TC: Medium: Collaborative Research: Experience-Based Access Management (EBAM) for Hospital Information Technology

TC：媒介：协作研究：医院信息技术的基于经验的访问管理（EBAM）

• 批准号: 0964392
• 负责人: Carl Gunter
• 金额: $ 40万
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2010
• 资助国家: 美国
• 起止时间: 2010-04-01 至 2016-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0964392&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Experience

Insufficient attention has been given to enterprise Identity and Access Management (IAM) as a process that needs to be carried out on a continuing basis in the presence of change and evolution. In particular, there is little formal support for how IAM can exploit experience the enterprise collects over time. This project is developing a lifecycle model of IAM called Experience Based Access Management (EBAM) that provides a set of models, techniques, and tools to reconcile differences between the "ideal" access model, as judged by high-level enterprise, professional, and legal standards, and the "enforced" access control, specific to the operational IAM system. The principal component of an EBAM support system is an "expected" access model that is used to represent differences between the ideal and enforced models based on information collected from access logs and other operational information. The project is developing and validating an approach to the expected model based on using probabilistic information to inform the design of access rules. The project focuses on EBAM for hospital information systems since these are an especially important class of enterprise systems that present diverse and interesting challenges but also provide potential insight into similar issues in other types of enterprise IAM systems. The team consists of specialists in cyber security, biomedical informatics, and a physician who serves as chief medical information officer within a major hospital system. The project will demonstrate how analysis of clinical experience can address gaps between ideal and enforced access control models in a representative hospital.

企业身份和访问管理（IAM）作为一个需要在变化和发展的情况下持续进行的过程，没有得到足够的重视。 特别是，对于IAM如何利用企业长期收集的经验，几乎没有正式的支持。 该项目正在开发一个名为基于经验的访问管理（EBAM）的IAM生命周期模型，它提供了一组模型、技术和工具，以协调由高级企业、专业和法律的标准判断的“理想”访问模型与特定于操作IAM系统的“强制”访问控制之间的差异。 EBAM支持系统的主要组成部分是一个“预期”访问模型，用于根据从访问日志和其他操作信息收集的信息来表示理想模型和强制模型之间的差异。 该项目正在开发和验证一种基于使用概率信息为访问规则的设计提供信息的预期模型的方法。 该项目的重点是EBAM的医院信息系统，因为这些是一个特别重要的企业系统，提出了不同的和有趣的挑战，但也提供了潜在的洞察力，在其他类型的企业IAM系统的类似问题。 该团队由网络安全、生物医学信息学专家和一名在大型医院系统中担任首席医疗信息官的医生组成。 该项目将展示临床经验分析如何解决代表性医院的理想和强制访问控制模型之间的差距。