Dynamic CAAC in Healthcare Applications在医疗领域中的应用动态民航局.pptVIP

Dynamic Context-Aware Access Control for Protecting Medical Records Junzhe Hu July 26, 2004 Outline Introduction to our medical data security project Prior work in access control Dynamic context-aware access control CAAC schema Policy specification Policy enforcement Demonstration Conclusions and Future Work Our Security Architecture Authentication Issues We must provide flexible authentication Many devices and techniques what you have (e-token, RFID) what you know (password, SecurID) who you are (fingerprint, iris, signature, voice) How reliable is the authentication? incorporate trust level in the authentication token allow specification of trust level in the authorization rules Authentication on demand User can choose how to be authenticated More secured authentication is required when needed. Authorization Issues Authorization engine must enforce complex rules. Examples: Medical student can not see a patients record unless authorized by patients attending physician A technologist can see only the data related to his/her specialty (e.g., cardiology) Physicians must authenticate at the trust level of a fingerprint or higher Security changes require administrator status and iris scan identification Only employees of the medical records group can delete patient data Authorization Issues Authorization process must be responsive to frequent changes Existing rules may be periodically adjusted Physicians, patients, employees, etc. are a rapidly changing group Access rules may be suspended during public health emergencies Access may be sensitive to the location, time, and/or method of the request Solution: a dynamic, context-aware, access control infrastructure Previous Work Sandu et al. formalized Role-Based Access Control in 1996 User U acting in role R is granted permission P Advantage: greatly improved efficiency Disadvantage: cannot specify fine-grained rules Previous Work Bertino (2001) introduced Temporal RBAC Covington (2001) added location and system s