Medically Adaptive Role Based Access Control Model (MAR-BAC)
Naim Alperen Pulur
Computer Science, MSc. Thesis Defense, 2015
Prof. Dr. Albert Levi (Thesis Advisor), Asst. Prof. Dr. Mordechai Shalom, Asst. Prof. Dr. Kamer Kaya
Date &Time: 4th of August, 2015 – 15:30
Place: FASS G022
Keywords: Access Control, Computer & Network Security, Healthcare systems, Real-Time Medical Data Analysis, Privacy of Medical Data
The development of technology gives opportunity to reach information in a reasonably short amount of time. Ease of access to information does not only create positive consequences, but also provides an easy way to access to information by unauthorized parties. As a result, the requirement of protecting data from different aspects of security turns into a significant issue of the information systems. Another perspective in such systems is safeguarding the access permissions in order not to allow public accesses to private data. Protecting the data from disclosure, tempering or destruction as well as prevention of unauthorized use of any resource are important aspects of the security in medical environments since the medical data is private data.
In this thesis, we introduce a novel access control mechanism in order to safeguard privacy of medical data of patients in dynamic environments. Our access control model, called MAR-BAC(Medically Adaptive Role Based Access Control), takes advantages from role-based access control (RBAC) and criticality-aware access control (CAAC). In this way, our original approach allows the medical professionals with different roles to be granted access to medical records of patients automatically and without explicit request in case of a medical emergency. In this context, we design secure and privacy aware protocols from initial login to patients' medical data transmission and retrieval by the medical professionals. We mostly take a formal approach in our access control model definitions and procedures. The medical awareness feature of our MAR-BAC model comes from the fact that medical data of patients are analysed in near real-time. Each such analysis yields automatic updates in the access control rules for the sake of urgent medical attention. We carry out simulation based performance evaluation to determine the delay characteristics of our MAR-BAC model. We also analyse the scalability of the system. Our results show that MAR-BAC scales linearly under moderate system load. Even in a high load setting and in a hospital with 500 inpatients, the maximum end-to-end to react a medical emergency is less than 17 seconds.