In some complex information systems, users do not undergo untimely access controls. Generally, whenever they perform an action, this action is logged by the target system. Based on these log files, a security control called a posteriori access control is made afterwards. The logged data can be recorded in different formats (Syslog, W3C extend log, specific domain log standard like IHE-ATNA, etc.). An a posteriori security control framework requires a log filtering engine which extracts useful information regardless of the log format used. In this paper, we define and enforce this extraction function by building an ontology model of logs. This logs ontology is queried to check the compliance of actions performed by the users of the considered system with its access control policy (violations, anomalies, fulfilments, etc.). We show how the a posteriori security controls are made effective and how security decisions are made easier based on this extraction function.
International audienceIn healthcare information management, privacy and confidentiality are two major concerns usually satisfied by access control means. Traditional access control mechanisms prevent illegal access by controlling access right before executing an action. They have some limitations like inflexibility in unanticipated circumstances (e.g., emergency). Recently, a posteriori access control has been proposed to complete a priori protection for a more effective and flexible solution. It controls the access by deterring user from having unauthorized access. To be deployed, a posteriori access control needs evidence to prove the users' violations. In this paper, we show how log records defined by the Integrating the Healthcare Enterprise-Audit Trail and Node Authentication (ATNA) profile can be used to deploy an a posteriori access control system. To develop an efficient method for finding violations, we propose a framework that customizes ATNA log records according to a contextual security policy like the Organization-Based Access Control. Experiments we conducted are also presented
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.