| Title | Responsibility Attribution Against Data Breaches |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Kayes, A.S.M., Hammoudeh, Mohammad, Badsha, Shahriar, Watters, Paul A., Ng, Alex, Mohammed, Fatma, Islam, Mofakharul |
| Conference Name | 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT) |
| Keywords | Access Control, attribution, composability, Cost Model, Data Breach, Electronic Crimes, Human Behavior, Metrics, Ontology, policy model, pubcrawl, Responsibility Attribution |
| Abstract | Electronic crimes like data breaches in healthcare systems are often a fundamental failures of access control mechanisms. Most of current access control systems do not provide an accessible way to engage users in decision making processes, about who should have access to what data and when. We advocate that a policy ontology can contribute towards the development of an effective access control system by attributing responsibility for data breaches. We propose a responsibility attribution model as a theoretical construct and discuss its implication by introducing a cost model for data breach countermeasures. Then, a policy ontology is presented to realize the proposed responsibility and cost models. An experimental study on the performance of the proposed framework is conducted with respect to a more generic access control framework. The practicality of the proposed solution is demonstrated through a case study from the healthcare domain. |
| DOI | 10.1109/ICIoT48696.2020.9089466 |
| Citation Key | kayes_responsibility_2020 |
Responsibility Attribution Against Data Breaches