Title :
Toward a synergy among discretionary, role-based and context-aware access control models in healthcare information technology
Author :
Khan, M. Fahim Ferdous ; Sakamura, Ken
Author_Institution :
Grad. Sch. of Interdiscipl. Inf. Studies, Univ. of Tokyo, Tokyo, Japan
Abstract :
Healthcare information systems collect, store and manage sensitive information about patients and, hence, it is imperative for such systems to provide robust access control mechanisms with a view to thwarting potential security and privacy threats. The access-control requirements in healthcare systems are quite diverse as compared to those of other systems. The existing subject-, role-, object-, attribute-, or context-centric approaches seem insufficient to efficiently and flexibly model the access-control needs of the healthcare domain. In this paper, we propose a combined access control scheme for healthcare information systems, amalgamating features of discretionary access control (DAC), role-based access control (RBAC) and context-aware access control. We discuss the design, implementation and evaluation of the proposed scheme, and explain the rationale behind the combination.
Keywords :
authorisation; data privacy; health care; medical information systems; ubiquitous computing; DAC; RBAC; attribute-centric approach; context-aware access control models; context-centric approach; discretionary role-based access control model; healthcare information systems; healthcare information technology; object-centric approach; privacy threats; role-centric approach; security threat; subject-centric approach; Access control; Authentication; Computational modeling; Medical services; Permission; Privacy; DAC; RBAC; access control; context-awareness; healtcare information technology; privacy; security;
Conference_Titel :
Internet Security (WorldCIS), 2012 World Congress on
Conference_Location :
Guelph, ON
Print_ISBN :
978-1-4673-1108-3
