architecture - which advocates use of tamper-resistant chips equipped with functions for mutual authentication and encrypted communication - is used for authentication and implementing the DAC-based delegation of access-control rights. For realizing the authorization and access decision steps, we used the RBAC model and implemented context verification on top of it. Our approach closely follows regulatory and technical standards of the healthcare domain. Evaluation of the proposed system in terms of various security and performance issues showed promising results.
doi_str_mv 10.1109/INNOVATIONS.2012.6207715
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_6207715</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6207715</ieee_id><sourcerecordid>6207715</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-975d28d30d4ed234846444ab796381c2a0f39b93d3fbdedd8c3492544a3cf79f3</originalsourceid><addsrcrecordid>eNotj01LxDAYhCMiqGt_gZf8gdY3edOmOXhYirqFpT1YvC5pPiDSD2kKuv_ewu5chhkeBoYQyiBjDNRL3TTt176r2-Yz48B4VnCQkuU35JGJQuLGKHVLEiXLS2YA8p4kMX7DJgmYC_5AXqt5Wt3fmupfvTiqjXExUrOVyzxQPy_UDGEKRg80TFsc9RrmicZzXN0Yn8id10N0ydV3pHt_66pDemw_6mp_TIOCNVUyt7y0CFY4y1GUohBC6F6qAktmuAaPqldo0ffWWVsaFIrnG4LGS-VxR54vs8E5d_pZwqiX8-l6GP8BBmFLtw</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Context-aware access control for clinical information systems</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Khan, M. F. F. ; Sakamura, K.</creator><creatorcontrib>Khan, M. F. F. ; Sakamura, K.</creatorcontrib><description>Clinical records constitute one of the most sensitive and private information of any individual. With the widespread digitalization of such records - coupled with omnipresence of networks and abundant availability of advanced information communication technologies - personal security and privacy related to clinical data is facing a huge challenge. Security in clinical information systems can be addressed at different levels: securing data collection by medical sensors, controlling access to clinical information, designing legislative frameworks for regulating secure usage of clinical information, and so on. In this paper, we focus on the access control issues in healthcare, with the goals of designing and developing access control mechanisms contingent upon various environmental and application-dependent contexts with provision for secure delegation of access-control rights. In particular, we propose a context-aware approach to access control, building on conventional discretionary access control (DAC) and role-based access control (RBAC) models. Taking a holistic view on access control, we effectively address its all four constituent steps of identification, authentication, authorization, and access decision. The eTRON (Entity and Economy TRON) architecture - which advocates use of tamper-resistant chips equipped with functions for mutual authentication and encrypted communication - is used for authentication and implementing the DAC-based delegation of access-control rights. For realizing the authorization and access decision steps, we used the RBAC model and implemented context verification on top of it. Our approach closely follows regulatory and technical standards of the healthcare domain. Evaluation of the proposed system in terms of various security and performance issues showed promising results.</description><identifier>ISBN: 9781467311007</identifier><identifier>ISBN: 1467311006</identifier><identifier>EISBN: 1467310999</identifier><identifier>EISBN: 1467311014</identifier><identifier>EISBN: 9781467310994</identifier><identifier>EISBN: 9781467311014</identifier><identifier>DOI: 10.1109/INNOVATIONS.2012.6207715</identifier><language>eng</language><publisher>IEEE</publisher><subject>access control ; Authentication ; Authorization ; Clinical diagnosis ; clinical information system ; Context ; context-awareness ; DAC ; eHealth ; eTRON ; RBAC</subject><ispartof>2012 International Conference on Innovations in Information Technology (IIT), 2012, p.123-128</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6207715$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6207715$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Khan, M. F. F.</creatorcontrib><creatorcontrib>Sakamura, K.</creatorcontrib><title>Context-aware access control for clinical information systems</title><title>2012 International Conference on Innovations in Information Technology (IIT)</title><addtitle>INNOVATIONS</addtitle><description>Clinical records constitute one of the most sensitive and private information of any individual. With the widespread digitalization of such records - coupled with omnipresence of networks and abundant availability of advanced information communication technologies - personal security and privacy related to clinical data is facing a huge challenge. Security in clinical information systems can be addressed at different levels: securing data collection by medical sensors, controlling access to clinical information, designing legislative frameworks for regulating secure usage of clinical information, and so on. In this paper, we focus on the access control issues in healthcare, with the goals of designing and developing access control mechanisms contingent upon various environmental and application-dependent contexts with provision for secure delegation of access-control rights. In particular, we propose a context-aware approach to access control, building on conventional discretionary access control (DAC) and role-based access control (RBAC) models. Taking a holistic view on access control, we effectively address its all four constituent steps of identification, authentication, authorization, and access decision. The eTRON (Entity and Economy TRON) architecture - which advocates use of tamper-resistant chips equipped with functions for mutual authentication and encrypted communication - is used for authentication and implementing the DAC-based delegation of access-control rights. For realizing the authorization and access decision steps, we used the RBAC model and implemented context verification on top of it. Our approach closely follows regulatory and technical standards of the healthcare domain. Evaluation of the proposed system in terms of various security and performance issues showed promising results.</description><subject>access control</subject><subject>Authentication</subject><subject>Authorization</subject><subject>Clinical diagnosis</subject><subject>clinical information system</subject><subject>Context</subject><subject>context-awareness</subject><subject>DAC</subject><subject>eHealth</subject><subject>eTRON</subject><subject>RBAC</subject><isbn>9781467311007</isbn><isbn>1467311006</isbn><isbn>1467310999</isbn><isbn>1467311014</isbn><isbn>9781467310994</isbn><isbn>9781467311014</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2012</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotj01LxDAYhCMiqGt_gZf8gdY3edOmOXhYirqFpT1YvC5pPiDSD2kKuv_ewu5chhkeBoYQyiBjDNRL3TTt176r2-Yz48B4VnCQkuU35JGJQuLGKHVLEiXLS2YA8p4kMX7DJgmYC_5AXqt5Wt3fmupfvTiqjXExUrOVyzxQPy_UDGEKRg80TFsc9RrmicZzXN0Yn8id10N0ydV3pHt_66pDemw_6mp_TIOCNVUyt7y0CFY4y1GUohBC6F6qAktmuAaPqldo0ffWWVsaFIrnG4LGS-VxR54vs8E5d_pZwqiX8-l6GP8BBmFLtw</recordid><startdate>201203</startdate><enddate>201203</enddate><creator>Khan, M. F. F.</creator><creator>Sakamura, K.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201203</creationdate><title>Context-aware access control for clinical information systems</title><author>Khan, M. F. F. ; Sakamura, K.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-975d28d30d4ed234846444ab796381c2a0f39b93d3fbdedd8c3492544a3cf79f3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2012</creationdate><topic>access control</topic><topic>Authentication</topic><topic>Authorization</topic><topic>Clinical diagnosis</topic><topic>clinical information system</topic><topic>Context</topic><topic>context-awareness</topic><topic>DAC</topic><topic>eHealth</topic><topic>eTRON</topic><topic>RBAC</topic><toplevel>online_resources</toplevel><creatorcontrib>Khan, M. F. F.</creatorcontrib><creatorcontrib>Sakamura, K.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Khan, M. F. F.</au><au>Sakamura, K.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Context-aware access control for clinical information systems</atitle><btitle>2012 International Conference on Innovations in Information Technology (IIT)</btitle><stitle>INNOVATIONS</stitle><date>2012-03</date><risdate>2012</risdate><spage>123</spage><epage>128</epage><pages>123-128</pages><isbn>9781467311007</isbn><isbn>1467311006</isbn><eisbn>1467310999</eisbn><eisbn>1467311014</eisbn><eisbn>9781467310994</eisbn><eisbn>9781467311014</eisbn><abstract>Clinical records constitute one of the most sensitive and private information of any individual. With the widespread digitalization of such records - coupled with omnipresence of networks and abundant availability of advanced information communication technologies - personal security and privacy related to clinical data is facing a huge challenge. Security in clinical information systems can be addressed at different levels: securing data collection by medical sensors, controlling access to clinical information, designing legislative frameworks for regulating secure usage of clinical information, and so on. In this paper, we focus on the access control issues in healthcare, with the goals of designing and developing access control mechanisms contingent upon various environmental and application-dependent contexts with provision for secure delegation of access-control rights. In particular, we propose a context-aware approach to access control, building on conventional discretionary access control (DAC) and role-based access control (RBAC) models. Taking a holistic view on access control, we effectively address its all four constituent steps of identification, authentication, authorization, and access decision. The eTRON (Entity and Economy TRON) architecture - which advocates use of tamper-resistant chips equipped with functions for mutual authentication and encrypted communication - is used for authentication and implementing the DAC-based delegation of access-control rights. For realizing the authorization and access decision steps, we used the RBAC model and implemented context verification on top of it. Our approach closely follows regulatory and technical standards of the healthcare domain. Evaluation of the proposed system in terms of various security and performance issues showed promising results.</abstract><pub>IEEE</pub><doi>10.1109/INNOVATIONS.2012.6207715</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 9781467311007
ispartof 2012 International Conference on Innovations in Information Technology (IIT), 2012, p.123-128
issn
language eng
recordid cdi_ieee_primary_6207715
source IEEE Electronic Library (IEL) Conference Proceedings
subjects access control
Authentication
Authorization
Clinical diagnosis
clinical information system
Context
context-awareness
DAC
eHealth
eTRON
RBAC
title Context-aware access control for clinical information systems
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-03T18%3A44%3A59IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Context-aware%20access%20control%20for%20clinical%20information%20systems&rft.btitle=2012%20International%20Conference%20on%20Innovations%20in%20Information%20Technology%20(IIT)&rft.au=Khan,%20M.%20F.%20F.&rft.date=2012-03&rft.spage=123&rft.epage=128&rft.pages=123-128&rft.isbn=9781467311007&rft.isbn_list=1467311006&rft_id=info:doi/10.1109/INNOVATIONS.2012.6207715&rft_dat=%3Cieee_6IE%3E6207715%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=1467310999&rft.eisbn_list=1467311014&rft.eisbn_list=9781467310994&rft.eisbn_list=9781467311014&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6207715&rfr_iscdi=true