Table of Contents Author Guidelines Submit a Manuscript
Computational and Mathematical Methods in Medicine
Volume 2015, Article ID 265132, 9 pages
http://dx.doi.org/10.1155/2015/265132
Research Article

A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

1Computer Science and Engineering, Sogang University, Seoul 121-742, Republic of Korea
2Agency for Defense Development, Daejeon 305-600, Republic of Korea

Received 5 December 2014; Revised 8 April 2015; Accepted 14 April 2015

Academic Editor: Chuangyin Dang

Copyright © 2015 Donghee Choi et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. M. S. Shin, H. S. Jeon, Y. W. Ju, B. J. Lee, and S. Jeong, “Constructing RBAC based security model in u-healthcare service platform,” The Scientific World Journal, vol. 2015, Article ID 937914, 13 pages, 2015. View at Publisher · View at Google Scholar
  2. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, “Role-based access control models,” Computer, vol. 29, no. 2, pp. 38–47, 1996. View at Publisher · View at Google Scholar · View at Scopus
  3. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, “Proposed NIST standard for role-based access control,” ACM Transactions on Information and System Security, vol. 4, no. 3, pp. 224–274, 2001. View at Publisher · View at Google Scholar
  4. D. Ferraiolo, R. Kuhn, and R. Sandhu, “RBAC standard rationale: comments on ‘A critique of the ANSI standard on role-based access control’,” IEEE Security & Privacy Magazine, vol. 5, no. 6, pp. 51–53, 2007. View at Publisher · View at Google Scholar
  5. Q. Ni, E. Bertino, and J. Lobo, “Risk-based access control systems built on fuzzy inferences,” in Proceedings of the 5th ACM Symposium on Information, Computer and Communication Security (ASIACCS '10), pp. 250–260, New York, NY, USA, April 2010. View at Publisher · View at Google Scholar · View at Scopus
  6. E. Celikel, M. Kantarcioglu, B. M. Thuraisingham, and E. Bertino, “A risk management approach to RBAC,” Risk and Decision Analysis, vol. 1, no. 1, pp. 21–33, 2009. View at Publisher · View at Google Scholar · View at Scopus
  7. F. Salim, J. Reid, E. Dawson, and U. Dulleck, “An approach to access control under uncertainty,” in Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES '11), pp. 1–8, August 2011.
  8. I. Molloy, L. Dickens, C. Morisset, P.-C. Cheng, J. Lobo, and A. Russo, “Risk-based security decisions under uncertainty,” in Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (CODASPY '12), March 2012.
  9. L. Chen and J. Crampton, “Risk-aware role-based access control,” in Proceedings of the 7th International Workshop on Security and Trust Management, Copenhagen, Denmark, June 2011.
  10. K. K. Venkatasubramanian, T. Mukherjee, and S. K. S. Gupta, “CAAC—an adaptive and proactive access control approach for emergencies in smart infrastructures,” ACM Transactions on Autonomous and Adaptive Systems, vol. 8, no. 4, article 20, 2014. View at Publisher · View at Google Scholar
  11. M.-Y. Wu and M.-H. Yu, “Enterprise information security management based on context-aware RBAC and communication monitoring technology,” Mathematical Problems in Engineering, vol. 2013, Article ID 569562, 11 pages, 2013. View at Publisher · View at Google Scholar · View at Scopus
  12. Q. Wang and H. Jin, “Quantified risk-adaptive access control for patient privacy protection in health information systems,” in Proceedings of the 6th International Symposium on Information, Computer and Communications Security (ASIACCS '11), pp. 406–410, ACM, Hong Kong, March 2011. View at Publisher · View at Google Scholar · View at Scopus
  13. OASIS, “eXtensible Access Control Markup Language (XACML) Version 3.0,” OASIS Standard, January 2013.
  14. L. Chen, L. Gasparini, and T. J. Norman, “XACML and risk-aware access control,” Resource, vol. 2, no. 10, pp. 3–5, 2013. View at Google Scholar
  15. K. Zaman Bijon, R. Krishnan, and R. Sandhu, “Risk-aware RBAC sessions,” in Information System Security, Lecture Notes in Computer Science, pp. 59–74, Springer, Berlin, Germany, 2012. View at Publisher · View at Google Scholar
  16. P.-C. Cheng, P. Rohatgi, C. Keser, P. A. Karger, G. M. Wagner, and A. S. Reninger, “Fuzzy multi-level security: an experiment on quantified risk-adaptive access control,” in Proceedings of the IEEE Symposium on Security and Privacy (SP '07), pp. 222–230, IEEE, Berkeley, Calif, USA, May 2007. View at Publisher · View at Google Scholar
  17. S. Kandala, R. Sandhu, and V. Bhamidipati, “An attribute based framework for risk-adaptive access control models,” in Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES '11), pp. 236–241, August 2011. View at Publisher · View at Google Scholar · View at Scopus
  18. O. Garcia-Morchon and K. Wehrle, “Modular context-aware access control for medical sensor networks,” in Proceedings of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT '10), pp. 129–138, June 2010. View at Publisher · View at Google Scholar · View at Scopus