Enhancing Healthcare Security: A Unified RBAC and ABAC Risk-Aware Access Control Approach
Hany F. Atlam () and
Yifu Yang
Additional contact information
Hany F. Atlam: Cyber Security Centre, Warwick Manufacturing Group, University of Warwick, Coventry CV4 7AL, UK
Yifu Yang: Cyber Security Centre, Warwick Manufacturing Group, University of Warwick, Coventry CV4 7AL, UK
Future Internet, 2025, vol. 17, issue 6, 1-30
Abstract:
Healthcare systems are increasingly vulnerable to security threats due to their reliance on digital platforms. Traditional access control models like Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) have limitations in mitigating evolving risks in these systems. Despite their unique features, these models face limitations in mitigating evolving risks in healthcare systems. Traditional models are primarily oriented towards allocating permissions according to predetermined roles or policies, which results in challenges in effectively adapting to the dynamic complexities of modern healthcare ecosystems. Therefore, this paper proposes a novel risk-aware RBAC and ABAC access control model to enhance the flexibility, adaptability and security issues associated with healthcare systems. The proposed model integrates RBAC for role-based categorization, ABAC for fine-grained control based on user attributes and environmental factors, and Risk-Based Access Control (RiBAC) for dynamic risk assessment. The proposed model dynamically adjusts access permissions based on risk values, ensuring accurate and adaptable access control decisions. The experimental results demonstrate the feasibility and effectiveness of the proposed model in granting access to authorized users while denying access to unauthorized users. Through a series of 43 experiments that simulate various scenarios of access control operations in the healthcare system, the proposed model demonstrates significant improvement in the accuracy, precision, and recall of access control decisions compared to traditional models. The proposed model’s ability to dynamically assess risk and adjust access permissions based on contextual factors significantly enhances its ability to mitigate threats and protect sensitive medical data.
Keywords: healthcare security; access control models; Role-Based Access Control; Attribute-Based Access Control; Risk-Based Access Control; XACML; XACML policies (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:
Downloads: (external link)
https://www.mdpi.com/1999-5903/17/6/262/pdf (application/pdf)
https://www.mdpi.com/1999-5903/17/6/262/ (text/html)
Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
HTML/Text
Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:17:y:2025:i:6:p:262-:d:1679220
Access Statistics for this article
Future Internet is currently edited by Ms. Grace You
More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().