Skip to main content
SpringerLink
Log in

Deployment of a posteriori access control using IHE ATNA

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

In healthcare information management, privacy and confidentiality are two major concerns usually satisfied by access control means. Traditional access control mechanisms prevent illegal access by controlling access right before executing an action. They have some limitations like inflexibility in unanticipated circumstances (e.g., emergency). Recently, a posteriori access control has been proposed to complete a priori protection for a more effective and flexible solution. It controls the access by deterring user from having unauthorized access. To be deployed, a posteriori access control needs evidence to prove the users’ violations. In this paper, we show how log records defined by the Integrating the Healthcare Enterprise-Audit Trail and Node Authentication (ATNA) profile can be used to deploy an a posteriori access control system. To develop an efficient method for finding violations, we propose a framework that customizes ATNA log records according to a contextual security policy like the Organization-Based Access Control. Experiments we conducted are also presented.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Corin, R., Etalle, S., den Hartog, J., Lenzini, G., Staicu, I.: A Logic for Auditing Accountability in Decentralized Systems, vol. 173, pp. 187–202. Springer, Berlin (2004)

  2. Cederquist, J.G., Corin, R., Dekker, M.A.C., Etalle, S., den Hartog, J..: An Audit Logic for Accountability. In: IEEE Computer Society, pp. 34–43 (2005)

  3. Department of Defense Trusted Computer System Evaluation Criteria, CSC-STD-011-83, Fort Meade, MD (1983)

  4. Bell, D., LaPadula, L.: Secure Computer System: Unified Exposition and Multics Interpretation. MITRE, Bedford (1975)

    Google Scholar 

  5. Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST-NCSC National Computer Security Conference, Baltimore, MD (1992)

  6. Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008)

    Article  Google Scholar 

  7. Abou El Kalam, A., Deswarte, Y.: Security Model for HealthCare Computing and Communication Systems. In: SEC 2003, pp. 277–288. Greece, Athens (2003)

  8. Lonvick, C.: The BSD Syslog Protocol, RFC 3164 (2001)

  9. New, D., Rose, M.: Reliable Delivery for Syslog, RFC 3195 (2001)

  10. Integrating the Healthcare Enterprise, IHE Radiology Technical Framework Volume I (RAD TF-1) Integration Profiles (2008)

  11. Integrating the Healthcare Enterprise, IHE IT Infrastructure Technical Framework Volume I (ITI TF-1) Integration Profiles (2009)

  12. Integrating the Healthcare Enterprise, IHE IT Infrastructure Technical Framework Supplement 2004–2005 Audit Trail and Node Authentication Profile (ATNA) (2004)

  13. Cederquist, J.G., Corin, R., Dekker, M.A.C., Etalle, S., den Hartog, J.: The Audit Logic-Policy Compliance in Distributed Systems. In: Technical Report TR-CTIT-06-33 (2006)

  14. Dekker, M.A.C., Etalle, S.: Audit-based access control for electronic health records. Electron. Notes Theor. Comput. Sci. 168, 221–236 (2007)

    Article  Google Scholar 

  15. Etalle, S., Winsborough, W.H.: A posteriori compliance control. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 11–20. New York, USA (2007)

  16. Health Level Seven Implementation Support Guide for HL7 Standard Version 2.3 (1998)

  17. DICOM Standards Committee, Working Group 14, Digital Imaging and Communications in Medicine (DICOM) Supplement 95: Audit Trail Messages, Virginia USA (2004)

  18. Marshall, G.: Security Audit and Access Accountability Message XML, RFC 3881 (2004)

  19. Cuppens, F., Cuppens-Boulahia, N., Coma, C.: O2O: Virtual Private Organizations to Manage Security Policy Interoperability, ICISS, pp. 101–115 (2006)

  20. Cuppens, F., Miège, A.: Administration Model for Or-BAC. Comput. Syst. Sci. Eng. 19(3) (2004)

  21. Integrating the Healthcare Enterprise, IHE Radiology Technical Framework Volume II (RAD TF-2) Integration Profiles (2008)

  22. Integrating the Healthcare Enterprise, IHE Radiology Technical Framework Volume III (RAD TF-3) Integration Profiles (2008)

  23. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Acknowledgments

The work presented in this paper is supported by a grant from The Britany Region, France, and by funding from the ANR SELKIS project.

Author information

Authors and Affiliations

  1. IT/Telecom Bretagne, 2 Rue de la Chtaigneraie, 35576, Cesson Svign, France

    Hanieh Azkia, Nora Cuppens-Boulahia, Frédéric Cuppens & Said Oulmakhzoune

  2. IT/Telecom Bretagne, Technople Brest-Iroise, CS 83818, 29238, Brest, France

    Gouenou Coatrieux

Authors
  1. Hanieh Azkia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nora Cuppens-Boulahia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gouenou Coatrieux
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Said Oulmakhzoune
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hanieh Azkia.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Azkia, H., Cuppens-Boulahia, N., Cuppens, F. et al. Deployment of a posteriori access control using IHE ATNA. Int. J. Inf. Secur. 14, 471–483 (2015). https://doi.org/10.1007/s10207-014-0265-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-014-0265-6

Keywords

Search

Navigation