| # Policy Description: Healthcare | |||
| *Vesion: v20250308* | |||
| This is a sample policy developed by Xu et al. (2015). The policy manages access to electronic health records (HRs) and individual HR items (entries within health records). It defines access rules for nurses, doctors, patients, and authorized agents (such as a patient’s spouse). | |||
| Reference: Zhongyuan Xu and Scott D. Stoller. Mining attribute-based access control policies. IEEE Transactions on Dependable and Secure Computing, 12(5):533–545, September–October 2015. | |||
| Subject/User Attributes | |||
| Attribute Name | Multiplicity, Type | Description | Example Values |
| uid | Single, String | User’s unique identifier. | carNurse1, oncDoc2, oncPat2 |
| position | Single, String | The user's position. | doctor, nurse, patient, agent |
| specialties | Multi, Set<String> | The user’s areas of medical expertise (for doctors). | {cardiology, oncology} |
| teams | Multi, Set<String> | Medical teams of which the user is a member. | {oncTeam1, carTeam2} |
| ward | Single, String | The ward in which the user works. | oncWard, carWard |
| agentFor | Multi, Set<String> | The set of patients for which this user is an agent. | {oncPat2, carPat3} |
| Resource Attributes | |||
| Attribute Name | Multiplicity, Type | Description | Example Values |
| rid | Single, String | Resource’s unique identifier | oncPat1HR |
| type | Single, String | Type of resource being accessed. | HR, HRitem |
| patient | Single, String | The patient associated with the HR. | oncPat1, carPat2 |
| treatingTeam | Single, String | The team treating the patient. | oncTeam1 |
| ward | Single, String | The ward of treatment. | oncWard |
| topics | Multi, Set<String> | Medical areas of the item. | {cardiology, oncology} |
| author | Single, String | ID of creator. | oncDoc1 |
# ABAC policy for a healthcare facility, e.g., a hospital.
# Note that the two words "user" and "subject" are used interchangeably in this document.
# Please refer to the policy description document for the detailed descriptions subject attributes and resource attributes. Note that some attributes might be irrelevant for some users and resources.
#------------------------------------------------------------
# user attribute data
#------------------------------------------------------------
# nurses
userAttrib(oncNurse1, position=nurse, ward=oncWard)
userAttrib(oncNurse2, position=nurse, ward=oncWard)
userAttrib(carNurse1, position=nurse, ward=carWard)
userAttrib(carNurse2, position=nurse, ward=carWard)
# doctors
userAttrib(oncDoc1, position=doctor, specialties={oncology}, teams={oncTeam1 oncTeam2})
userAttrib(oncDoc2, position=doctor, specialties={oncology}, teams={oncTeam1})
userAttrib(oncDoc3, position=doctor, specialties={oncology}, teams={oncTeam2})
userAttrib(oncDoc4, position=doctor, specialties={oncology}, teams={oncTeam2})
userAttrib(carDoc1, position=doctor, specialties={cardiology}, teams={carTeam1})
userAttrib(carDoc2, position=doctor, specialties={cardiology}, teams={carTeam2})
userAttrib(anesDoc1, position=doctor, specialties={anesthesiology}, teams={oncTeam1 carTeam1})
# the following doctors are not currently on any teams, but they have
# access to HR items they authored when they were on a team.
userAttrib(doc1, position=doctor, specialties={oncology pediatrics})
userAttrib(doc2, position=doctor, specialties={cardiology neurology})
# patients and agents
userAttrib(oncPat1, position=patient, ward=oncWard)
userAttrib(oncPat2, position=patient, ward=oncWard)
userAttrib(carPat1, position=patient, ward=carWard)
userAttrib(carPat2, position=patient, ward=carWard)
userAttrib(oncAgent1, position=agent, agentFor={oncPat2})
userAttrib(oncAgent2, position=agent, agentFor={oncPat2})
userAttrib(carAgent1, position=agent, agentFor={carPat2})
userAttrib(carAgent2, position=agent, agentFor={carPat2})
#------------------------------------------------------------
# resource attribute data
#------------------------------------------------------------
# resources for oncPat1
resourceAttrib(oncPat1oncItem, type=HRitem, author=oncDoc1, patient=oncPat1, topics={oncology}, treatingTeam=oncTeam1, ward=oncWard)
resourceAttrib(oncPat1nursingItem, type=HRitem, author=oncNurse2, patient=oncPat1, topics={nursing}, treatingTeam=oncTeam1, ward=oncWard)
resourceAttrib(oncPat1noteItem, type=HRitem, author=oncPat1, patient=oncPat1, topics={note}, treatingTeam=oncTeam1, ward=oncWard)
resourceAttrib(oncPat1HR, type=HR, patient=oncPat1, treatingTeam=oncTeam1, ward=oncWard)
# resources for oncPat2
resourceAttrib(oncPat2oncItem, type=HRitem, author=doc1, patient=oncPat2, topics={oncology}, treatingTeam=oncTeam2, ward=oncWard)
resourceAttrib(oncPat2nursingItem, type=HRitem, author=oncNurse1, patient=oncPat2, topics={nursing}, treatingTeam=oncTeam2, ward=oncWard)
resourceAttrib(oncPat2noteItem, type=HRitem, author=oncAgent1, patient=oncPat2, topics={note}, treatingTeam=oncTeam2, ward=oncWard)
resourceAttrib(oncPat2HR, type=HR, patient=oncPat2, treatingTeam=oncTeam2, ward=oncWard)
# resources for carPat1
resourceAttrib(carPat1carItem, type=HRitem, author=carDoc2, patient=carPat1, topics={cardiology}, treatingTeam=carTeam1, ward=carWard)
resourceAttrib(carPat1nursingItem, type=HRitem, author=carNurse1, patient=carPat1, topics={nursing}, treatingTeam=carTeam1, ward=carWard)
resourceAttrib(carPat1noteItem, type=HRitem, author=carPat1, patient=carPat1, topics={note}, treatingTeam=carTeam1, ward=carWard)
resourceAttrib(carPat1HR, type=HR, patient=carPat1, treatingTeam=carTeam1, ward=carWard)
# resources for carPat2
resourceAttrib(carPat2carItem, type=HRitem, author=doc2, patient=carPat2, topics={cardiology}, treatingTeam=carTeam2, ward=carWard)
resourceAttrib(carPat2nursingItem, type=HRitem, author=carNurse2, patient=carPat2, topics={nursing}, treatingTeam=carTeam2, ward=carWard)
resourceAttrib(carPat2noteItem, type=HRitem, author=carAgent1, patient=carPat2, topics={note}, treatingTeam=carTeam2, ward=carWard)
resourceAttrib(carPat2HR, type=HR, patient=carPat2, treatingTeam=carTeam2, ward=carWard)
userAttrib(uid, attribute1=value1, attribute2=value2, ...) resourceAttrib(rid, attribute1=value1, attribute2=value2, ...)
The userAttrib and resourceAttrib lines define the users (subjects) and resources in the policy, respectively.
userAttrib is automatically assigned to an attribute named uid, which is the id of the user.resourceAttrib is automatically assigned to an attribute named rid, which is the id of the resource.value1, value2, ... are atomic values or sets of atomic values.
{element1 element2 ...}. Elements are separated by spaces, not commas.userAttrib and resourceAttrib statements must precede rule statements.
rule(subCond; resCond; cons; acts)
The rule lines define the rules of the policy.
attr [ {value1 value2 ...} → "in" operatorattr ] value → "contains" operatoraum > arm aus [ arm aum ] ars aus = ars
Where:
aus: single-valued user attributeaum: multi-valued user attributears: single-valued resource attributearm: multi-valued resource attribute= : equals → use =∈ : in → use [∋ : contains → use ]⊇ : supseteq → use >For this assignment, and in order for computers to understand your rules, you must use the operators >, [, ], and = instead of symbolic versions.
Goal: maximize Jaccard Value and eliminate over/under permissions.