Evaluating ISO 14441 privacy requirements on role based access control (RBAC) restrict mode via Colored Petri Nets (CPN) modeling

Carvalho, Marcelo Antonio de; Bandiera-Paiva, Paulo

doi:10.1109/ccst.2017.8167833

Cited by 7 publications

(4 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The goal of this article is to enable the basic DAC capability to be integrated into the RBAC Core features by simulating an access decision flow by means of a Colored Petri‐Net (CPN) design. This involved extending a previously implemented RBAC model 8 by adding data owner authorization prior to the data manipulations and included patient EHR functionalities based on role logic. This work reuses our previous CPN model with adaptations to illustrate the new DAC idea.…”

Section: Objectives and Methodsmentioning

confidence: 99%

“…Instead, we advocate that there should be a parallel implementation. We have updated the CPN diagram from our RBAC simulation, 8 to ensure that tokens representing objects and lists of operations reflect the PPI announcements on the “Role administration” module. In addition, we have connected available roles from the “New roles” repository to both the regular RBAC and DAC‐aware “Role assignment” module flow.…”

Section: Objectives and Methodsmentioning

confidence: 99%

“…In more specific terms, there is a need for consent to access patient EHR data with the aid of patient‐centric simple DAC authorization features included in the core RBAC access flow. This consent is often cited in the discussion section of the articles and appears in at least seven of the requirements laid down by the EHR privacy standard 8 …”

Section: The Background and Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Towards unobtrusive patient‐centric access‐control for Health Information System

Carvalho

Bandiera-Paiva

2020

Concurrency and Computation

View full text Add to dashboard Cite

Patient consent is currently a missing piece on Health Information Systems (HIS) access permission. The control is needed to ensure personal data as the property of the individual, not data controllers or health-care service providers. This is a newly-designed access-decision flow for HIS secured by Role-Based Access Control (RBAC) including patient-centric control. It makes use of Colored Petri-Nets (CPN) to model RBAC restrictions. A Discretionary Access Control (DAC) functionality is added to Electronic Health-Records (EHR) control to convey a patient's explicit authorization to their data in a non-obstructive access flow. Mutual exclusion was designed to incorporate patient needs so that they could authorize healthcare professionals to access EHR data. Additional information was supplied to a PERMS Access Control matrix and this enabled DAC to be mimicked using existing RBAC Core functions. A minimal addition is proposed to incorporate RBAC-aware systems with no significant drawbacks when compared with previous CPN simulations. The article also discusses the limitations of this technique and the favorable conditions for implementing new features.

show abstract

Section: Objectives and Methodsmentioning

confidence: 99%

Section: Objectives and Methodsmentioning

confidence: 99%

Section: The Background and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Towards unobtrusive patient‐centric access‐control for Health Information System

Carvalho

Bandiera-Paiva

2020

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…information about a child based on their location and detailed behavioral patterns that may be used for the undesirable purposes [6]. Referring to de Carvalho and Bandiera-Paiva [17], the privacy and security requirements to protect any data, and restrict principals' interaction, must consider all users [17].…”

Section: Introductionmentioning

confidence: 99%

Modeling Privacy Preservation in Smart Connected Toys by Petri-Nets

Yankson¹,

Iqbal²,

Lu³

et al. 2019

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Children data privacy must be considered as integral and factored into the system design of Smart Connected Toy (SCT). The challenge is that SCTs are capable to gather significant amount volunteered and nonvolunteered data, which lacks privacy considerations. It is imperative to adopt a modeling technique that autonomously preserves privacy and secure children's data in SCT transactions. This paper surveys the current data flow modeling techniques, which most of them do not have elements to address the privacy of Personal Identifiable Information (PII). This paper shows a Petri-Net simulation which provides privacy assurance in order to minimize the risk of privacy violation of a child's PII and related data.

show abstract

Unwanted RBAC Functions Over Health Information System (HIS)

Carvalho

Bandiera-Paiva

2019

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Evaluating ISO 14441 privacy requirements on role based access control (RBAC) restrict mode via Colored Petri Nets (CPN) modeling

Cited by 7 publications

References 25 publications

Towards unobtrusive patient‐centric access‐control for Health Information System

Towards unobtrusive patient‐centric access‐control for Health Information System

Modeling Privacy Preservation in Smart Connected Toys by Petri-Nets

Unwanted RBAC Functions Over Health Information System (HIS)

Contact Info

Product

Resources

About