Seminar: Attribute/Behavior-Based Access Control and Its Application in Healthcare System
Majid Afshar Noghondari
Ph.D. Oral Comprehensive (Re-examination)
Supervisory Committee: Drs. Saeed Samet, Hamid Usefi and Adrian Fiech
Attribute/Behavior-Based Access Control and Its Application in Healthcare System
Department of Computer Science
Thursday, December 20, 2018, 11:00a.m., Room EN 2022
Nowadays, access control is an indispensable part of the Personal Health Record systems and supplies confidentiality by enforcing access policies and rules to ensure that only authorized users gain access to requested resources in the system. In other words, in healthcare systems access control means protecting patient privacy. Attribute-Based Access Control is a new access control model that can be used instead of other traditional types of access control such as Discretionary Access Control, Mandatory Access Control, and Role-Based Access Control. During the last five years Attribute-Based Access Control has had some applications both in recent academic fields and for industry purposes. Attribute-Based Access Control makes decisions according to the access requests by utilizing users' as well as resources' attributes. However, it still endures a quandary of how to permit the real eligible users to access the patient records while blocking abnormal accesses by the authorized users of the system. In this thesis proposal, an Attribute/Behavior-Based Access Control has been introduced with its application for the healthcare environment by understanding the healthcare standards and deriving its security requirements. Not only does the Attribute/Behavior-Based Access Control use the user/resource attributes, but it also utilizes their behaviors to detect the malicious users even with valid attributes. This model principally uses the behaviors of both the users and the resources to grant or deny access requests. The concept of a behavior of a given user will be introduced, and we present a feature construction method to model users' access behaviors. As the proof of concept, statistical learning algorithms are trained and tested using a database from UCI Machine Learning Repository. Experimental results illustrate that our model is efficient, accurate, and promising in detecting authorized users with malicious behaviors.