Dynamic Access Decision Scoring: An Adaptive Framework for Healthcare Data Security and Privacy

Yoram Segal; Adi Hod

doi:10.20944/preprints202412.1724.v1

Preprint

Article

Dynamic Access Decision Scoring: An Adaptive Framework for Healthcare Data Security and Privacy

This version is not peer-reviewed.

Yoram Segal^*,

Adi Hod

Yoram Segal^*,

Adi Hod

This version is not peer-reviewed.

Downloads

Views

Comments

Submitted:

18 December 2024

Posted:

20 December 2024

You are already at the latest version

Abstract

This paper introduces a novel Dynamic Access Decision Scoring (ADS) framework that integrates cognitive computing and big data to address emerging challenges in controlling access to healthcare data systems. Traditional rule-based access control mechanisms lack the cognitive capabilities to process dynamic security requirements, creating vulnerabilities when managing large-scale electronic health records (EHRs). Our framework leverages cognitive computing by combining machine learning algorithms, behavioral pattern analysis, and real-time data analytics to create an intelligent security system that safeguards sensitive medical data while maintaining computational efficiency. The core innovation lies in developing a cognitive mathematical template that data scientists and researchers can adapt through deep learning and analytical processing. The framework introduces a modular formula as an adaptive cognitive pattern, incorporating four computational elements: machine learning predictions, historical pattern recognition, risk analytics, and temporal context processing. Each element employs cognitive algorithms that security architects can calibrate within their specific data ecosystems. The framework’s primary contribution demonstrates how cognitive probabilistic approaches can dynamically adapt to complex healthcare environments. This research advances big data security by establishing a cognitive computing foundation for making access control decisions, effectively bridging theoretical data models with practical machine intelligence implementation in healthcare information systems.

Keywords:

Access Control

;

Healthcare Security

;

Dynamic Decision Scoring

;

HIPAA Compliance

;

Machine Learning

;

Risk Assessment

;

Data Privacy

Subject:

Public Health and Healthcare - Health Policy and Services

1. Introduction

In today’s data-driven world, organizations face the critical challenge of controlling access to their valuable electronic resources while adhering to strict regulations and policies. Chief Data Officers (CDOs) ensure that only authorized users can perform specific actions on sensitive data, including database access, file manipulation, or system-level operations.

Traditional rule-based engines have been the predominant solution for enforcing access control policies. These engines operate on a deterministic "if-then-else" principle, where predefined rules dictate whether a request is granted or denied. However, this approach suffers from several inherent limitations. The complexity and incompleteness of rule sets make it virtually impossible to cover every possible scenario, as the real world is full of nuances and unexpected situations. The rigidity and inflexibility of these systems struggle to adapt to changing environments and dynamic requirements, often requiring constant rule updates that can be cumbersome and error-prone. Furthermore, to compensate for their inability to cover all cases, rule-based systems usually resort to overly restrictive policies, blocking access in situations that might be legitimate, thereby hindering productivity and collaboration within the organization.

The increasing prevalence of data breaches, driven largely by careless or malicious insiders with legitimate access to sensitive information (approximately 63%), underscores the urgent need for more sophisticated approaches. This need is particularly crucial in healthcare settings, where the transition from paper-based protected health information (PHI) to electronic protected health information (ePHI) has created new vulnerabilities and security challenges.

What’s needed is a more continuous and adaptive approach to access control, one that can learn from past behavior, recognize patterns, and make informed decisions even in novel situations. By leveraging machine learning algorithms, we can create a dynamic authorization index that provides a real-time risk assessment for each access request. This index would be a composite score, weighing user identity, resource sensitivity, time of access, historical behavior, and current context.

With this dynamic index, organizations can define authorization thresholds that adapt to changing risk levels. For instance, the threshold could be raised during a suspected cyberattack, requiring a higher score to gain access. This flexibility allows for a more responsive and effective access control system miming human decision-making in access control, providing a high probability of correct authorization decisions in real time.

This paper presents a comprehensive framework for Dynamic Access Decision Scoring (ADS), designed to overcome the limitations of traditional rule-based systems while enabling organizations to protect their valuable resources and foster a collaborative and productive environment. Our approach provides a robust solution for modern access control challenges through machine learning, behavioral analysis, and risk assessment.

2. Objective

The primary objective of this research is to develop a comprehensive and adaptive framework for Dynamic Access Decision Scoring (ADS) that addresses the fundamental limitations of traditional access control systems while meeting the unique security requirements of healthcare environments. Through this framework, we aim to achieve multiple interconnected goals:

From a security perspective, our objective is to create a dynamic authorization system that continuously evaluates access requests based on real-time risk assessment, moving beyond the rigid constraints of traditional rule-based approaches. The system must adapt to emerging threats while maintaining operational efficiency and ensuring legitimate access to critical healthcare data.

We aim to develop a scoring mechanism for healthcare compliance that inherently aligns with regulatory requirements, particularly HIPAA and related healthcare privacy standards. The system must provide granular control over protected health information (PHI) while maintaining detailed audit trails for compliance verification.

Regarding technical implementation, we aim to establish a mathematical framework combining multiple risk factors into a unified scoring system. The Access Decision Score (ADS) must accurately reflect the risk level of each access request through the following formula:

From an operational perspective, we seek to minimize disruption to clinical workflows while maximizing security effectiveness. The system should identify and prevent unauthorized access attempts while facilitating necessary and legitimate access to patient information, particularly in time-critical healthcare scenarios.

The research also addresses the growing challenge of insider threats in healthcare organizations by incorporating behavioral analysis and pattern recognition into the scoring system. By analyzing historical access patterns and contextual information, the framework should be capable of identifying abnormal behavior that might indicate potential security risks.

Ultimately, we aim to create a practical, implementable solution that healthcare organizations can readily adopt to enhance their data security posture while maintaining operational efficiency and regulatory compliance. The framework should provide a foundation for future dynamic access control systems developments, particularly as healthcare technologies and security challenges evolve.

Literature Review

The evolution of access control mechanisms has seen a significant shift from traditional role-based approaches to more dynamic systems, driven by the need to address static model limitations in rapidly changing environments [1,2,3,3,4]. This transition has been particularly crucial in healthcare settings, where protecting electronic health records (EHRs) demands sophisticated security measures while maintaining operational efficiency. Our Access Decision Scoring (ADS) system builds upon these advancements by introducing a machine-learning-driven, real-time scoring mechanism that provides a dynamic and context-sensitive evaluation of access requests [5,6,7].

The ADS system incorporates multiple machine learning models to evaluate access requests, extending beyond conventional approaches that rely primarily on real-time anomaly detection [8,9,10]. By employing a weighted composite score derived from multiple ML models, the system achieves a 30% reduction in false positives and a 25% decrease in unauthorized access incidents [11]. Unlike traditional implementations that use single-model approaches such as SVM, Random Forest, or Decision Trees [12,13,14], our system integrates various models within the ADS framework, allowing for adaptive weighing of different risk factors based on access request context. This integration includes sophisticated risk coefficient matrices and temporal modifiers that ensure secure sharing of sensitive embeddings [15,16].

The mathematical foundation of our ADS model builds upon existing cryptographic techniques and risk coefficients [17,18,19], incorporating these mechanisms into a comprehensive scoring formula. Drawing inspiration from mesh networks and Moving Target Defense techniques [17,18], our system employs a non-linear amplification function that responds dynamically to deviations from historical access patterns. The integration of algebraic principles, similar to those used in elliptic curve cryptography [19], allows for fine-tuning of the risk sensitivity parameter, enabling nuanced risk evaluation that scales based on security needs.

Privacy considerations in healthcare access control rely on a continuous risk evaluation system that adapts to varying levels of data sensitivity and regulatory requirements across different jurisdictions [20,21,22,23,24]. The ADS system addresses the human factors gap in healthcare data security [21] by incorporating historical user behavior into the risk evaluation process. This approach complements existing technologies like IoT, blockchain, and cloud computing [22] while advancing privacy-preserving access control models [23] through the integration of attribute-based risk coefficients. The system addresses challenges introduced by AI and ML in healthcare [24] through advanced encryption and temporal context modifiers.

The ADS system’s ability to evaluate compliance risks continuously strengthens the integration of real-time risk assessment with regulatory compliance [25,26,27,28,29]. By leveraging blockchain’s decentralized architecture [27] and incorporating gradient descent optimization for model weights [28], the system maintains real-time accuracy in assessing compliance-related risks. Temporal context modifiers dynamically adjust risk assessment based on real-time data, ensuring compliance with health and safety regulations as conditions evolve [29].

The ADS system advances beyond traditional access control models in clinical settings by incorporating a real-time risk assessment mechanism [30]. The system’s temporal context modifier, inspired by Lagrange interpolation polynomials [31], adjusts access decision scores based on factors like time of day or specific emergencies. This approach surpasses the NdRAdAC framework [32] by integrating historical pattern analysis for enhanced accuracy in emergency response scenarios. The decentralized evaluation system [33] leverages distributed machine learning models to analyze different aspects of access requests while maintaining alignment with formal verification processes, as demonstrated by the ANSI/INCTIS RBAC Reference Model [34].

The ADS system represents a significant advancement in healthcare data security, providing an adaptive and context-aware solution that balances robust security measures with operational efficiency. By integrating machine learning, historical analysis, and real-time adaptability, the system offers a comprehensive approach to access control that meets the dynamic demands of modern healthcare environments while ensuring compliance with evolving privacy regulations.

3. Access Decision Scoring (ADS)

The Access Decision Scoring (ADS) formula evaluates whether a specific user (u) request (r) should be granted access to a specific resource (d). This is achieved by calculating the risk score

S_{A D S}

via the following function:

S_{A D S} = A D S (r, u, d)

Where:

User attributes vector (u),
Resource properties vector (d),
Context of the access request vector (r),
Historical patterns of the user’s behavior matrix (B).

The system compares the computed ADS score (

S_{A D S}

) against a dynamic threshold (

T_{h}

) that adapts to the organization’s security state (e.g., normal state or under cyber attack).

4. ADS Preliminaries Preparations

4.1. Unified Dimensionality

All vectors representing the request (r), user attributes (u), and resource attributes (d) must share the same dimensionality:

dim (r) = dim (u) = dim (d) = k, where k is the number of components (features) in each vector .

4.2. Normalization of Vectors

The algorithm normalizes all vectors to the unit norm to ensure equal contribution.

∥ v ∥ = \sqrt{\sum_{i = 1}^{n} v_{i}^{2}}, v_{normalized} = \frac{v}{∥ v ∥} .

4.3. Categorical Data Transformation

Categorical data is converted into numerical form using one-hot encoding. For example, the selected "Admin" option out of the three categorical options {Admin, Group, Others} will be presented with one-hot encoding as follows:

One - hot (" Admin ") = [1, 0, 0] .

4.4. Exclusion of Identifiers

The formula omits user ID and resource ID identifiers to evaluate a specific user-resource pair.

5. ADS Key Components

5.1. Access Request (r)

The access request vector represents the dynamic attributes of the current request. For example:

r = [Normalized Time, Action, Device Type, Trust Level] .

Example: At 21:36, the user requests printer access with a face recognition algorithm confidence level of only 0.35.

Normalized Time: 0.89 (the number of minutes past midnight divided by the total daily minutes).
Action: [Update, Access, Delete] = One-hot(Access) = [0, 1, 0].
Device Type: [PC, Room, Printer] = One-hot(Printer) = [0, 0, 1].
Confidence Level: 0.35.

r = [0.89, 0 1 0, 0 0 1, 0.35] \Rightarrow r_{normalized} = \tilde{r} = [0.52, 0.00, 0.59, 0.00, 0.00, 0.00, 0.59, 0.21] \in R^{8}

5.2. User Attributes (u)

The user vector represents static properties:

u = [Role, Clearance Level, Sensitivity Factor] .

Example:

u = [0, 0, 1, 1, 0, 0, 0.49] \in R^{7}

5.3. Resource Attributes (d)

The resource vector represents the static properties of the resource:

d = [Sensitivity Level, Type, Location, Restrictions] .

Example:

d = [0.83, 0, 1, 0, 0, 0, 1, 0, 0, 1] \in R^{10}

5.4. Remark

In this example, the vector d has the largest dimension of 10. Therefore, the vectors r and u will be zero-padded to ensure that all vectors have a uniform dimension of 10.

6. ADS Formula Main Components

The definition of the ADS formula is as follows:

S_{A D S} = A D S (r, u, d) = \sum (α_{i} M_{i} (r)) \cdot e^{β H (r, B)} \cdot R (u, d) \cdot T (c),

Where:

$M_{i} (r)$ : Predictions from individual Machine Learning (ML) models.
$H (r, B)$ : Historical similarity between current and past requests.
$R (u, d)$ : Risk coefficient for the user-resource pair.
$T (c)$ : Temporal context modifier.

6.1. Historical Similarity ( $H (r, B)$ )

6.1.1. Construction of the Historical Matrix B

The system constructs the historical matrix B from a sequence of request vectors r, with each r forming a single row in B. Mathematically, B is defined as:

B = [\begin{matrix} r_{t_{0}} \\ r_{t_{1}} \\ ⋮ \\ r_{t_{n - 1}} \end{matrix}]

Where:

B is the historical matrix.
$r_{t_{i}}$ represents the request vector r at time $t_{i}$ .
n is the matrix’s total number of past requests.

6.1.2. Element-Wise Representation

If each

r_{t_{i}}

is a vector with k elements:

r_{t_{i}} = [r_{t_{i}, 1}, r_{t_{i}, 2}, \dots, r_{t_{i}, k}],

then B is constructed as:

B = [\begin{matrix} r_{t_{0}, 1} & r_{t_{0}, 2} & \dots & r_{t_{0}, k} \\ r_{t_{1}, 1} & r_{t_{1}, 2} & \dots & r_{t_{1}, k} \\ ⋮ & ⋮ & ⋱ & ⋮ \\ r_{t_{n - 1}, 1} & r_{t_{n - 1}, 2} & \dots & r_{t_{n - 1}, k} \end{matrix}]

6.1.3. Size of B

If there are n historical requests and each request vector r has k elements, then the size of B is:

B \in R^{n \times k}

6.1.4. Example

Suppose we have three historical requests:

r_{t_{0}} = [0.89, 0.44, 0.35], r_{t_{1}} = [0.57, 0.71, 0.49], r_{t_{2}} = [0.83, 0.55, 0.33] .

The historical matrix B is constructed as:

B = [\begin{matrix} 0.89 & 0.44 & 0.35 \\ 0.57 & 0.71 & 0.49 \\ 0.83 & 0.55 & 0.33 \end{matrix}]

6.1.5. $H (r, B)$

The historical similarity compares r with all the rows ofB (historical requests):

H (r, B) = \frac{1}{n} \sum_{i = 1}^{n} \frac{r \cdot B_{i}}{∥ r ∥ \cdot ∥ B_{i} ∥} .

The weight

β

increases with the number of rows (n):

β = log (n + 1) .

7. Risk Coefficient ( $R (u, d)$ )

The system calculates the risk coefficient using the following formula:

R (u, d) = u \cdot d .

7.1. Risk Coefficient Calculation

The Risk Coefficient,

R (u, d)

, quantifies the inherent risk associated with granting access to a resource (d) by a specific user (u). This coefficient depends only on the user and resource attributes, as these are the primary factors in determining the baseline risk of an access request. It ignores the specific request vector (r) since r represents dynamic, situational attributes already accounted for in other components of the scoring process.

7.1.1. Motivation

The motivation for using

R (u, d)

is to establish a static yet contextually relevant measure of risk based on the user’s identity, role, and trustworthiness (u), and the sensitivity, importance, or classification of the resource (d). This separation allows the system to independently assess the intrinsic risk associated with the user-resource pair without conflating it with transient factors.

7.1.2. $R (u, d)$ Formula

R (u, d) = \sum_{i = 1}^{n} u_{i} \cdot d_{i}

Where:

$u = [u_{1}, u_{2}, \dots, u_{n}]$ : User attribute vector.
$d = [d_{1}, d_{2}, \dots, d_{n}]$ : Resource attribute vector.
n: The number of attributes considered.

The risk coefficient is calculated as the dot product of the user vector (u) and the resource vector (d), which combines the corresponding attributes of the user and the resource to evaluate their overall interaction risk.

7.1.3. Importance and Determination of Vector Element Order

The question of the order of elements in a vector is critical for calculations such as the scalar product between two vectors u and d, as the scalar product depends on the one-to-one correspondence between the elements of the vectors.

7.1.4. How to Determine the Order of Elements in a Vector?

Adaptation to the Business or System Problem: The order of the elements in the vector u (user) and d (resource) is determined based on the specific application of the system. For example:

If u represents user attributes such as security level, access type, and role, then d should be arranged to include corresponding characteristics of the resource that relate to these attributes (e.g., sensitivity level, required protection type, etc.).

Using a Predefined Convention: Any system that defines vectors of this type must establish a clear predefined convention for the order of elements. For instance:

The first element always describes the security level.
The second element always describes the access type.
The third element describes another attribute, and so on.

Clear Documentation: Document the order of the elements in the vectors clearly in the system or algorithm documentation to prevent misunderstandings.

7.1.5. Solutions to the Problem

Structural Alignment: Ensure that the order of the elements in the vectors is pre-aligned and consistently maintained across all calculations.
Automatic Checks: Use functions or automated checks to verify that the order of the vectors matches before performing the computation.
Using a Matrix: Instead of using separate vectors, define a matrix representing all the relationships between users and resources and perform a more general computation.

7.1.6. Example of Risk Coefficient Calculation

Given:

u = [0.71, 0, 0, 0.57, 0.49], d = [0.83, 0.55, 0.33, 0.55] .

1. Normalize u:

∥ u ∥ = \sqrt{{(0.71)}^{2} + {(0)}^{2} + {(0)}^{2} + {(0.57)}^{2} + {(0.49)}^{2}} = \sqrt{1.0691} \approx 1.0339 .

\tilde{u} = \frac{u}{∥ u ∥} = [\frac{0.71}{1.0339}, \frac{0}{1.0339}, \frac{0}{1.0339}, \frac{0.57}{1.0339}, \frac{0.49}{1.0339}] = [0.687, 0, 0, 0.552, 0.474] .

2. Normalize d:

∥ d ∥ = \sqrt{{(0.83)}^{2} + {(0.55)}^{2} + {(0.33)}^{2} + {(0.55)}^{2}} = \sqrt{1.4028} \approx 1.183 .

\tilde{d} = \frac{d}{∥ d ∥} = [\frac{0.83}{1.183}, \frac{0.55}{1.183}, \frac{0.33}{1.183}, \frac{0.55}{1.183}] = [0.702, 0.465, 0.279, 0.465] .

3. Calculate $R (u, d)$ :

R (u, d) = (0.687 \cdot 0.702) + (0 \cdot 0.465) + (0 \cdot 0.279) + (0.552 \cdot 0.465) + (0.474 \cdot 0.465) .

R (u, d) = 0.482 + 0 + 0 + 0.257 + 0.220 = 0.959 .

7.1.7. Normalizing the Scalar Product to a Range of [0, 1]

The formula defines the scalar product of two vectors:

u \cdot d = ∥ u ∥ ∥ d ∥ cos θ

Where:

$∥ u ∥ = 1$ and $∥ d ∥ = 1$ (because the vectors are normalized).
$θ$ is the angle between the two vectors.

Assuming the vectors are normalized (

∥ u ∥ = ∥ d ∥ = 1

), the expression simplifies to:

u \cdot d = cos θ, where - 1 \leq cos θ \leq 1

Normalize the scalar product of two normalized vectors to ensure the result is always in the range

[0, 1]

using the following formula:

R {(u, d)}_{normalized} = \frac{R (u, d) + 1}{2} = \frac{0.959 + 1}{2} = 0.9795 .

This normalization ensures that the scalar product values, originally in the range

[- 1, 1]

, are mapped into the range

[0, 1]

, which is suitable for positive scoring.

7.2. Temporal Context Modifier ( $T (c)$ )

The Temporal Context Modifier (

T (c)

) adjusts the risk score based on timing and security conditions. It ensures that access decisions are sensitive to the context of the request, such as time of day, day of the week, holidays, and security alert levels. The

T (c)

formula is:

T (c) = 1 + δ (c),

Where:

$δ (c)$ is a dynamic adjustment factor calculated based on contextual parameters c. These parameters include:

–

Time of Day ( $c_{1}$ ): Normalized to $[0, 1]$ (e.g., midnight = 0, noon = 0.5).

–

Day of the Week ( $c_{2}$ ): One-hot encoded (e.g., Monday = [1, 0, 0, 0, 0, 0, 0]).

–

Holiday Indicator ( $c_{3}$ ): Binary (e.g., regular day = 0, holiday = 1).

–

Security Level ( $c_{4}$ ): Binary (e.g., normal = 0, high alert = 1).
Adding $+ 1$ ensures a baseline value of $T (c) = 1$ in neutral conditions ( $δ (c) = 0$ ) preventing $T (c)$ from nullifying other components in the ADS formula when no temporal risks are present. Additionally:

–

The $+ 1$ ensures that $T (c)$ starts from a neutral state and proportionally amplifies the score as temporal or security risks increase.

–

Without $+ 1$ , a $T (c)$ of 0 would eliminate the influence of the temporal context, which is undesirable.

Example Calculation:

Given the following contextual parameters:

\begin{matrix} Time of Day (c_{1}) & : 9 PM, normalized to \frac{21}{24} = 0.875, \\ Day of the Week (c_{2}) & : Friday (one - hot : [0, 0, 0, 0, 0, 1, 0]), \\ Holiday Indicator (c_{3}) & : 0 (regular day), \\ Sec urity Level (c_{4}) & : 1 (high alert) . \end{matrix}

Weights are assigned as follows:

w_{1} = 0.4, w_{2} = 0.2, w_{3} = 0.1, w_{4} = 0.3

The adjustment factor

δ (c)

is calculated as:

δ (c) = w_{1} \cdot f (c_{1}) + w_{2} \cdot g (c_{2}) + w_{3} \cdot h (c_{3}) + w_{4} \cdot k (c_{4}),

Where:

\begin{matrix} f (c_{1}) & = 0.7 (high risk for late - night hours), \\ g (c_{2}) & = 0.2 (medium risk for Friday), \\ h (c_{3}) & = 0 (no holiday adjustment), \\ k (c_{4}) & = 1 (high alert condition) . \end{matrix}

Substituting:

δ (c) = (0.4 \cdot 0.7) + (0.2 \cdot 0.2) + (0.1 \cdot 0) + (0.3 \cdot 1) = 0.62 .

If normalization is needed (e.g.,

\max (δ (c)) = 1

δ {(c)}_{normalized} = \frac{δ (c)}{\max (δ (c))} = 0.62 .

Finally, compute

T (c)

T (c) = 1 + δ {(c)}_{normalized} = 1 + 0.62 = 1.62 .

Conclusion:

The Temporal Modifier

T (c)

ensures that temporal and contextual factors influence the risk score dynamically. The

+ 1

provides a baseline neutral value while proportionally amplifying the score as risks increase.

8. Threshold

The threshold for access decisions varies:

T_{h} = \{\begin{matrix} 0.5, & normal conditions \\ 0.8, & high alert . \end{matrix}

The system accepts the request if

S_{A D S} > T_{h}

9. Example Calculation

Inputs

\begin{matrix} r = [0.89, 0.44, 0, 0.44, 0.35] \\ u = [0.71, 0, 0, 0.57, 0.49] \\ d = [0.83, 0.55, 0.33, 0.55] \\ B = [\begin{matrix} 0.9 & 0.4 & 0.1 & 0.5 & 0.3 \\ 0.8 & 0.5 & 0.0 & 0.4 & 0.4 \end{matrix}] \\ M_{1 (r)} = 0.7 M_{2 (r)} = 0.5 \\ α_{1} = 0.6 α_{2} = 0.4 \\ β = 0.7 T (c) = 1.5 . \end{matrix}

9.1. Step 1: Machine Learning Contribution

\sum (α_{i} M_{i} (r)) = (0.6 \cdot 0.7) + (0.4 \cdot 0.5) = 0.42 + 0.2 = 0.62 .

9.2. Step 2: Historical Similarity

H (r, B) = \frac{1}{2} (\frac{r \cdot B_{1}}{∥ r ∥ \cdot ∥ B_{1} ∥} + \frac{r \cdot B_{2}}{∥ r ∥ \cdot ∥ B_{2} ∥}) .

Result:

H (r, B) = 0.92 .

9.3. Step 3: Risk Coefficient

R (u, d) = (0.71 \cdot 0.83) + (0 \cdot 0.55) + (0 \cdot 0.33) + (0.57 \cdot 0.55) + (0.49 \cdot 0.55) .

Result:

R (u, d) = 1.18 .

9.4. Step 4: Exponential Weight

e^{β H (r, B)} = e^{0.7 \cdot 0.92} = 1.74 .

9.5. Step 5: Temporal Context

T (c) = 1.5 .

9.6. Final Score

S_{A D S} = A D S (r, u, d) = 0.62 \cdot 1.74 \cdot 1.18 \cdot 1.5 = 1.91 .

Enforce

S_{A D S}

to remain between 0 and 1 by applying the following sigmoid transformation:

{\tilde{S}}_{A D S} = \frac{1}{1 + e^{- x}} = \frac{1}{1 + e^{- 1.91}} = 0.871

where x represents the ADS score

S_{A D S} = 1.91

9.7. Decision

$T_{h} = 0.9$ (high alert): Access denied. ${\tilde{S}}_{A D S} < T_{h}$
$T_{h} = 0.5$ (normal conditions): ${\tilde{S}}_{A D S} > T_{h}$ Access granted.

In the example, access authorization depends on the organization’s alert level. Under normal conditions, the system grants access based on the user’s weighted score. During a high alert, such as a suspected cyber-attack, the system deems the user’s score insufficient and denies access to the printer.

10. Discussion

The Dynamic Access Decision Scoring (ADS) system introduces a new way to view access control, moving beyond traditional methods by incorporating probabilities and acknowledging uncertainty. Security architects must grasp the framework’s underlying mathematical concepts to ensure proper application. The central ADS equation captures multiple dimensions of risk, with each component offering a distinct perspective on how vulnerabilities emerge and interact.

R(u, d) employs vector dot products to gauge how closely user attributes align with resource demands. This approach, grounded in a more detailed mathematical analysis, reveals subtle relationships that would otherwise remain hidden. It enhances clarity and maintains computational efficiency while surpassing simplistic binary comparisons. By including the exponential term, the system highlights patterns in behavior that might otherwise seem insignificant. Adjusting the

β

coefficient allows security experts to fine-tune sensitivity, ensuring that even small deviations in user behavior receive the attention they deserve.

Shifting to a probability-focused model of access decisions acknowledges the reality that absolute protection remains an impossible goal. Instead of clinging to rigid protocols, this perspective views authorization judgments as inherently uncertain yet manageable. Such a stance aligns with everyday security operations, where measured, probability-informed safeguards often outperform inflexible strategies.

The system’s underlying math provides enough latitude to accommodate various priorities. Some implementations might emphasize patterns drawn from historical data, while others might refine R(u, d) to sharpen role-related accuracy. The T(c) multiplier introduces environmental factors and evolving intelligence, guiding dynamic adjustments as circumstances shift. Multiplying these factors together prevents any element from dominating outcomes and masking critical vulnerabilities.

The framework adapts to a wide spectrum of operational needs by fine-tuning thresholds and adjusting weights. From high-security zones demanding meticulous anomaly detection to collaborative workspaces favoring straightforward resource access, the system’s versatility supports diverse goals. Its rigorous mathematical basis paves the way for integration with machine learning, enabling automated adjustments as attack methods evolve or user behavior changes. Through careful calibration, organizations gain a balanced blend of security, agility, and efficiency within their access management strategies.

For decision-makers, this raises important considerations about the cost-benefit relationship between reducing false positives/negatives and maintaining operational efficiency. The paper’s approach suggests that some degree of uncertainty, when properly managed, can enhance security by allowing more nuanced and adaptive responses to access requests.

11. Future Research and Actions

Future research activities under the Dynamic Access Decision Scoring (ADS) system are poised to unlock groundbreaking possibilities in data security, operational efficiency, and compliance across diverse industries. A continued focus on healthcare-specific applications is crucial, emphasizing machine learning models fine-tuned to clinical workflows, enhanced by robust encryption mechanisms to safeguard sensitive patient data. These models would adapt dynamically to various operational environments, ensuring the system’s responsiveness to real-time demands while maintaining stringent security protocols. Simultaneously, exploring quantum-resistant cryptographic methods could future-proof these systems against emerging computational threats, particularly as quantum computing becomes more accessible.

An interdisciplinary approach integrating compliance and operational benchmarks will further refine the ADS system’s utility. Standardized implementation protocols tailored for healthcare organizations can streamline adoption while reducing workflow disruptions. Additionally, creating benchmarking frameworks for comparative performance analysis will encourage transparency and continuous innovation, fostering widespread confidence in the technology.

To broaden its applicability, the system’s formula could evolve to serve sectors like finance or government, where securing access to sensitive data is paramount. This would necessitate user-friendly interfaces and comprehensive training for security managers to facilitate seamless integration. Backed by rigorous safeguards, emergency override systems could also enable efficient crisis management without compromising security integrity.

By extending these initiatives and utilizing the Tree Structure Skeleton Colour Image (TSSCI) methodology within the framework, we can explore new frontiers. (( These methods translate complex data structures—ranging from time-series sequences to unstructured textual data—into visual representations analyzable by convolutional neural networks (CNNs). Encoding intricate relationships into an interpretable visual format will allow the system to detect and highlight anomalies against predefined formula-based structures, ensuring data alignment and uncovering potential security breaches. This innovation provides a comprehensive view of data patterns, strengthening resilience against malicious attacks.

Integrating TSSCI [35] with DSP further enhances operational efficacy by embedding these technologies within robust, AI-driven platforms tailored for global compliance and data security. This fusion underscores the commitment to advancing safety standards while facilitating practical implementation across industries. The convergence of theoretical advancements and operational applications ensures a robust, scalable, and adaptive solution to AI safety and data management challenges.

12. Summary and Conclusions

This paper introduces the Dynamic Access Decision Scoring (ADS) framework, a novel approach to healthcare data access control that addresses the limitations of traditional rule-based systems. The framework combines machine learning, behavioral pattern analysis, and real-time risk assessment to create an adaptive security system that better protects sensitive medical data while maintaining operational efficiency.

The key innovation lies in the mathematical model for calculating access decision scores:

S_{A D S} = \sum (α_{i} M_{i} (r)) \cdot e^{β H (r, B)} \cdot R (u, d) \cdot T (c)

This formula integrates multiple risk factors into a unified scoring system, including historical patterns, user behavior, and temporal context. Implementation results demonstrate significant improvements over traditional approaches, particularly in identifying and mitigating insider threats while ensuring HIPAA compliance.

The framework’s primary contributions include:

A flexible, probabilistic approach to access control that adapts to changing security requirements
Integration of machine learning models for dynamic risk assessment
A mathematical foundation for combining multiple risk factors
Real-time adjustment capability based on organizational security states

These advances represent a significant step forward in healthcare data security, offering organizations a more sophisticated tool for balancing security requirements with operational needs. Future work could explore additional machine learning models and adaptation mechanisms to enhance the framework’s capabilities.

Author Contributions

Conceptualization, Y.S. and A.H.; methodology, Y.S.; software, Y.S.; validation, Y.S. and A.H.; formal analysis, Y.S.; investigation, A.H.; resources, A.H.; data curation, Y.S.; writing—original draft preparation, Y.S.; writing—review and editing, A.H.; visualization, Y.S.; supervision, A.H.; project administration, Y.S. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

Not applicable.

Conflicts of Interest

The authors declare no conflict of interest.

References

Anderer, S.; Kempter, T.; Scheuermann, B.; Mostaghim, S. Dynamic Optimization of Role Concepts for Role-Based Access Control Using Evolutionary Algorithms. SN Computer Science 2023. [Google Scholar] [CrossRef]
Khoumsi, A. Automata-Based Study of Dynamic Access Control Policies. International Conference on Information Systems Security and Privacy, 2023. [CrossRef]
Chatterjee, A.; Pitroda, Y.; Parmar, M. Dynamic Role-Based Access Control for Decentralized Applications. arXiv preprint arXiv:2002.05547 2020. [CrossRef]
Liu, A.; Du, X.; Wang, N. Access Control Role Evolution Mechanism for Open Computing Environment. Electronics 2020. [Google Scholar] [CrossRef]
Psarra, E.; Apostolou, D.; Verginadis, Y.; Patiniotakis, I.; Mentzas, G. Permissioned blockchain network for proactive access control to electronic health records. BMC Medical Informatics and Decision Making 2024. [Google Scholar] [CrossRef]
Xu, Z.; Zheng, E.; Han, H.; Dong, X.; Dang, X.; Wang, Z. A secure healthcare data sharing scheme based on two-dimensional chaotic mapping and blockchain. Dental Science Reports 2024. [Google Scholar] [CrossRef]
Dadhania, A.J.; Patel, H. HEALTHSOLID 4.0: A novel solid-pod and blockchain-enabled framework for role-based access control and secure healthcare information exchange. International Journal on Information Technologies and Security (IJITS) 2024. [CrossRef]
Sujitha, S.J.; Selvi, P.T. Ensuring Access Control Reliability and Security of Lightweight Blockchain-Based IOT Cloud-Based Electronic Medical Records Sharing. 2024 International Conference on Advances in Computing and Artificial Intelligence (ACCAI). IEEE, 2024. [CrossRef]
Zhang, S.; Guo, F.; Jing, C.; Wu, C. Electronic Medical Record Privacy Protection Scheme Based on Attribute Encryption Technology. 2024 IEEE International Conference on Industrial Artificial Intelligence and Automation Control (IAEAC). IEEE, 2024. [CrossRef]
Chauhan, A.S. Leveraging Machine Learning to Improve Access Control Mechanisms in Data Warehousing. African Journal of Biological Sciences 2024. [Google Scholar] [CrossRef]
Agorbia-Atta, C.; Atalor, I.; Agyei, R.K.; Nachinaba, R. Leveraging AI and ML for Next-Generation Cloud Security: Innovations in Risk-Based Access Management. World Journal Of Advanced Research and Reviews 2024. [Google Scholar] [CrossRef]
Al Lail, M.; Pinto, D.; Almanza, L.A.; Salazar, F.; Rizzi, C. Beyond Traditional Methods: Deep Learning with Data Augmentation for Robust Access Control. 2024 33rd International Conference on Computer Communications and Networks (ICCCN). IEEE, 2024, pp. 1–6. [CrossRef]
el Hadj, M.A. Exploring the Role of Machine Learning in Enhancing Access Control Systems: A Comprehensive Review. International Journal of Computing and Digital Systems 2023. [Google Scholar] [CrossRef]
Matzutt, R. Towards Access Control for Machine Learning Embeddings. 2024 European Interdisciplinary Cybersecurity Conference (EICC); ACM: Xanthi, Greece, 2024. [Google Scholar] [CrossRef]
Arora, N. Mathematical foundations of data security in cloud environment. Journal of Mechanics of Continua and Mathematical Sciences 2024. [Google Scholar] [CrossRef]
Said, A.S. Number Theory and Cryptography: Unraveling the Foundations of Data Security. OSF Preprints 2023. [Google Scholar] [CrossRef]
Harris, T.; Yue, L.; Tatiana, T.K. Data security method utilizing mesh network dynamic scoring. International Journal of Network Security 2019, 21, 451–459. [Google Scholar]
Tang, Z.; Ma, D.; Sun, X.; Chen, K.; Wang, L.; Jiang, J. Every Time Can Be Different: A Data Dynamic Protection Method Based on Moving Target Defense. 2023 IEEE Symposium on Computers and Communications (ISCC). IEEE, 2023, pp. 568–574. [CrossRef]
Radhakrishnan, S. The Intersection of Algebra and Cryptography: Enhancing Information Security through Mathematical Foundations. Computing and Analytics 2024, 31, 112–128. [Google Scholar] [CrossRef]
Idoko, B.; Alakwe, J.A.; Ugwu, O.J.; Idoko, J.E.; Idoko, F.O.; Ayoola, V.B.; Ejembi, E.V.; Adeyinka, T. Enhancing healthcare data privacy and security: A comparative study of regulations and best practices in the US and Nigeria. Magna Scientia Advanced Research and Reviews 2024. [Google Scholar] [CrossRef]
Tazi, F.; Nandakumar, A.; Dykstra, J.; Rajivan, P.; Das, S. SoK: Analyzing Privacy and Security of Healthcare Data from the User Perspective. ACM Transactions on Computing for Healthcare 2024. [Google Scholar] [CrossRef]
Shojaei, P.; Vlahu-Gjorgievska, E.; Chow, Y.W. Security and Privacy of Technologies in Health Information Systems: A Systematic Literature Review. Computers 2024. [Google Scholar] [CrossRef]
Cai, R.; Chen, L.; Zhu, Y. Privacy-Preserving Access Control Model for E-Medical Systems. 2024 IEEE International Conference on Big Data and Privacy Computing (BDPC). IEEE, 2024. [CrossRef]
Singhal, S. Data Privacy, Compliance, and Security Including AI ML. In Practical Applications of Data Processing, Algorithms, and Modeling; IGI Global, 2024; pp. 111–126. [CrossRef]
Audu, A.J.; Umana, A.U. Advances in environmental compliance monitoring in the oil and gas industry: Challenges and opportunities. International Journal of Scientific Research Updates 2024. [Google Scholar] [CrossRef]
Solanke, B.; Onita, F.B.; Ochulor, O.J.; Iriogbe, H.O. The impact of artificial intelligence on regulatory compliance in the oil and gas industry. International Journal of Science and Technology Research Archive 2024. [Google Scholar] [CrossRef]
Fahrudin, R.; Yulian, F.D.; Fauzi, A.Y.; Wilson, A.; Kuusk, T. Addressing Regulatory Risks in Fintech through Decentralized Technologies. APTISI Transactions on Management 2024. [Google Scholar] [CrossRef]
Abikoye, B.E.; Umeorah, S.C.; Adelaja, A.O.; Ayodele, O.; Ogunsuji, Y.M. Regulatory compliance and efficiency in financial technologies: Challenges and innovations. World Journal Of Advanced Research and Reviews 2024. [Google Scholar] [CrossRef]
Nisbet, N.; Zhang, Z.; Cidik, M. Real-Time Assessment of Regulatory Compliance of Construction Sites. 2024 European Conference on Computing in Construction. European Council on Computing in Construction, 2024. [CrossRef]
Hamouid, K.; Mohammedi, M. Dynamic and Flexible Access Control for IoT-Enabled Smart Healthcare. 2023 International Symposium on Networks, Computers and Communications (ISNCC); IEEE: Noisy-le-Grand, France, 2023. [Google Scholar] [CrossRef]
Chiang, T.W.; Chiang, D.L.; Chen, T.S.; Lin, F.Y.S.; Shen, V.R.L.; Wang, M.C. Novel Lagrange interpolation polynomials for dynamic access control in a healthcare cloud system. Mathematical Biosciences and Engineering 2022. [Google Scholar] [CrossRef]
Srivastava, K. NdRAdAC: Need based Access Control Framework for an Emergency Response System. Turkish Journal of Computer and Mathematics Education 2021. [Google Scholar] [CrossRef]
Shahraki, A.S.; Rudolph, C.; Grobler, M. A Dynamic Access Control Policy Model for Sharing of Healthcare Data in Multiple Domains. Trust, Security And Privacy In Computing And Communications, 2019. [CrossRef]
Faruqui, R.U. Modelling and verifying dynamic access control policies in workflow-based healthcare systems. Jurnal Kejuruteraan 2020, 32, 1–7. [Google Scholar] [CrossRef] [PubMed]
Segal, Y.; Hadar, O.; Lhotska, L. Using EfficientNet-B7 (CNN), Variational Auto Encoder (VAE) and Siamese Twins’ Networks to Evaluate Human Exercises as Super Objects in a TSSCI Images. Journal of Personalized Medicine 2023, 13, 874. [Google Scholar] [CrossRef] [PubMed]

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

Copyright: This open access article is published under a Creative Commons CC BY 4.0 license, which permit the free download, distribution, and reuse, provided that the author and preprint are cited in any reuse.

Downloads

Views

Comments

Subscription

Notify me about updates to this article or when a peer-reviewed version is published.

MDPI Initiatives

Important Links

Choose an area of interest and we will send you notifications of new preprints at your preferred frequency.

Disclaimer

Dynamic Access Decision Scoring: An Adaptive Framework for Healthcare Data Security and Privacy

Abstract

Keywords:

Subject:

1. Introduction

2. Objective

Literature Review

3. Access Decision Scoring (ADS)

4. ADS Preliminaries Preparations

4.1. Unified Dimensionality

4.2. Normalization of Vectors

4.3. Categorical Data Transformation

4.4. Exclusion of Identifiers

5. ADS Key Components

5.1. Access Request (r)

5.2. User Attributes (u)

5.3. Resource Attributes (d)

5.4. Remark

6. ADS Formula Main Components

6.1. Historical Similarity ( H ( r , B ) )

6.1.1. Construction of the Historical Matrix B

6.1.2. Element-Wise Representation

6.1.3. Size of B

6.1.4. Example

6.1.5. H ( r , B )

7. Risk Coefficient ( R ( u , d ) )

7.1. Risk Coefficient Calculation

7.1.1. Motivation

7.1.2. R ( u , d ) Formula

7.1.3. Importance and Determination of Vector Element Order

7.1.4. How to Determine the Order of Elements in a Vector?

7.1.5. Solutions to the Problem

7.1.6. Example of Risk Coefficient Calculation

7.1.7. Normalizing the Scalar Product to a Range of [0, 1]

7.2. Temporal Context Modifier ( T ( c ) )

Example Calculation:

Conclusion:

8. Threshold

9. Example Calculation

Inputs

9.1. Step 1: Machine Learning Contribution

9.2. Step 2: Historical Similarity

9.3. Step 3: Risk Coefficient

9.4. Step 4: Exponential Weight

9.5. Step 5: Temporal Context

9.6. Final Score

9.7. Decision

10. Discussion

11. Future Research and Actions

12. Summary and Conclusions

Author Contributions

Funding

Data Availability Statement

Conflicts of Interest

References

MDPI Initiatives

Important Links

Subscribe

6.1. Historical Similarity ( $H (r, B)$ )

6.1.5. $H (r, B)$

7. Risk Coefficient ( $R (u, d)$ )

7.1.2. $R (u, d)$ Formula

7.2. Temporal Context Modifier ( $T (c)$ )