Visible to the public Risk-Based Attributed Access Control Modelling in a Health Platform: Results from Project CityZen

TitleRisk-Based Attributed Access Control Modelling in a Health Platform: Results from Project CityZen
Publication TypeConference Paper
Year of Publication2019
AuthorsNakamura, Emilio, Ribeiro, Sérgio
Conference Name2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)
ISBN Number978-1-7281-2542-8
KeywordsAccess Control, authentication, Collaboration, composability, Human Behavior, human factors, Identification, Metrics, policy-based governance, privacy, pubcrawl, resilience, Resiliency, risk, Scalability, security, supply chain risk assessment, Trust

This paper presents an access control modelling that integrates risk assessment elements in the attribute-based model to organize the identification, authentication and authorization rules. Access control is complex in integrated systems, which have different actors accessing different information in multiple levels. In addition, systems are composed by different components, much of them from different developers. This requires a complete supply chain trust to protect the many existent actors, their privacy and the entire ecosystem. The incorporation of the risk assessment element introduces additional variables like the current environment of the subjects and objects, time of the day and other variables to help produce more efficient and effective decisions in terms of granting access to specific objects. The risk-based attributed access control modelling was applied in a health platform, Project CityZen.

Citation Keynakamura_risk-based_2019