Responsibility attribution against data breaches

A. S. M. Kayes, Mohammad Hammoudeh, Shahriar Badsha, Paul A. Watters, Alex Ng, Fatma Mohammed, Mofakharul Islam

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

Abstract

Electronic crimes like data breaches in healthcare systems are often a fundamental failures of access control mechanisms. Most of current access control systems do not provide an accessible way to engage users in decision making processes, about who should have access to what data and when. We advocate that a policy ontology can contribute towards the development of an effective access control system by attributing responsibility for data breaches. We propose a responsibility attribution model as a theoretical construct and discuss its implication by introducing a cost model for data breach countermeasures. Then, a policy ontology is presented to realize the proposed responsibility and cost models. An experimental study on the performance of the proposed framework is conducted with respect to a more generic access control framework. The practicality of the proposed solution is demonstrated through a case study from the healthcare domain.

Original languageEnglish
Title of host publication2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages498-503
Number of pages6
ISBN (Electronic)9781728148212
DOIs
Publication statusPublished - Feb 2020
Externally publishedYes
Event2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies - Doha, Qatar
Duration: 2 Feb 20205 Feb 2020

Conference

Conference2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies
Abbreviated titleICIoT 2020
CountryQatar
CityDoha
Period2/02/205/02/20

Keywords

  • Access Control
  • Cost Model
  • Data Breach
  • Electronic Crimes
  • Ontology
  • Policy Model
  • Responsibility Attribution

Fingerprint Dive into the research topics of 'Responsibility attribution against data breaches'. Together they form a unique fingerprint.

Cite this