SGAC: A Multi-Layered Access Control Model with Conflict Resolution Strategy. (13th May 2019)
- Record Type:
- Journal Article
- Title:
- SGAC: A Multi-Layered Access Control Model with Conflict Resolution Strategy. (13th May 2019)
- Main Title:
- SGAC: A Multi-Layered Access Control Model with Conflict Resolution Strategy
- Authors:
- Huynh, Nghi
Frappier, Marc
Pooda, Herman
Mammar, Amel
Laleau, Régine - Editors:
- Mitchell, Chris
- Abstract:
- Abstract: This paper presents SGAC ( Solution de Gestion Automatisée du Consentement / automated consent management solution ), a new healthcare access control model and its support tool, which manages patient wishes regarding access to their electronic health records (EHR). This paper also presents the verification of access control policies for SGAC using two first-order-logic model checkers based on distinct technologies, Alloy and ProB. The development of SGAC has been achieved within the scope of a project with the University of Sherbrooke Hospital (CHUS), and thus has been adapted to take into account regional laws and regulations applicable in Québec and Canada, as they set bounds to patient wishes: for safety reasons, under strictly defined contexts, patient consent can be overriden to protect his/her life (break-the-glass rules). Since patient wishes and those regulations can be in conflict, SGAC provides a mechanism to address this problem based on priority, specificity and modality. In order to protect patient privacy while ensuring effective caregiving in safety-critical situations, we check four types of properties: accessibility, availability, contextuality and rule effectivity. We conducted performance tests comparison: implementation of SGAC versus an implementation of another access control model, XACML, and property verification with Alloy versus ProB. The performance results show that SGAC performs better than XACML and that ProB outperforms Alloy by twoAbstract: This paper presents SGAC ( Solution de Gestion Automatisée du Consentement / automated consent management solution ), a new healthcare access control model and its support tool, which manages patient wishes regarding access to their electronic health records (EHR). This paper also presents the verification of access control policies for SGAC using two first-order-logic model checkers based on distinct technologies, Alloy and ProB. The development of SGAC has been achieved within the scope of a project with the University of Sherbrooke Hospital (CHUS), and thus has been adapted to take into account regional laws and regulations applicable in Québec and Canada, as they set bounds to patient wishes: for safety reasons, under strictly defined contexts, patient consent can be overriden to protect his/her life (break-the-glass rules). Since patient wishes and those regulations can be in conflict, SGAC provides a mechanism to address this problem based on priority, specificity and modality. In order to protect patient privacy while ensuring effective caregiving in safety-critical situations, we check four types of properties: accessibility, availability, contextuality and rule effectivity. We conducted performance tests comparison: implementation of SGAC versus an implementation of another access control model, XACML, and property verification with Alloy versus ProB. The performance results show that SGAC performs better than XACML and that ProB outperforms Alloy by two order of magnitude thanks to its programmable approach to constraint solving. … (more)
- Is Part Of:
- Computer journal. Volume 62:Number 12(2019)
- Journal:
- Computer journal
- Issue:
- Volume 62:Number 12(2019)
- Issue Display:
- Volume 62, Issue 12 (2019)
- Year:
- 2019
- Volume:
- 62
- Issue:
- 12
- Issue Sort Value:
- 2019-0062-0012-0000
- Page Start:
- 1707
- Page End:
- 1733
- Publication Date:
- 2019-05-13
- Subjects:
- Healthcare -- access control -- consent management -- formal model -- verification -- Alloy -- ProB
Computers -- Periodicals
005.1 - Journal URLs:
- http://comjnl.oxfordjournals.org/ ↗
http://ukcatalogue.oup.com/ ↗ - DOI:
- 10.1093/comjnl/bxz039 ↗
- Languages:
- English
- ISSNs:
- 0010-4620
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.060000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 12647.xml