GPT, Ontology, and CAABAC: A Tripartite Personalized Access Control Model Anchored by Compliance, Context and Attribute

• URL: http://arxiv.org/abs/2403.08264v1
• Date: Wed, 13 Mar 2024 05:30:30 GMT
• Title: GPT, Ontology, and CAABAC: A Tripartite Personalized Access Control Model Anchored by Compliance, Context and Attribute
• Authors: Raza Nowrozy, Khandakar Ahmed, Hua Wang
• Abstract summary: This study presents Generative Transformer (GPT), medical access and context-Aware Attribute-Based Access Control (BACT) Unlike traditional models, GP-Onto-CAABACT dynamically interprets policies and adapts to changing healthcare and legal environments. Findings suggest its broader applicability in sectors where access control must meet stringent compliance and situational standards.
• Score: 3.932043050439443
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: As digital healthcare evolves, the security of electronic health records (EHR) becomes increasingly crucial. This study presents the GPT-Onto-CAABAC framework, integrating Generative Pretrained Transformer (GPT), medical-legal ontologies and Context-Aware Attribute-Based Access Control (CAABAC) to enhance EHR access security. Unlike traditional models, GPT-Onto-CAABAC dynamically interprets policies and adapts to changing healthcare and legal environments, offering customized access control solutions. Through empirical evaluation, this framework is shown to be effective in improving EHR security by accurately aligning access decisions with complex regulatory and situational requirements. The findings suggest its broader applicability in sectors where access control must meet stringent compliance and adaptability standards.

Related papers

• Towards a HIPAA Compliant Agentic AI System in Healthcare [3.3123773366516645]
  This paper introduces a HIPAA-compliant Agentic AI framework that enforces regulatory compliance through dynamic, context-aware policy enforcement. Our framework integrates three core mechanisms: (1) Attribute-Based Access Control (ABAC) for granular governance, (2) a hybrid PHI sanitization pipeline combining patterns and BERT-based model to minimize leakage, and (3) immutable audit trails for compliance verification.
  arXiv  Detail & Related papers  (2025-04-24T15:38:20Z)
• In-House Evaluation Is Not Enough: Towards Robust Third-Party Flaw Disclosure for General-Purpose AI [93.33036653316591]
  We call for three interventions to advance system safety. First, we propose using standardized AI flaw reports and rules of engagement for researchers. Second, we propose GPAI system providers adopt broadly-scoped flaw disclosure programs. Third, we advocate for the development of improved infrastructure to coordinate distribution of flaw reports.
  arXiv  Detail & Related papers  (2025-03-21T05:09:46Z)
• Data Sharing, Privacy and Security Considerations in the Energy Sector: A Review from Technical Landscape to Regulatory Specifications [49.567747749614924]
  Decarbonization, decentralization and digitalization are the three key elements driving the twin energy transition. This paper conducts a comprehensive review of the data-related issues for the energy system by integrating both technical and regulatory dimensions. We classify the issues into three categories: (i) data-sharing among energy end users and stakeholders (ii) privacy of end users, and (iii) cyber security.
  arXiv  Detail & Related papers  (2025-03-05T14:23:56Z)
• 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
  Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities. This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users. An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
  arXiv  Detail & Related papers  (2025-02-17T12:23:53Z)
• A Global Medical Data Security and Privacy Preserving Standards Identification Framework for Electronic Healthcare Consumers [2.57177976232483]
  Different countries have varying standards for the security and privacy of medical data. This paper proposed a novel and comprehensive framework to standardize these rules globally.
  arXiv  Detail & Related papers  (2024-10-04T17:22:55Z)
• Law-based and standards-oriented approach for privacy impact assessment in medical devices: a topic for lawyers, engineers and healthcare practitioners in MedTech [0.0]
  The adoption of non-binding standards like ISO and IEC can harmonize processes by enhancing accountability privacy by design. The study advocates for leveraging both hard law and standards to systematically address privacy and safety in the design and operation of medical devices.
  arXiv  Detail & Related papers  (2024-09-18T09:56:19Z)
• Beyond One-Time Validation: A Framework for Adaptive Validation of Prognostic and Diagnostic AI-based Medical Devices [55.319842359034546]
  Existing approaches often fall short in addressing the complexity of practically deploying these devices. The presented framework emphasizes the importance of repeating validation and fine-tuning during deployment. It is positioned within the current US and EU regulatory landscapes.
  arXiv  Detail & Related papers  (2024-09-07T11:13:52Z)
• Automatically Adaptive Conformal Risk Control [49.95190019041905]
  We propose a methodology for achieving approximate conditional control of statistical risks by adapting to the difficulty of test samples. Our framework goes beyond traditional conditional risk control based on user-provided conditioning events to the algorithmic, data-driven determination of appropriate function classes for conditioning.
  arXiv  Detail & Related papers  (2024-06-25T08:29:32Z)
• Practically adaptable CPABE based Health-Records sharing framework [0.0]
  We have suggested a CPABE and OAuth2.0 based framework for efficient access-control and authorization respectively to improve the practicality of EHR sharing across a single client-application. Our implementation of the suggested framework along with its analytical comparison signifies its potential in terms of efficient performance and minimal latency.
  arXiv  Detail & Related papers  (2024-03-11T00:23:17Z)
• Analysis of Blockchain Integration in the e-Healthcare Ecosystem [0.0]
  This article studies the most commonly adopted approaches in healthcare data management systems using blockchain technology. An evaluation is conducted based on a set of observed common characteristics, distinguishing one approach from the others. For effective implementation in the context of e-health, we emphasize the existence of crucial challenges.
  arXiv  Detail & Related papers  (2024-01-08T12:19:53Z)
• Blockchain-empowered Federated Learning for Healthcare Metaverses: User-centric Incentive Mechanism with Optimal Data Freshness [66.3982155172418]
  We first design a user-centric privacy-preserving framework based on decentralized Federated Learning (FL) for healthcare metaverses. We then utilize Age of Information (AoI) as an effective data-freshness metric and propose an AoI-based contract theory model under Prospect Theory (PT) to motivate sensing data sharing.
  arXiv  Detail & Related papers  (2023-07-29T12:54:03Z)
• The Design and Implementation of a National AI Platform for Public Healthcare in Italy: Implications for Semantics and Interoperability [62.997667081978825]
  The Italian National Health Service is adopting Artificial Intelligence through its technical agencies. Such a vast programme requires special care in formalising the knowledge domain. Questions have been raised about the impact that AI could have on patients, practitioners, and health systems.
  arXiv  Detail & Related papers  (2023-04-24T08:00:02Z)
• Recursively Feasible Probabilistic Safe Online Learning with Control Barrier Functions [60.26921219698514]
  We introduce a model-uncertainty-aware reformulation of CBF-based safety-critical controllers. We then present the pointwise feasibility conditions of the resulting safety controller. We use these conditions to devise an event-triggered online data collection strategy.
  arXiv  Detail & Related papers  (2022-08-23T05:02:09Z)
• Toward Deep Learning Based Access Control [3.2511618464944547]
  This paper proposes Deep Learning Based Access Control (DLBAC) by leveraging significant advances in deep learning technology. DLBAC could complement and, in the long-term, has the potential to even replace, classical access control models with a neural network. We demonstrate the feasibility of the proposed approach by addressing issues related to accuracy, generalization, and explainability.
  arXiv  Detail & Related papers  (2022-03-28T22:05:11Z)
• User-Centric Health Data Using Self-sovereign Identities [69.50862982117127]
  This article presents the potential use of the issuers Self-Sovereign Identities (SSI) and Distributed Ledger Technologies (DLT) to improve the privacy and control of health data. The paper lists the prominent use cases of decentralized identities in the health area, and discusses an effective blockchain-based architecture.
  arXiv  Detail & Related papers  (2021-07-26T17:09:52Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.