Apr 10, 2008 - Health Record (EHR) data. ... models to specify their access-control regulations. ... Requestor, EHR, Task, Legal-Authorization, and. Response ...
Comparing the Context and the SitBAC models for Privacy Preservation in terms of model understanding and synthesis Dizza Beimel1, MSc, Mor Peleg2, PhD 1
Faculty of Industrial Engineering, Technion, Israel Institute of Technology, Haifa, Israel; 2 Department of Management Information systems, University of Haifa, Israel;
Abstract. There is an increasing interest in preservMethods. We created a frame-based ontology of the two access-control models using Protégé 2000 ing patients' privacy while accessing Electronic [4]. In an exam held in a Knowledge RepresentaHealth Record (EHR) data. Two models that suption course, we asked the 16 students to use one of port representation of data-request authorization the two frame-based ontologies to (1) view modpolicies are the Contextual Role-Based Access eled contextual data-request instances and write an Control (Context) model [1] and the SituationEnglish sentence describing them, and (2) syntheBased Access Control (SitBAC) model [2]. We size ontology instances corresponding to textual conducted a controlled experiment that compared descriptions of data-request scenarios. We graded the two models with respect to modelthe exam according to predefined criteria assessing understanding and model-synthesis. (a) the difficulty of the task, where simple tasks Background. Health organizations can use either involved only simple scenarios without contextual models to specify their access-control regulations. information and were represented in the two onThe Context model Error! Reference source not tologies in the same way, and complex tasks infound.extends the widely-used Role-Based Access volved contextual expression, and (b) whether the Control (RBAC) [3] model, where permission are scenario descriptions involved creating and insertbased on the role of the data requestor, by including ing new classes (e.g., role types) or new contextual logical rules for expressing contextual authorizaproperties into the ontology, or just using existing tions (i.e., expressions that refer to information values. Each combination of these parameters was about the context of the query, such as the relationmeasured in several tasks. We used the Wilcoxon ship between the access requestor and the patient, matched-pairs signed-rank test [5] statistical test to and the time and place from which the query was analyze the results. made). Results. As shown in Table 1, there are no differThe SitBAC model enables formal representation ences between the two models when it comes to of scenarios of access to patient data as an ontology understanding or synthesizing simple scenarios of of entities involved in data access: Patient, Datadata access, while for complex scenarios there is a Requestor, EHR, Task, Legal-Authorization, and significant advantage to the SitBAC model, in Response, their attributes and relationships. Each terms of understanding and synthesis. access-request scenario is an instance in the ontolDiscussion. The results show that students found it ogy. Instead of logical rules, modelers define valeasier to express contextual access-control regulaues for properties and create relationship instances between entities and properties. tions using the SitBAC model. SitBAC differentially mediated understanding and synthesis as it Research Question. The main differences between involves menu-based relation creation, rather than the two models are in the way in which they strucwriting logical expressions. To confirm these reture and represent contextual data requests. Our sults, additional experiments need to be performed null hypothesis (H0) was that there is no difference with participants who normally implement accessbetween the two models in any aspects of modelcontrol policies in their organizations. understanding and model-synthesis. Table 1. Results comparing the SitBAC and Context models in terms of model understanding and synthesis
#tasks α values Difference in favor of References
Understanding Simple Complex 12 6 0.008 -
SitBAC
1. Motta G, Furuie S. A contextual role-based access control authorization model for electronic patient record. IEEE T Info Technol Biomed 2003;7(3):202-7. 2. Peleg M, Beimel D, Dori D, Denekamp Y. Situation-Based Access Control: privacy management via modeling of patient data access scenarios. J Biomed Inform, available online 10 April 2008, doi:10.1016/j.jbi.2008.03.014 2008.
Creating Existing Simple Complex 15 6 0.062 0.016 -
SitBAC
Creating New Simple Complex 7 6 0.004 -
SitBAC
3. Sandhu RS, Coyne EJ, Youman CE. Role-based access control models. IEEE Computer 1996;29(2):38-47. 4. Noy NF, McGuinness DL. Ontology Development 101: A Guide to Creating Your First Ontology: Stanford Medical Informatics Technical Report SMI-2001-0880; 2001. 5. Siegel S. Non-parametric statistics for the behavioral sciences. New York: McGraw-Hill; 1956.
