论文信息 - Towards enforcement of purpose for privacy policy in distributed healthcare

Towards enforcement of purpose for privacy policy in distributed healthcare

Purpose of access is one of the core concepts in privacy which considers the data user's intent as a factor in making access control decisions and enforcement of purpose is required to ensure that data is used as what it intends for. In general, the enforcement of purpose is a complicated task. The main difficulty is how to identify the purpose of an agent when it requests to perform an action. In this paper, we discuss the design issue of purpose enforcement based on our proposed (defined) enforcement structure: pre-enforcement, ongoing-enforcement, and post-enforcement. We also propose an enforcement solution for usage control designed for distributed healthcare information system, particularly, the pre-enforcement of purpose (the validation of claimed purpose at the initial state before data is granted access).

Jean-Noel Colin | Annanda Thavymony Rath

[1] Reihaneh Safavi-Naini,et al. Enforcing purpose of use via workflows , 2009, WPES '09.

[2] Jorge Lobo,et al. Privacy-aware role-based access control , 2010 .

[3] Jorge Lobo,et al. Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[4] Patrick Valduriez,et al. Design of PriServ, a privacy service for DHTs , 2008, PAIS '08.

[5] Jaehong Park,et al. Formal model and policy specification of usage control , 2005, TSEC.

[6] Ramaswamy Chandramouli,et al. The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[7] Jean-Pierre Seifert,et al. A general obligation model and continuity: enhanced policy enforcement engine for usage control , 2008, SACMAT '08.

[8] Jaehong Park,et al. Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[9] Thavy Mony Annanda Rath,et al. Patient Privacy Preservation: P-RBAC vs OrBAC in Patient Controlled Records Type of Centralized Healthcare Information System. Case study of Walloon Healthcare Network, Belgium , 2012, eTELEMED 2012.

[10] Elisa Bertino,et al. Privacy Protection , 2022 .

[11] Reihaneh Safavi-Naini,et al. Towards defining semantic foundations for purpose-based privacy policies , 2011, CODASPY '11.