Nastaran Farhadi Ghalati, Sanaz Nikghadam-Hojjati, Jose Barata

Proceedings of the 28th World Multi-Conference on Systemics, Cybernetics and Informatics: WMSCI 2024, pp. 18-25 (2024); https://doi.org/10.54808/WMSCI2024.01.18

Nastaran Farhadi Ghalati
NOVA School of Science and Technology, UNINOVA-CTS and LASI, NOVA University Lisbon, Lisbon, Portugal

Sanaz Nikghadam-Hojjati
NOVA School of Science and Technology, UNINOVA-CTS and LASI, NOVA University Lisbon, Lisbon, Portugal

Jose Barata
NOVA School of Science and Technology, UNINOVA-CTS and LASI, NOVA University Lisbon, Lisbon, Portugal

Cite this paper as:
Farhadi Ghalati, N., Nikghadam-Hojjati, S., Barata, J. (2024). Implementing Behavior-Based Access Control in Healthcare Scenario Using FIWARE. In N. Callaos, E. Gaile-Sarkane, N. Lace, B. Sánchez, M. Savoie (Eds.), Proceedings of the 28th World Multi-Conference on Systemics, Cybernetics and Informatics: WMSCI 2024, pp. 18-25. International Institute of Informatics and Cybernetics. https://doi.org/10.54808/WMSCI2024.01.18

Distributed healthcare systems require strong security and privacy measures because Electronic Health Records (EHRs) are highly sensitive and regulations are strict. The advancing technologies increase the healthcare sector’s susceptibility to data breaches. This highlights the crucial importance of efficient access control to regulate access in settings with extensive data sharing and multiple users.
Many of these challenges cannot be addressed by traditional access control methods. This paper proposes a novel user centric access control model, Behavioral-Based Access Control (BBAC), inspired by the Internet of Behaviors (IoB) paradigm.
BBAC dynamically assigns access levels by capturing and leveraging user behavior patterns. Integrating behavioral modeling and user-adaptive access mechanisms within complex healthcare environments, BBAC facilitates privacy-preserving data sharing. Utilizing a human-centered decision-making process, the model enhances security and privacy by adjusting access permissions based on a combination of user roles, locations, times, and behaviors.
This work details the development of BBAC access control policies implemented through AuthZForce. These policies govern authorization/denial of user access requests within the BBAC framework, effectively combining traditional policy strengths with the additional benefit of user behavior. Our evaluation and implementation demonstrate BBAC’s practicality and efficiency in healthcare scenarios.