Table of Contents Author Guidelines Submit a Manuscript
Computational and Mathematical Methods in Medicine
Volume 2015 (2015), Article ID 265132, 9 pages
Research Article

A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

1Computer Science and Engineering, Sogang University, Seoul 121-742, Republic of Korea
2Agency for Defense Development, Daejeon 305-600, Republic of Korea

Received 5 December 2014; Revised 8 April 2015; Accepted 14 April 2015

Academic Editor: Chuangyin Dang

Copyright © 2015 Donghee Choi et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


Since the access control environment has changed and the threat of insider information leakage has come to the fore, studies on risk-based access control models that decide access permissions dynamically have been conducted vigorously. Medical information systems should protect sensitive data such as medical information from insider threat and enable dynamic access control depending on the context such as life-threatening emergencies. In this paper, we suggest an approach and framework for context sensitive risk-based access control suitable for medical information systems. This approach categorizes context information, estimating and applying risk through context- and treatment-based permission profiling and specifications by expanding the eXtensible Access Control Markup Language (XACML) to apply risk. The proposed framework supports quick responses to medical situations and prevents unnecessary insider data access through dynamic access authorization decisions in accordance with the severity of the context and treatment.