Abstract
Electronic crimes like data breaches in healthcare systems are often a fundamental failures of access control mechanisms. Most of current access control systems do not provide an accessible way to engage users in decision making processes, about who should have access to what data and when. We advocate that a policy ontology can contribute towards the development of an effective access control system by attributing responsibility for data breaches. We propose a responsibility attribution model as a theoretical construct and discuss its implication by introducing a cost model for data breach countermeasures. Then, a policy ontology is presented to realize the proposed responsibility and cost models. An experimental study on the performance of the proposed framework is conducted with respect to a more generic access control framework. The practicality of the proposed solution is demonstrated through a case study from the healthcare domain.
| Original language | English |
|---|---|
| Title of host publication | 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020 |
| Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
| Pages | 498-503 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781728148212 |
| DOIs | |
| Publication status | Published - Feb 2020 |
| Externally published | Yes |
| Event | 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies - Doha, Qatar Duration: 2 Feb 2020 → 5 Feb 2020 |
Conference
| Conference | 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies |
|---|---|
| Abbreviated title | ICIoT 2020 |
| Country/Territory | Qatar |
| City | Doha |
| Period | 2/02/20 → 5/02/20 |
Keywords
- Access Control
- Cost Model
- Data Breach
- Electronic Crimes
- Ontology
- Policy Model
- Responsibility Attribution