Responsibility Attribution Against Data Breaches

A. S.M. Kayes; Mohammad Hammoudeh; Shahriar Badsha; Paul A. Watters; Alex Ng; Fatma Mohammed; Mofakharul Islam

doi:10.1109/ICIoT48696.2020.9089466

Responsibility Attribution Against Data Breaches

A. S.M. Kayes, Mohammad Hammoudeh, Shahriar Badsha, Paul A. Watters, Alex Ng, Fatma Mohammed, Mofakharul Islam

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

Electronic crimes like data breaches in healthcare systems are often a fundamental failures of access control mechanisms. Most of current access control systems do not provide an accessible way to engage users in decision making processes, about who should have access to what data and when. We advocate that a policy ontology can contribute towards the development of an effective access control system by attributing responsibility for data breaches. We propose a responsibility attribution model as a theoretical construct and discuss its implication by introducing a cost model for data breach countermeasures. Then, a policy ontology is presented to realize the proposed responsibility and cost models. An experimental study on the performance of the proposed framework is conducted with respect to a more generic access control framework. The practicality of the proposed solution is demonstrated through a case study from the healthcare domain.

Original language	English
Title of host publication	2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	498-503
Number of pages	6
ISBN (Electronic)	9781728148212
DOIs	https://doi.org/10.1109/ICIoT48696.2020.9089466
State	Published - Feb 2020
Externally published	Yes

Publication series

Name	2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020

Bibliographical note

Publisher Copyright:
© 2020 IEEE.

Keywords

Access Control
Cost Model
Data Breach
Electronic Crimes
Ontology
Policy Model
Responsibility Attribution

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Hardware and Architecture
Information Systems
Information Systems and Management

Access to Document

10.1109/ICIoT48696.2020.9089466

Cite this

Kayes, A. S. M., Hammoudeh, M., Badsha, S., Watters, P. A., Ng, A., Mohammed, F., & Islam, M. (2020). Responsibility Attribution Against Data Breaches. In 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020 (pp. 498-503). Article 9089466 (2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICIoT48696.2020.9089466

Kayes, A. S.M. ; Hammoudeh, Mohammad ; Badsha, Shahriar et al. / Responsibility Attribution Against Data Breaches. 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020. Institute of Electrical and Electronics Engineers Inc., 2020. pp. 498-503 (2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020).

@inproceedings{1e0bf553cb3f400c8823f088dcc5f34e,

title = "Responsibility Attribution Against Data Breaches",

abstract = "Electronic crimes like data breaches in healthcare systems are often a fundamental failures of access control mechanisms. Most of current access control systems do not provide an accessible way to engage users in decision making processes, about who should have access to what data and when. We advocate that a policy ontology can contribute towards the development of an effective access control system by attributing responsibility for data breaches. We propose a responsibility attribution model as a theoretical construct and discuss its implication by introducing a cost model for data breach countermeasures. Then, a policy ontology is presented to realize the proposed responsibility and cost models. An experimental study on the performance of the proposed framework is conducted with respect to a more generic access control framework. The practicality of the proposed solution is demonstrated through a case study from the healthcare domain.",

keywords = "Access Control, Cost Model, Data Breach, Electronic Crimes, Ontology, Policy Model, Responsibility Attribution",

author = "Kayes, {A. S.M.} and Mohammad Hammoudeh and Shahriar Badsha and Watters, {Paul A.} and Alex Ng and Fatma Mohammed and Mofakharul Islam",

note = "Publisher Copyright: {\textcopyright} 2020 IEEE.",

year = "2020",

month = feb,

doi = "10.1109/ICIoT48696.2020.9089466",

language = "English",

series = "2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "498--503",

booktitle = "2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020",

address = "United States",

}

Kayes, ASM, Hammoudeh, M, Badsha, S, Watters, PA, Ng, A, Mohammed, F & Islam, M 2020, Responsibility Attribution Against Data Breaches. in 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020., 9089466, 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020, Institute of Electrical and Electronics Engineers Inc., pp. 498-503. https://doi.org/10.1109/ICIoT48696.2020.9089466

Responsibility Attribution Against Data Breaches. / Kayes, A. S.M.; Hammoudeh, Mohammad; Badsha, Shahriar et al.
2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020. Institute of Electrical and Electronics Engineers Inc., 2020. p. 498-503 9089466 (2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Responsibility Attribution Against Data Breaches

AU - Kayes, A. S.M.

AU - Hammoudeh, Mohammad

AU - Badsha, Shahriar

AU - Watters, Paul A.

AU - Ng, Alex

AU - Mohammed, Fatma

AU - Islam, Mofakharul

PY - 2020/2

Y1 - 2020/2

N2 - Electronic crimes like data breaches in healthcare systems are often a fundamental failures of access control mechanisms. Most of current access control systems do not provide an accessible way to engage users in decision making processes, about who should have access to what data and when. We advocate that a policy ontology can contribute towards the development of an effective access control system by attributing responsibility for data breaches. We propose a responsibility attribution model as a theoretical construct and discuss its implication by introducing a cost model for data breach countermeasures. Then, a policy ontology is presented to realize the proposed responsibility and cost models. An experimental study on the performance of the proposed framework is conducted with respect to a more generic access control framework. The practicality of the proposed solution is demonstrated through a case study from the healthcare domain.

AB - Electronic crimes like data breaches in healthcare systems are often a fundamental failures of access control mechanisms. Most of current access control systems do not provide an accessible way to engage users in decision making processes, about who should have access to what data and when. We advocate that a policy ontology can contribute towards the development of an effective access control system by attributing responsibility for data breaches. We propose a responsibility attribution model as a theoretical construct and discuss its implication by introducing a cost model for data breach countermeasures. Then, a policy ontology is presented to realize the proposed responsibility and cost models. An experimental study on the performance of the proposed framework is conducted with respect to a more generic access control framework. The practicality of the proposed solution is demonstrated through a case study from the healthcare domain.

KW - Access Control

KW - Cost Model

KW - Data Breach

KW - Electronic Crimes

KW - Ontology

KW - Policy Model

KW - Responsibility Attribution

UR - http://www.scopus.com/inward/record.url?scp=85085475839&partnerID=8YFLogxK

U2 - 10.1109/ICIoT48696.2020.9089466

DO - 10.1109/ICIoT48696.2020.9089466

M3 - Conference contribution

AN - SCOPUS:85085475839

T3 - 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020

SP - 498

EP - 503

BT - 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Kayes ASM, Hammoudeh M, Badsha S, Watters PA, Ng A, Mohammed F et al. Responsibility Attribution Against Data Breaches. In 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020. Institute of Electrical and Electronics Engineers Inc. 2020. p. 498-503. 9089466. (2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020). doi: 10.1109/ICIoT48696.2020.9089466

Responsibility Attribution Against Data Breaches

Abstract

Publication series

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this