Zahid Pervaiz - Purdue University
Nov 04, 2009
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"Multi-Policy Access Control for Healthcare using Policy Machine"
Access control policies in healthcare domain define permissions for users to
access different medical records. A Role Based Access Control (RBAC)
mechanism allows management of privileges to medical records for users when they assume certain roles thus mitigating the threat of inside attacks. Such a threat emanates from unauthorized users. We can provide a selective combination of policies where sensitive records can be available only to a specific role, say the primary doctor, under Discretionary Access Control (DAC) whereby in turn he/she may share the record with other physicians for consultation after permission from
the patient. This mechanism allows not only a better compliance of principle of least privilege but also helps to mitigate the threat of authorized insiders disclosing sensitive information. Our research is being prototyped on the Policy Machine (PM) developed by the National Institute of Standards and Technology (NIST). PM allows integration and co-existence of multiple policies. Currently, we are expanding the
capabilities of PM to provide a flexible healthcare access control policy which has the benefits of context awareness and discretionary access. We will present the newly
implemented temporal RBAC model on PM and describe initial capabilities for secure management of healthcare data.
About the Speaker
Zahid Pervaiz is a PhD candidate in School of Electrical and Computer Engineering at Purdue University. He received his bachelor's degree in
Electronics engineering from National University of Science and Technology,
Pakistan in 2000. Prior to joining Purdue in 2007, he worked with a research
organization in Pakistan for five years as a senior design engineer. His
research interests include information privacy, data security and access
control. His current research work focuses on access control mechanisms for
healthcare applications. He can be reached at email@example.com.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...