Upload

Loading icon Loading...

This video is unavailable.

2009-11-04 CERIAS - Multi-Policy Access Control for Healthcare using Policy Machine

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like ceriaspurdue's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike ceriaspurdue's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add ceriaspurdue's video to your playlist.

Published on May 10, 2012

Recorded: 11/04/2009
CERIAS Security Seminar at Purdue University

Multi-Policy Access Control for Healthcare using Policy Machine

Zahid Pervaiz, Purdue University

Access control policies in healthcare domain define permissions for users to access different medical records. A Role Based Access Control (RBAC) mechanism allows management of privileges to medical records for users when they assume certain roles thus mitigating the threat of inside attacks. Such a threat emanates from unauthorized users. We can provide a selective combination of policies where sensitive records can be available only to a specific role, say the primary doctor, under Discretionary Access Control (DAC) whereby in turn he/she may share the record with other physicians for consultation after permission from the patient. This mechanism allows not only a better compliance of principle of least privilege but also helps to mitigate the threat of authorized insiders disclosing sensitive information. Our research is being prototyped on the Policy Machine (PM) developed by the National Institute of Standards and Technology (NIST). PM allows integration and co-existence of multiple policies. Currently, we are expanding thecapabilities of PM to provide a flexible healthcare access control policy which has the benefits of context awareness and discretionary access. We will present the newlyimplemented temporal RBAC model on PM and describe initial capabilities for secure management of healthcare data.

Zahid Pervaiz is a PhD candidate in School of Electrical and Computer Engineering at Purdue University. He received his bachelor's degree in Electronics engineering from National University of Science and Technology, Pakistan in 2000. Prior to joining Purdue in 2007, he worked with a research organization in Pakistan for five years as a senior design engineer. His research interests include information privacy, data security and access control. His current research work focuses on access control mechanisms for healthcare applications. He can be reached at zpervaiz@purdue.edu. (Visit: www.cerias.purude.edu)

  • Category

  • License

    Standard YouTube License

Loading icon Loading...

Loading icon Loading...

Loading icon Loading...

Loading icon Loading...

Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

All Comments

Comments are disabled for this video.
Loading...
Working...
to add this to Watch Later

Add to