Reconciling IHE-ATNA profile with a posteriori contextual access and usage control policy in healthcare environment

Traditional access control mechanisms prevent illegal access by controlling access right before executing an action; they belong to a class of a priori security solutions and, from this point of view, they have some limitations, like inflexibility in unanticipated circumstances. By contrast, a posteriori mechanisms enforce policies not by preventing unauthorized access, but rather by deterring it. Such access control needs evidence to prove violations. Evidence is derived from one or several log records, which trace each user's actions. Efficiency of violation detection mostly depends on the compliance of log records with the access control policy. In order to develop an efficient method for finding these violations, we propose restructuring log records according to a security policy model. We illustrate our methodology by applying it to the healthcare domain, taking care of the IHE (Integrating the healthcare enterprise) framework, particularly its basic security profile, ATNA (Audit Trail and Node Authentication). This profile defines log records established on the analysis of common health practice scenarios. We analyze and establish how ATNA log records can be refined in order to be integrated into an a posteriori access and usage control process, based on an expressive and contextual security policy like the OrBAC policy.

[1]  Frédéric Cuppens,et al.  Administration Model for Or-BAC , 2003, OTM Workshops.

[2]  Drew Pg Integrating the healthcare enterprise. , 2000, M.D. computing : computers in medical practice.

[3]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[4]  Sandro Etalle,et al.  A posteriori compliance control , 2007, SACMAT '07.

[5]  Jerry den Hartog,et al.  An audit logic for accountability , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[6]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[7]  Chris Lonvick,et al.  The BSD Syslog Protocol , 2001, RFC.

[8]  Jerry den Hartog,et al.  A Logic for Auditing Accountability in Decentralized Systems , 2004, Formal Aspects in Security and Trust.

[9]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[10]  Marshall T. Rose,et al.  Reliable Delivery for syslog , 2001, RFC.

[11]  Nora Cuppens-Boulahia,et al.  O2O: Virtual Private Organizations to Manage Security Policy Interoperability , 2006, ICISS.

[12]  Sandro Etalle,et al.  Audit-Based Access Control for Electronic Health Records , 2007, Electron. Notes Theor. Comput. Sci..