Experience-Based Access Management (EBAM)

EBAM is a methodology for using experience from access logs to narrow the gap between the ideal access rights of principals  and the enforced controls that the system must use in practice.  The EBAM project focuses on applications of this strategy in health information systems.  The startegy involves developing an expected model of access rights based on attribute-based rule sets informed by probabilistic analysis. EBAM is a multi-institutional collaboration between experts in bioinformatics, cyber-security, and hospital information technology.

Publications

Inferring Clinical Workflow Efficiency via Electronic Medical Record Utilization,
You Chen, Wei Xie, Carl A Gunter, David Liebovitz, Sanjay Mehrotra, He Zhang, and Bradley Malin.
AMIA Symposium, San Francisco, CA, November 2015.

Discovering De Facto Diagnosis Specialities,
Xun Lu, Aston Zhang, Carl A. Gunter, Daniel Fabbri, David Liebovitz, and Bradley Malin.
ACM Conference on Bioinformatics, Computational Biology, and Health Informatics (BCB), Atlanta, GA, September 2015. [PPT]

Security for Mobile and Cloud Frontiers in Healthcare,
David Kotz, Kevin Fu, Carl Gunter, and Avi Rubin.
Communications of the ACM, 58(8), August 2015.

Privacy in the Genomic Era,
Muhammad Naveed, Erman Ayday, Ellen W. Clayton, Jacques Fellay, Carl A. Gunter, Jean-Pierre Hubaux, Bradley A. Malin, and XiaoFeng Wang.
ACM Computing Surveys 48, 1, Article 6, August, 2015.
Associated online tutorial on genomics for computer scientists.

Building Bridges Across Electronic Health Record Systems through Inferred Phenotypic Topics,
You Chen, Joydeep Ghosh, Cosmin Adrian Bejan, Carl A. Gunter, Siddharth Gupta, Abel Kho, David Liebovitz, Jimeng Sun, Joshua Denny, and Bradley Malin.
Journal of Biomedical Informatics, Volume 55 (2015), pages 82-93. Appendix.

Decide Now or Decide Later? Quantifying the Tradeoff between Prospective and Retrospective Access Decisions,
Wen Zhang, You Chen, Thaddeus R. Cybulski, Daniel Fabbri, Carl A. Gunter, Patrick Lawlor, David Liebovitz, Bradley Malin.
ACM Computer and Communication Security (CCS), Scottsdale AZ, November 2014.

Detecting Privacy-Sensitive Events in Medical Text,
Prateek Jindal, Carl A. Gunter, and Dan Roth.
ACM Bioinformatics, Computational Biology, and Health Informatics (BCB),  Newport Beach, CA, September 2014. (Technical Report.)

Diagnosis Based Specialist Identification in the Hospital,
Xun Lu.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2014.

Privacy-Preserving Audit for Broker-Based Health Information Exchange,
Se Eun Oh.
Masters of Science Thesis, University of Illinois at Urbana-Champaign, May 2014.

Privacy Risk in Anonymized Heterogeneous Information Networks,
Aston Zhang, Xing Xie, Kevin Chen-Chuan Chang, Carl A. Gunter, Jiawei Han, and XiaoFeng Wang.
Extending Database Technologies (EDBT’14), Athens, Greece, March 2014.

Privacy-Preserving Audit for Broker-Based Health Information Exchange,
Se Eun Oh, Ji Young Chun, Limin Jia, Deepak Garg, Carl A. Gunter, Anupam Datta.
ACM Conference on Data and Application Security and Privacy (CODASPY ’14), San Antonio, TX, March 2014.

Securing Information Technology in Healthcare
Denise Anthony, Andrew T. Campbell, Thomas Candon, Andrew Gettinger, David Kotz, Lisa A. Marsch, Andres Molina-Markham, Karen Page, Sean Smith, Carl A. Gunter, and M. Eric Johnson
IEEE Security & Privacy, Vol.11, No.6, pp.25,33, Nov.-Dec. 2013.

Building a Smarter Health and Wellness Future: Privacy and Security Challenges,
Carl A. Gunter. 
Chapter 9 in ICTs and the Health Sector: Towards Smarter Health and Wellness Models, OECD, October 2013, pages 141-157.

Requirements and Design for an Extensible Toolkit for Analyzing EMR Audit Logs,
Eric Duffy, Steve Nyemba, Carl A. Gunter, David Liebovitz, and Bradley Malin.
USENIX Workshop on Health Information Technologies (HealthTech 13), August 2013.

Modeling and Detecting Anomalous Topic Access
Siddharth Gupta, Casey Hanson, Carl A. Gunter, Mario Frank, David Liebovitz, and Bradley Malin
IEEE Intelligence and Security Informatics (ISI 13), June 2013. [BIB][PPT]

Implementing Health Information Exchange with Searchable Encryption,
Igors Svecs.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2013.

Modeling and Detecting Anomalous Topic Access in EMR Audit Logs,
Siddharth Gupta.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2013.

Facilitating Patient and Administrator Analyses of Electronic Health Record Accesses,
Eric Duffy.
Master of Science Thesis, University of Illinois at Urbana-Champaign, August 2013.

Evolving Role Definitions Through Permission Invocation Patterns
Wen Zhang, You Chen, Carl A. Gunter, David Liebovitz, and Bradley Malin
ACM Symposium on Access Control Models and Technologies (SACMAT ’13), June 2013. [BIB]

Role Prediction using Electronic Medical Record System Audits
Wen Zhang, Carl A. Gunter, David Liebovitz, Jian Tian, and Bradley Malin
AMIA 2011 Annual Symposium, Washington, DC, October 2011. [PPT][BIB]

Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems
Carl A. Gunter, David M. Liebovitz, and Bradley Malin
IEEE Security & Privacy, volume 9, number 5, September/October 2011. [BIB]

Last updated on Friday, July 20, 2012, 9:07 am