آخر الأخبار
Access control model to the electronic health records based on ontology***
Access control model to the electronic health records based on ontology
Asma BELAIDI(1) Mohammed El Amine ABDERRAHIM(2)
(1)Department of Biomedical Engineering, Laboratory of Arabic Natural Language Processing, University of Tlemcen, Algeria
(2) Department of computer science, Laboratory of Arabic Natural Language Processing
University Of Kasdi Merbah - Ouargla
We present an ontology-based access control (AC) model (OEHRAC) dedicated to representing the AC given on electronic health records (EHR) to potential users in the case of a health organization. EHR AC is provided by using an Or-BAC EHR model within the OWL language. Queries used for AC are obtained in the SPARQL language. Our ontology is made up of a set of classes and properties for identifying subjects, roles, objects, contexts, and actions.
Medical Informatics, Healthcare Systems, Or-BAC, Security, Semantic Access Control Model, OWL.
Many works have been introduced on various aspects of managing and organizing electronic health records (EHR). EHR can take on multiple forms, including: (1) an independent software application running on a single computer, (2) a web service belonging to a single organization, (3) a general web service used as a platform to collect different types of health information, or (4) a USB-based EHR [1]. EHR contains all relevant information about an individual's life, including: (1) administrative data, (2) data concerning different patient measures, (3) data contributing to coordination, quality, continuity of care, and prevention; and (4) data concerning the holder's expression space [2]. The use of EHR offers many benefits, such as cost reduction, improved quality of care, promotion of evidence-based medicine, and enhanced record keeping and mobility [1]. However, protecting personal information is essential, and the key challenge for access control (AC) systems is to design them to meet the needs of a wide range of potential users [3, 4]. It is difficult to maintain data privacy of such EHR, and there is a risk that administrative staff could access information without a patient's explicit consent. Information security covers three aspects: logical security, physical security, and administrative security [5]. Logical security has two components: identification and authentication, and authorization or AC. In this article, our focus is on logical security, specifically AC. Physical security and administrative security are not within the scope of this work. As per [6], AC mechanisms can be classified into five categories: (1) identity-based (DAC: Discretionary AC), (2) network-based (MAC: Mandatory AC or MAC), (3) role-based (RBAC), (4) organization-based (Or-BAC), and (5) attribute-based (ABAC). It is worth noting that ABAC is more general than RBAC, and Or-BAC is an adaptation of RBAC. In accordance with [1, 7-9], the preferred AC model appears to be RBAC. It is the most common AC and is considered to be particularly well-suited to healthcare systems, according to these sources. Additionally, the work of [8] confirms this fact by pointing out that the health industry uses RBAC extensively on its systems and takes advantage of its properties. Similarly, the work of [7] describes testing the applicability of RBAC within an existing medical database. The authors concluded that RBAC is appropriate for medical databases and recommended its use. Furthermore, several publications have proposed RBAC adaptations and enhancements to cope with current health information system use characteristics [8]. In recent years, there has been significant growth in ontology-based systems engineering (SE). A study conducted by [10] indicates that ontology is applied across many different SE knowledge areas, and the benefits of ontologies to SE are proven. In the context of EHR management, the use of ontology facilitates reasoning for AC decision making and enables the automatic search, query, and discovery of AC information [11]. According to [12-16], researchers have utilized ontologies in AC to address certain issues related to RBAC and ABAC, particularly the definition and administration of rules and policies. The subsequent sections cover some of these solutions and their contexts.
Modeling policies in an ontology can greatly improve the performance of the system. This is because it enables easy retrieval of target policies from the workflow by following the interrelation of the relevant entities, instead of searching through the database [12-16]. In addition, ontologies are being proposed as an alternative to XML-based policies due to their low expressiveness and lack of formal semantics regarding AC management. This section aims to present approaches that handle ontology-based AC management. Kagal et al. [17] proposed a semantic policy language named Rei, which is designed for pervasive computing applications based on deontic concepts. It includes constructs for rights, prohibitions, obligations, and dispensations. Rei is implemented in Prolog. Like Rei, KAoS [18] is a policy representation language based on OWL that enables the definition of policies for the security of agents and distributed systems. KAoS manages four types of rules: Positive Authorization, Negative Authorization, Positive Obligation, and Negative Obligation. Similar to Rei and KAoS, OWL-POLAR [19] is a policy representation language based on OWL that allows for the development of distributed agent-based systems that can operate flexibly and effectively in policy-constrained environments. In [20], Finin et al. compared the RBAC security model to OWL and represented the RBAC model using OWL. They described two possible approaches for representing RBAC in OWL: one approach represents roles as classes and sub-classes, and the other represents roles as attributes. In [11], Mohammad et al. have presented an ontology-based AC (OBAC) model to support semantic web service, the proposed model combine the users management ability of RBAC and the dynamic features of ABAC. In the context of managing access rights in content management systems, Buffa and Faron [21] proposed the AMO (Access Management Ontology) ontology. This ontology includes a set of classes and properties for annotating resources, the access to which should be controlled, and a set of inference rules for managing AC. Choi et al. [22] propose Onto-ACM (Ontology Based Access Control Model) for dynamic AC. Onto-ACM is a semantic analysis model for permitted limit of service provider and user in cloud computing environment. In [23], an ontology-based AC model called OJADEAC is proposed for application in the JADE platform. The model relies on an ontology called JMASO, which models the JADE Multi-Agent platform knowledge by storing key entities and their relationships typically found in JADE, as well as any information related to AC purposes, including inferences based on AC policy rules. Macfie [24] proposes two semantic ontological RBAC models: (1) SO-RBAC (Semantic Ontological Role-Based Access Control) which uses OWL-DL to store the ontology, and SWRL to perform reasoning; and (2) ESO-RBAC (Enhanced Semantic Ontological Role-Based Access Control) which enhances the SO-RBAC model by programming it in OWL-Full. It uses Jena for performing reasoning and allows an object-oriented definition of roles and data items. The authors of [12-14] propose an approach related to our scheme. They present a generic ontology-based solution inspired by the Attribute-based Access Control (ABAC) paradigm, which models entities and their access policies. This system offers two main benefits: (1) a generic ontology that can be easily extended for specific environments to define access control at different levels of granularity, and (2) simplification of the definition and enforcement of rules by automatic ontology-based inference of rules. To demonstrate its applicability and benefits, they applied it to two large and open scenarios: Online Social Networks (OSNs) and the Cloud [12]. By combining OBAC and RBAC, a Hybrid AC (HAC) model is presented in [25]. The model is aimed at mapping relational databases and ontologies using both OBAC and RBAC together. The management of access control for roles and profiles is targeted in the human resources domain. By means of an ontology, Fatma et al. [26] propose an extensible security policy model that supports multi-domain AC requirements in a ubiquitous context. In [15], Brut et al. propose an ontology-based solution for organizing, indexing, securing, and providing adapted access to medical information. In [27], Iman et al. propose an ontological framework based on the extension of the international nomenclature (SNOMED CT) by the dimension of private life in order to secure access to EHR. However, the authors have not provided detailed information on how they structured the ontology from the perspective of private life. According to Buffa et al. [21], there are four motivations behind the choice of ontologies over relational database systems (RDS) for implementing RBAC models. Firstly, RDS do not implement all of the features of the RBAC model. Secondly, RBAC implementations in RDS are always vendor-specific. Thirdly, RDS cannot naturally represent hierarchical data, which is the backbone of any semantic representation of RBAC models. Finally, OWL reasoner-enabled ontologies allow for the description and manipulation of RBAC model semantics in a more efficient manner, effectively addressing the previous two problems. The comparative analysis conducted in [28] concludes that using semantic approaches with standards such as RDF/OWL for policy representation provides advantages such as runtime extensibility and adaptability of the system, the ability to analyze policies relating to entities described at different levels of abstraction, and the ability to reason about policy disclosure, conflict detection, and harmonization about domain structure and concepts. As in [20] and in many other studies in the literature, we have chosen to use the RBAC model for the following reasons: (1) RBAC is a NIST standard, (2) RBAC has proven real-world success, and (3) RBAC has been extensively studied in academia. The choice of OWL is justified by the following reasons: (1) OWL is a standard. (2) OWL is widely used for defining domain vocabularies (ontologies). (3) OWL is used for developing policy languages for the web. The benefit of specifying AC using semantic approaches is that an organization can utilize a common ontology that can be shared between services and service clients. The proposed paper presents OEHRAC, an ontology-based AC model for EHR in the context of a healthcare organization. The model utilizes the Or-BAC model, which is an adaptation of RBAC, to provide EHR AC. To demonstrate the reliability and efficiency of the proposed model we implemented it in the case of an Algerian health organization. The data and structure related to this organization were previously developed in [2]. The Or-BAC model is composed of seven (7) entities, which are divided into two levels: the concrete level (Subjects, Objects, and Actions) and the abstract level (Roles, Views, Contexts, and Activities). Figure 1, taken from [29], illustrates the various entities of the Or-BAC model and their relationships
Figure 1. The different entities of Or-BAC model and their relations [29]
We present our proposed OEHRAC model in the following section. Then we show the use of OEHRAC.
This section proposes a representation of concepts and the relationships, rules, and operations that might be applied to these concepts for the EHR AC management. The proposed OEHRAC model is derived from the features and functionality of the Or-BAC AC model. It is represented as an ontology developed using Protégé [30] (https://protege.stanford.edu/) and described using OWL (http://www.w3.org/TR/2012/REC-owl2-overview-20121211/). The ontology defines all classes described in the following subsection along with their attributes, data properties, and relationships among them. Our proposed AC model, shown in Figure 2, consists of nine (9) classes, namely: (1) Roles, (2) Views, (3) Activities, (4) Contexts, (5) Access, (6) Subjects, (7) Objects, (8) Actions, and (9) AccessRoles. The Roles class has twenty-four (24) roles, which are grouped into four (4) subclasses representing all the roles used in the Algerian health organization. The Views class has fifteen (15) views representing all views derived from the EHR. The Activities class comprises five (5) activities, namely, Add, Consult, Delete, Modify, and Transfer. The Contexts class contains twenty-five (25) contexts grouped into four (4) subclasses named: (1) Temporal, (2) Spatial, (3) Emergency, and (4) Composed (for manipulating composed contexts). Each subclass contains all the contexts of that subclass. The Access class has four (4) individuals access, namely: (1) Permission, (2) Interdiction, (3) Obligation, and (4) Recommendation. The Subjects class includes all potential users of the EHR. The Objects class includes all the objects of the EHR, while the Actions class includes two individual actions: Read and Write. The AccessRoles class includes individuals obtained from all valid combinations of the entities: Contexts, Activities, Views, and Access. The AccessRoles class is used to capture security-relevant context information about the role. It is represented as a 4-tuple consisting of a view, activity, context, and access. For example, the AccessRoles "Ar1" in Figure 4 represents the combination: (Context=T1 working hours between 8 a.m. and 5 p.m, Activity=Consult, View=Identification, Access=Permission). In our case, we have 7500 (25*5*15*4) possible combinations (we have 25 contexts, 5 activities, 15 views, and 4 accesses)
Figure 2. Classes of the OEHRAC model
Our proposed AC model, shown in Figure 3, consists of eight (8) object properties, namely: hasRoles(Subjects, Roles), hasAccessRoles(Roles, AccessRoles), hasContext(AccessRoles,Contexts), hasActivity(AccessRoles,Activities), hasView(AccessRoles,Views), hasAccess(AccessRoles,Access), hasObjects(Views,Objects) and hasActions(Activities, Actions)
Figure 3. Object properties of the OEHRAC model
For example, Figure 4 shows that the subject Ahmed (Subjects=Ahmed), who has the Professor role (Roles=Professeur), has the AccessRoles Ar1 (AccessRoles=Ar1). The AccessRoles «Ar1» means that the Professor role is authorized (Access=Permission) to consult (Activity=Consult) the view identification (Views=Identification) in the context of working hours between 8 a.m. and 5 p.m. (Context=T1 working hours between 8 a.m. and 5 p.m.)
Figure 4. The subject "Ahmed" who has the role "Professeur
The ontology interrogation allows us to find the access associated with each subject. For example, by using the following SPARQL query, we can find the access of the subject "Ahmed" from the previous example: PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> PREFIX owl: <http://www.w3.org/2002/07/owl#> PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> PREFIX xsd: <http://www.w3.org/2001/XMLSchema#> PREFIX oehrac: <http://www.semanticweb.org/amine/ontologies/2 020/2/OEHRAC#> SELECT ?access WHERE { oehrac:Ahmed oehrac:hasRoles oehrac:Professeur. oehrac:Professeur oehrac:hasAccessRoles ?ar. ?ar oehrac:hasView oehrac:Identification. ?ar oehrac:hasActivity oehrac:Consult. ?ar oehrac:hasContext oehrac:T1_heures_de_travail_entre_8h_et_17h. ?ar oehrac:hasAccess ?access}
The use of semantic web technologies in AC mechanisms has gained considerable attention from different researchers who build ontology-based AC for various domains [23]. In this paper, we have described the development of OEHRAC, an ontology-based AC model for the EHR in the context of a healthcare organization. The proposed AC model has been derived from the features and functionality of the Or-BAC AC model and has been implemented in the context of an Algerian health organization. OEHRAC can be summarized in the following points: · The use of ontology provides reasoning ability for AC decisions. AC information can be accessed, queried, and automatically discovered, including owner attributes, which can be deduced from knowledge by reasoning. · Compared to other approaches to AC and due to the nature of ontologies in providing semantic interoperability, our proposed model has a higher degree of interoperability. · The declarative modeling of the strategy of AC management ensures easy maintenance. · OEHRAC can be considered a generic ontology that can be easily extended for specific environments. Modeling policies in an ontology can greatly increase the performance of the system because it can easily retrieve the target policy from the workflow by following the interrelationships of the target entities, instead of searching from the database. In conclusion, the contribution of this article is twofold. First, we propose the semantic ontological modeling of the EHR AC in the context of a health organization, and a software tool is developed in accordance with the proposed EHR AC. Second, we have utilized OWL and its reasoners for the purpose of defining and manipulating the semantics of Or-BAC. As a perspective and according to [21], user-centric access control (AC) does not require an administrator with global maintenance access rights on the system because no role or action needs to be defined. A direct consequence of this is that user-centric AC is more flexible than role-centric AC. We plan to investigate how we could combine such a user-centric approach with the role-centric approach
"This work was conducted using the Protégé resource, which is supported by grant GM10331601 from the National Institute of General Medical Sciences of the United States National Institutes of Health. The authors are grateful to the anonymous reviewers for the evaluation of the manuscript."
1. Liu LS, Shih PC, Hayes GR (2011). Barriers to the adoption and use of personal health record systems. Proceedings of the iConference, Seattle, WA, USA. New York, NY: ACM; 363–70.
2. Asma B, Mohammed El Amine A. (2019). Access control to the electronic health records : A case study of an Algerian health organization. International Journal of Medical Engineering and Informatics; Available from:https://www.inderscience.com/info/ingeneral/forth coming.php?jcode=ijmei 3. Andriole, K P. (2014). Security of Electronic Medical Information and Patient Privacy: What You Need to Know. Journal of the American College of Radiology; 11:1212 – 1216. 4. Shen N, Bernier T, Sequeira L, Strauss J, Silver M P et al. (2019). Understanding the patient privacy perspective on health information exchange: A systematic review. International Journal of Medical Informatics; 125:1-12. 5. Kruse CS, Smith B, Vanderlinden H, Nealand A.(2017). Security Techniques for the Electronic Health Records. Journal of Medical Systems; 41:127. 6. Reda Y. (2019). Systèmes de gestion de la confiance : une étude rétrospective sur la confiance numérique. Cybervigilance et confiance numérique : La cybersécurité à l’ère du Cloud et des objets connectés. Ed. ISTE.
7. Slevin L, Macfie A. (2007).Role based access control for a medical database. IASTED Software Engineering and Applications Conference.
8. Marcelo Antonio de Carvalho J, Bandiera-Paiva P .( 2018 ). Health Information System Role-Based Access Control Current Security Trends and Challenges. Journal of healthcare engineering.
9. Fernández-Alemán JL1, Señor IC, Lozoya PÁ, Toval A.(2013). Security and privacy in electronic health records: A systematic literature review. Journal of Biomedical Informatics; 46(3):541-562.
10. Lan Y, Kathryn C, Ming Y. (2019). Ontology-based systems engineering: A state-of-the-art review. Computers in Industry; 111:148-171.
11. Mohammad A, Kanaan G, Khdour T, Bani-Ahmad S.(2011). Ontology-Based Access Control Model for Semantic Web Services. Journal of Information and Computing Science; 63:77-194.
12. Imran-Daud M. (2016). Ontology-based Access Control in Open Scenarios: Applications to Social Networks and the Cloud. Doctoral thesis universitat Provira I Virgili Tarragona.
13. Imran-Daud M, Sanchez D, Viejo A. (2016). Ontology-based Access Control Management: Two Use Cases. Proceedings of the 8th International Conference on Agents and Artificial Intelligence, Rome, Italy; 244-249.
14. Imran-Daud M, Sanchez D, Viejo A.(2016). Privacy-driven access control in social networks by means of automatic semantic annotation. Computer Communications; 76 :12-25.
15. Brut M, Al Kukhun D, Péninou A, Canut M-F, Sèdes F. (2011). Structuration et accès au Dossier Médical Personnel : approche par ontologies et politiques d’accès XACML. Symposium sur l’Ingénierie de l’Information médicale SIIM, Toulouse; 77-84.
16. Cocos C, MacCaull W. (2010). An ontological implementation of a role-based access control policy for health care information. Proceedings of the Workshop of Ontologies in Biomedicine and Life Sciences.
17. Kagal L, Finin T, Joshi A. (2003). A Policy Language for a Pervasive Computing Environment. POLICY ’03: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks.
18. Bradshaw J, Uszok A. (2013). KAoS Policy Services Framework: User Guide. Available from: https://ontology.ihmc.us/KAoS/KAoSUsersGuide.pdf
19. Sensoy, M, Norman T, Vasconcelos W W, Sycara K. (2012). OWL-POLAR: A Framework for Semantic Policy Representation and Reasoning. Journal of Web Semantics; 1213 :148-160.
20. Finin T, Joshi A, Kagal L, Niu J, Sandhu R, Winsborough W, et al. (2008). ROWLBAC: representing role based access control in OWL. SACMAT ’08: Proceedings of the 13th ACM symposium on Access control models and technologies;73–82.
21. Buffa M, Faron-Zucker C. (2012). Ontology-Based Access Rights Management. Advances in Knowledge Discovery and Management, Studies in Computational Intelligence; 398 :49-61.
22. Choi C, Choi J, Ko B, Oh K, Kim P. (2012). A Design of Onto-ACM (Ontology based Access Control Model) in Cloud Computing Environments. Journal of Internet Services and Information Security; 2: 54-64.
23. Mustafa B S, Al-Dabagh, N B. (2014). OJADEAC: An Ontology Based Access Control Model for JADE Platform. International Journal of Advanced Computer Science and Applications(IJACSA); 55:42-47.
24. Macfie A. Semantic role-based access control(2014). Doctoral dissertation, university of Westminster.
25. Alparslan N Y, Komesli M, Unalir M O, Can O. (2019). Development of a Method and a Tool for Hybrid Data Based Access Framework. Innovations in Intelligent Systems and Applications Conference (ASYU).
26. Fatma G, Abdelghani C, Yacine A. (2010). Approche de contrôle d’accès collaboratif entre plusieurs domaines de sécurité dans un environnement ubiquitaire. 6ème Journées Francophones Ubiquité et Mobilité : UBIMOB.
27. Iman B H, Olfa C T, Imed B.(2016). Vers un cadre ontologique de partage des connaissances du Dossier médical Partagé : cas des établissements de santé en France. GeCSO: 9e Colloque International GeCSO Gestion des Connaissances dans la Société et les Organisations, la dynamique des connaissances Paris.
28. Garcia F, Martinez G, Botia J A, Gomez A J F. (2005). Representing Security Policies in Web Information Systems. Proc. Policy Management for the Web (PM4W),14th Intl. WWW Conference, Chiba, Japan.
29. Abdeljebar A El H. (2016). Le contrôle d’accès des réseaux et grandes infrastructures critiques distribués. Doctoral dissertation, university of Toulouse.
30. Musen M A. (2015).The Protégé project: a look back and a look forward . AI Matters, Association of Computing Machinery Specific Interest Group in Artificial Intelligence; 1(4):4–12. DOI: 10.1145/2557001.257003.
.
.
.
|
.
.
