Medically adaptive role based access control model (MAR-BAC)

The development of technology gives opportunity to reach information in a reasonably short amount of time. Ease of access to information does not only create positive consequences, but also provides an easy way to access to information by unauthorized parties. As a result, the requirement of protecting data from different aspects of security turns into a significant issue of the information systems. Another issue in such systems is safeguarding the access permissions in order not to allow public accesses to private data. Protecting the data from disclosure, tempering or destruction as well as prevention of unauthorized use of any resource are important aspects of the security in medical environments since the medical data is private data. In this thesis, we introduce a novel access control mechanism in order to safeguard privacy of medical data of patients in dynamic environments. Our access control model, called MAR-BAC (Medically Adaptive Role Based Access Control), takes advantages from role-based access control (RBAC) and criticality-aware access control (CAAC). Our original approach allows the medical professionals with di erent roles to be granted access to medical records of patients automatically and without explicit request in case of a medical emergency. In this context, we design secure and privacy aware protocols from initial login to patients' medical data transmission and retrieval by the medical professionals. We mostly take a formal approach in our access control model definitions and procedures. The medical awareness feature of our MAR-BAC model comes from the fact that medical data of the patients are analysed in near real-time. Each such analysis yields automatic updates in the access control rules for the sake of urgent medical attention. We carry out simulation based performance evaluation to determine the delay characteristics of our MAR-BAC model. We also analyse the scalability of the system. Our results show that MAR-BAC scales linearly under moderate system load. Again under moderate load and in a hospital with 500 inpatients, the maximum end-to-end delay to react a medical emergency is less than 12 seconds

A role and activity based access control for secure healthcare systems

We introduce a novel access control mechanism in order to safeguard privacy of medical data of patients in dynamic environments. Our access control model takes advantages from role-based access control (RBAC) and criticality aware access control (CAAC). In this way, our original approach allows the medical professionals with different roles to be granted access to medical records of patients automatically and without explicit request in case of a medical emergency. In this context, we design secure and privacy aware protocols from initial login to patients' medical data transmission and retrieval by the medical professionals. Moreover, we formally define access control policies for our system. Finally we show the feasibility of our approach by implementation and performance evaluation