Ph.D. Oral Comprehensive: Attribute/Behavior- Based Access Control and Its Application in Healthcare
Ph.D. Oral Comprehensive
Supervisors: Drs. Saeed Samet, Ting Hu
Attribute/Behavior- Based Access Control and Its Application in Healthcare System
Department of Computer Science
Thursday, April 26, 2018, 2:00 p.m., Room EN 2022
Nowadays, access control is an indispensable part of the Personal Health Record systems and supplies confidentiality by enforcing policies and rules to ensure that only authorized users gain access to requested resources in the system. In other words, in healthcare systems access control means protecting patient privacy. Attribute-Based Access Control is a new access control model that can be used instead of other traditional types of access control such as Discretionary Access Control, Mandatory Access Control, and Role-Based Access Control. During the last five years Attribute-Based Access Control has had some applications both in recent academic fields and for industry purposes. Attribute-Based Access Control makes decisions according to the access requests by utilizing users' as well as resources' attributes. However, it still endures a quandary of how to permit the real eligible users to access the patient records while blocking abnormal accesses by the authorized users of the system. In this thesis proposal, a Attribute/Behavior-Based Access Control has been introduced with its application for the healthcare environment by understanding the healthcare standards and deriving its security requirements. Not only does the Behavior- Based Access Control use the user/resource attributes, but it also utilizes their behaviors to detect the malicious users even with valid attributes. This model principally uses the behaviors of both the user and the resources to grant or deny access requests. The concept of the behavior of user and resource will be introduced in this work. In an attempt to identify these kind of behaviors, a dataset containing users and their assigned access will be analyzed.