TY - GEN
T1 - A risk-aware access control model for biomedical research platforms
AU - Badji, Radja
AU - Dankar, Fida K.
N1 - Publisher Copyright:
Copyright © 2018 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved.
PY - 2018
Y1 - 2018
N2 - Data sharing and collaboration are important success factors for modern biomedical research. As biomedical data contains sensitive information, any mechanism that governs biomedical data sharing should protect subjects’ privacy while providing high-utility data in an efficient and prompt manner. The use of biomedical data for research has been studied extensively from the legal aspect. Several regulations control its use and sharing to limit privacy risks. However, current sharing mechanisms can be a barrier to the research community needs. Going through the IRB process is time consuming and will become a bottleneck for the intensive data need of the biomedical research community. Alternatively, creating a universal de-identified research sub-dataset accessible through honest-broker-systems will not satisfy all research use-cases, as stringent de-identification methods can reduce data utility. A risk-aware access control model is a good alternative toward making data more available. In such a model, data requests are evaluated against their incurred privacy risks, and are granted access after the application of appropriate protection levels. In this paper, we describe a formal risk-aware model that will be used in the access control layer and describe the different risk components that can be combined to provide a decision against a data access request.
AB - Data sharing and collaboration are important success factors for modern biomedical research. As biomedical data contains sensitive information, any mechanism that governs biomedical data sharing should protect subjects’ privacy while providing high-utility data in an efficient and prompt manner. The use of biomedical data for research has been studied extensively from the legal aspect. Several regulations control its use and sharing to limit privacy risks. However, current sharing mechanisms can be a barrier to the research community needs. Going through the IRB process is time consuming and will become a bottleneck for the intensive data need of the biomedical research community. Alternatively, creating a universal de-identified research sub-dataset accessible through honest-broker-systems will not satisfy all research use-cases, as stringent de-identification methods can reduce data utility. A risk-aware access control model is a good alternative toward making data more available. In such a model, data requests are evaluated against their incurred privacy risks, and are granted access after the application of appropriate protection levels. In this paper, we describe a formal risk-aware model that will be used in the access control layer and describe the different risk components that can be combined to provide a decision against a data access request.
KW - Access Control Models
KW - Privacy Preserving Data Sharing
KW - Privacy Risk
UR - http://www.scopus.com/inward/record.url?scp=85052022241&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85052022241&partnerID=8YFLogxK
U2 - 10.5220/0006608403220328
DO - 10.5220/0006608403220328
M3 - Conference contribution
AN - SCOPUS:85052022241
T3 - ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy
SP - 322
EP - 328
BT - ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy
A2 - Mori, Paolo
A2 - Furnell, Steven
A2 - Camp, Olivier
PB - SciTePress
T2 - 4th International Conference on Information Systems Security and Privacy, ICISSP 2018
Y2 - 22 January 2018 through 24 January 2018
ER -