An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system

Smari, Waleed W.; Clemente, Patrice; Lalande, Jean-François

doi:10.1016/j.future.2013.05.010

Cited by 83 publications

(39 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For example, the trust level of a user requesting access from outside the hospital can be evaluated against the security level of the network connection, security clearances of the user, the time of which the access has been requested and so forth [13]. Moreover, recommender systems can be used for recommending trust levels for users; especially when the users are not known to the hospital's system a priori but the organization to whom they belong has some collaborations with the hospital that uses the recommender system [30]. …”

Section: S S Alaqeeli Et Almentioning

confidence: 99%

“…is computed, and since the objective is to find the maximum number of data objects that can be revealed, with accordance to HIPPA rule of privacy, lines (26)(27)(28)(29)(30)(31)(32)(33) show the set of data that can be exposed.…”

Section: Risk Mitigation Data Disclosure Algorithmmentioning

confidence: 99%

“…According to the discussion in part A of Section 4, the computed Risk Measure of a combination exceeds the For instances with the same Max w i and length, the first generated has the highest sensitivity weights while the last has the lowest ones. (27)(28)(29)(30)(31) in Figure 5 show the approach by utilizing the while loop. To illustrate, consider the previous example in Table 9 where 5 n = and 4 r = .…”

Section: Risk Mitigation Data Disclosure Algorithmmentioning

confidence: 99%

See 2 more Smart Citations

Privacy Preserving Risk Mitigation Approach for Healthcare Domain

Aqeeli¹,

Al-Rodhaan²,

Tian³

et al. 2018

ETSN

View full text Add to dashboard Cite

In the healthcare domain, protecting the electronic health record (EHR) is crucial for preserving the privacy of the patient. To help protect the sensitive data, access control mechanisms can be utilized to restrict access to only legitimate users. However, an issue arises when the authorized users abuse their access privileges and violate privacy preferences of the patients. While traditional access control schemes fall short of defending against the misbehavior of authorized users, risk-aware access control models can provide adaptable access to the system resources based on assessing the risk of an access request. When an access request is deemed risky, but within acceptable thresholds, risk mitigation strategies can be exploited to minimize the risk calculated. This paper proposes a risk-aware, privacy-preserving risk mitigation approach that can be utilized in the healthcare domain. The risk mitigation approach controls the patient's medical data that can be exposed to healthcare professionals, according to their trust level as well as the risk incurred of such data exposure, by developing a novel Risk Measure formula. The developed Risk Measure is proven to manage the risk effectively. Furthermore, Risk Mitigation Data Disclosure algorithms, RIMIDI 0 and RIMIDI 1 , which utilize the developed risk measures, are proposed. Experimental results show the feasibility and effectiveness of the proposed method in preserving the privacy preferences of the patient. Since the proposed approach exposes the patient's data that are relevant to the undergoing medical procedure while preserving the privacy preferences, positive outcomes can be realized, which will ultimately bring forth quality healthcare services.

show abstract

Section: S S Alaqeeli Et Almentioning

confidence: 99%

Section: Risk Mitigation Data Disclosure Algorithmmentioning

confidence: 99%

Section: Risk Mitigation Data Disclosure Algorithmmentioning

confidence: 99%

See 1 more Smart Citation

Privacy Preserving Risk Mitigation Approach for Healthcare Domain

Aqeeli¹,

Al-Rodhaan²,

Tian³

et al. 2018

ETSN

View full text Add to dashboard Cite

show abstract

“…In particular, we state some preliminary definitions of risk and security needed to form a collaboration system for risk mitigation, which is expected to rely on several security aspects [9], such as accountability or authentication and access control mechanisms [10]. For systems in which unknown users may enter, the concept of trust is usually used to monitor users behavior along time [11].…”

Section: Framing Data Structuresmentioning

confidence: 99%

“…In this work, the authors consider local and global situational factors as what happens in the environment as an attribute; however, they do not introduce methods to evaluate and handle the risk nor the tool architecture and implementation issues. More recently, Smari et al [9] extend the ABAC model to incorporate trust and privacy issues in cross-organizational collaborative crisis management. Many issues are treated, such as network security for communications during the crisis, and trust in collaborations.…”

Section: Related Workmentioning

confidence: 99%

A web-based cooperative tool for risk management with adaptive security

Fugini

Teimourikia

Hadjichristofi

2016

Future Generation Computer Systems

View full text Add to dashboard Cite

Risk management can benefit from Web-based tools fostering actions for treating risks in an environment, while having several individuals collaborating to face the endeavors related to risks. During the intervention, the security rules in place to preserve resources from unauthorized access, might need to be modified on the fly, e.g., increasing the privileges of risk managers or letting rescue teams view the exact position of the victims. Modifications should respect the overall security policies and avoid security conflicts. This paper presents a dynamic access control model for environmental risks involving physical resources. Data structures included in our Web application to represent both risk and security are given. To keep the dynamic security rules compliant with overall organization security objectives, we consider rules grouped in Access Control Domains so that changes do not create security conflicts during collaboration in risk management. Considering work environments as an example, risk and access control models are introduced. Security is built on the ABAC (Attribute Based Access Control) paradigm. A Risk Management System (RMS) is illustrated: it captures events, signals potential risks, and outputs strategies to prevent the risk. Dynamic authorization is included in the RMS to vary subjects' privileges on physical resources based on risk level, people position and so on. These concepts are implemented in a prototype Web application appearing as a Web Dashboard for risk management

show abstract

Decentralized Access Control for IoT Based on Blockchain and Smart Contract

Chen

Blasch

2020

Modeling and Design of Secure Internet of Things

View full text Add to dashboard Cite

An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system

Cited by 83 publications

References 37 publications

Privacy Preserving Risk Mitigation Approach for Healthcare Domain

Privacy Preserving Risk Mitigation Approach for Healthcare Domain

A web-based cooperative tool for risk management with adaptive security

Decentralized Access Control for IoT Based on Blockchain and Smart Contract

Contact Info

Product

Resources

About