A risk-aware access control model for biomedical research platforms

Radja Badji, Fida K. Dankar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Data sharing and collaboration are important success factors for modern biomedical research. As biomedical data contains sensitive information, any mechanism that governs biomedical data sharing should protect subjects’ privacy while providing high-utility data in an efficient and prompt manner. The use of biomedical data for research has been studied extensively from the legal aspect. Several regulations control its use and sharing to limit privacy risks. However, current sharing mechanisms can be a barrier to the research community needs. Going through the IRB process is time consuming and will become a bottleneck for the intensive data need of the biomedical research community. Alternatively, creating a universal de-identified research sub-dataset accessible through honest-broker-systems will not satisfy all research use-cases, as stringent de-identification methods can reduce data utility. A risk-aware access control model is a good alternative toward making data more available. In such a model, data requests are evaluated against their incurred privacy risks, and are granted access after the application of appropriate protection levels. In this paper, we describe a formal risk-aware model that will be used in the access control layer and describe the different risk components that can be combined to provide a decision against a data access request.

Original languageEnglish
Title of host publicationICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy
EditorsPaolo Mori, Steven Furnell, Olivier Camp
PublisherSciTePress
Pages322-328
Number of pages7
ISBN (Electronic)9789897582820
DOIs
Publication statusPublished - 2018
Event4th International Conference on Information Systems Security and Privacy, ICISSP 2018 - Funchal, Madeira, Portugal
Duration: Jan 22 2018Jan 24 2018

Publication series

NameICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy
Volume2018-January

Conference

Conference4th International Conference on Information Systems Security and Privacy, ICISSP 2018
Country/TerritoryPortugal
CityFunchal, Madeira
Period1/22/181/24/18

Keywords

  • Access Control Models
  • Privacy Preserving Data Sharing
  • Privacy Risk

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'A risk-aware access control model for biomedical research platforms'. Together they form a unique fingerprint.

Cite this