An enhancement of the Rew-XAC model for workflow data access control in healthcare

Abstract

The Rew-XAC model, based on Extensible Access Control Markup Language (XACML) 3.0, has been developed to solve the problem in the case that requests receive “Not Applicable” responses from the policy decision point (PDP). According to the most applicable policy that has the best score computed by a fuzzy function, the Rew-XAC model carried out rewriting the request. However, an important issue not addressed yet in the Rew-XAC model is that there has more than one policy with the same highest fuzzy value. In this paper, we propose an enhancement that assigns a union operator for all resource filter expressions produced from the related modules in the Rew-XAC model for each selected policy to the rewritten request. Besides, we demonstrate the potential of our model through analyzing the complex security requirements for a case study in the healthcare domain, and then propose a mechanism integrated with the proposed model to support access control for workflow data. We also perform an experiment using the dataset of policies in the case study to verify the feasibility of our approach in the healthcare domain that needs the data-protection rigorously complying with the regulations.