Semantic Security for E-Health: A Case Study in Enhanced Access Control

Data collection, access and usage are essential for many forms of collaborative research. E-Health represents one area with much to gain by sharing of data across organisational boundaries. In such contexts, security and access control are essential to protect the often complex, privacy and information governance concerns of associated stakeholders. In this paper we argue that semantic technologies have unique benefits for specification and enforcement of security policies that cross organisation boundaries. We illustrate this through a case study based around the International Niemann-Pick Disease (NPD) Registry (www.inpdr.org) - which typifies many current e-Health security processes and policies. We show how approaches based upon ontology-based policy specification overcome many of the current security challenges facing the development of such systems and enhance access control by leveraging existing security information associated with clinical collaborators.

[1]  Rachel L. Richesson,et al.  Introduction to Clinical Research Informatics , 2019, Health Informatics.

[2]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[3]  Naranker Dulay,et al.  A Workflow-Based Access Control Framework for e-Health Applications , 2008, 22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008).

[4]  S. Javanmardi,et al.  An Access Control Model for Protecting Semantic Web Resources , 2006 .

[5]  Oluwafemi O. Ajayi,et al.  Dynamic trust negotiation for decentralised e-health collaborations , 2009 .

[6]  Steffen Staab,et al.  Ontology Learning for the Semantic Web , 2002, IEEE Intell. Syst..

[7]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[8]  D. Sharma,et al.  A Security Architecture for e-Health Services , 2008, 2008 10th International Conference on Advanced Communication Technology.

[9]  Bhavani M. Thuraisingham,et al.  Mandatory Access Control , 2009, Encyclopedia of Database Systems.

[10]  Marianne Winslett,et al.  How to Exploit Ontologies for Trust Negotiation , 2004, Trust@ISWC.

[11]  E. Schuchman,et al.  The pathogenesis and treatment of acid sphingomyelinase-deficient Niemann–Pick disease , 2007, Journal of Inherited Metabolic Disease.

[12]  Bhavani M. Thuraisingham,et al.  ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[13]  Bhavani Thuraisingham Mandatory Access Control , 2009 .

[14]  Simson L. Garfinkel,et al.  PGP: Pretty Good Privacy , 1994 .

[15]  Richard O. Sinnott,et al.  A review of grid authentication and authorization technologies and support for federated access control , 2011, CSUR.

[16]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.

[17]  F. Hansen,et al.  Spatial role-based access control model for wireless networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[18]  M. D. Abrams,et al.  Network security: Protocol reference model and the trusted computer system evaluation criteria , 1987, IEEE Network.

[19]  Huajun Chen,et al.  The Semantic Web , 2011, Lecture Notes in Computer Science.

[20]  Félix Gómez Mármol,et al.  To Federate or Not To Federate: A Reputation-Based Mechanism to Dynamize Cooperation in Identity Management , 2014, Wirel. Pers. Commun..

[21]  Pekka Ruotsalainen A cross-platform model for secure Electronic Health Record communication , 2004, Int. J. Medical Informatics.

[22]  Richard O. Sinnott,et al.  Semantic Security: Specification and Enforcement of Semantic Policies for Security-driven Collaborations , 2009, HealthGrid.

[23]  Jim Basney,et al.  The case for using Bridge Certificate Authorities for Grid computing , 2005, Softw. Pract. Exp..

[24]  Richard O. Sinnott,et al.  Supporting Federated Multi-authority Security Models , 2011, 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[25]  Stephen T. Kent,et al.  Internet Privacy Enhanced Mail , 1993, CACM.