Latest COVID-19 Information for Purdue University

The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Zahid Pervaiz - Purdue University

Students: Fall 2022, unless noted otherwise, sessions will be virtual on Zoom.

Multi-Policy Access Control for Healthcare using Policy Machine

Nov 04, 2009

Download: Video Icon MP4 Video Size: 244.6MB  
Watch on Youtube Watch on YouTube


Access control policies in healthcare domain define permissions for users to
access different medical records. A Role Based Access Control (RBAC)
mechanism allows management of privileges to medical records for users when they assume certain roles thus mitigating the threat of inside attacks. Such a threat emanates from unauthorized users. We can provide a selective combination of policies where sensitive records can be available only to a specific role, say the primary doctor, under Discretionary Access Control (DAC) whereby in turn he/she may share the record with other physicians for consultation after permission from
the patient. This mechanism allows not only a better compliance of principle of least privilege but also helps to mitigate the threat of authorized insiders disclosing sensitive information. Our research is being prototyped on the Policy Machine (PM) developed by the National Institute of Standards and Technology (NIST). PM allows integration and co-existence of multiple policies. Currently, we are expanding the
capabilities of PM to provide a flexible healthcare access control policy which has the benefits of context awareness and discretionary access. We will present the newly
implemented temporal RBAC model on PM and describe initial capabilities for secure management of healthcare data.

About the Speaker

Zahid Pervaiz is a PhD candidate in School of Electrical and Computer Engineering at Purdue University. He received his bachelor's degree in
Electronics engineering from National University of Science and Technology,
Pakistan in 2000. Prior to joining Purdue in 2007, he worked with a research
organization in Pakistan for five years as a senior design engineer. His
research interests include information privacy, data security and access
control. His current research work focuses on access control mechanisms for
healthcare applications. He can be reached at

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!