This Article 
 Bibliographic References 
 Add to: 
The Context and the SitBAC Models for Privacy Preservation—An Experimental Comparison of Model Comprehension and Synthesis
October 2010 (vol. 22 no. 10)
pp. 1475-1488
Dizza Beimel, Ruppin Academic Center, Emek Hefer
Mor Peleg, University of Haifa, Haifa
Situation-Based Access Control (SitBAC) is a conceptual model for representing access control policies of healthcare organizations by characterizing situations of access to patient data. The SitBAC model enables formal representation of access situations as an ontology of concepts (Patient, Data Requestor, EHR, Task, and Response) along with their attributes and relationships. A competing access control model is the Contextual Role-Based Access Control (Context) model. The Context model uses logical expressions (rules) that specify contextual authorizations (i.e., characteristics of access requests that are available at access time). Open questions that relate to formal representation of scenarios involving access to patient data are: 1) which of the two models yields a formal representation that is easier to comprehend; 2) which of the two models facilitates the synthesis of correct models, and how does the task complexity affect the performance of comprehension and synthesis. In this study, we address these questions through a controlled experiment. The results of the experiment suggest that while there are no differences between the two models when it comes to comprehending or synthesizing simple scenarios of data access, for complex scenarios, there is a significant advantage to the SitBAC model in terms of both comprehension and synthesis.

[1] R. Morgan, "Community Attitudes to Privacy," Office of the Australian Federal Privacy Commissioner, 2001.
[2] R.S. Sandhu, E.J. Coyne, and C.E. Youman, "Role-Based Access Control Models," Computer, vol. 29, no. 2, pp. 38-47, Feb. 1996.
[3] R. Sandhu, "The NIST Model for Role-Based Access Control: Toward a Unified Standard," Proc. Fifth ACM Workshop Role-Based Access Control, 2000.
[4] J.B.D. Joshi, W.G. Aref, A. Ghafoor, and E.H. Spafford, "Security Models for Web-Based Applications," Comm. ACM, vol. 44, no. 2, pp. 38-44, 2001.
[5] G. Motta and S. Furuie, "A Contextual Role-Based Access Control Authorization Model for Electronic Patient Record," IEEE Trans. Information Technology in Biomedicine, vol. 7, no. 3, pp. 202-207, Sept. 2003.
[6] M. Peleg, D. Beimel, D. Dori, and Y. Denekamp, "Situation-Based Access Control: Privacy Management via Modeling of Patient Data Access Scenarios," J. Biomedical Informatics, vol. 41, no. 6, pp. 1028-1040, 2008.
[7] R. Davis, H. Shrobe, and P. Szolovits, "What Is a Knowledge Representation?" AI Magazine, vol. 14, no. 1, pp. 17-33, 1993.
[8] J.H. van Bemmel and M.A. Musen, Handbook of Medical Informatics. Springer, 1997.
[9] T.R. Gruber, "Toward Principles for the Design of Ontologies Used for Knowledge Sharing," Int'l J. Human-Computer Studies, vol. 43, nos. 5/6, pp. 907-928, 1995.
[10] N.F. Noy and D.L. McGuinness, "Ontology Development 101: A Guide to Creating Your First Ontology," Technical Report SMI-2001-0880, Stanford Medical Informatics, 2001.
[11] T.R.G. Green and M. Petre, "Usability Analysis of Visual Programming Environments: A 'Cognitive Dimensions' Framework," J. Visual Languages and Computing, vol. 7, no. 2, pp. 131-174, 1996.
[12] J.C. Spohrer and E. Soloway, "Novice Mistakes: Are the Folk Wisdoms Correct? Studying the Novice Programmer," Comm. ACM, vol. 29, no. 7, pp. 624-632, 1986.
[13] V.L. Patel, J.F. Arocha, M. Diermeier, E.H. Shortliffe, and R.A. Greenes, "Methods of Cognitive Analysis to Support the Design and Evaluation of Biomedical Systems: The Case of Clinical Practice Guidelines," J. Biomedical Informatics, vol. 34, no. 1, pp. 52-66, 2000.
[14] V.L. Patel, J.F. Arocha, and D.R. Kaufman, "A Primer on Aspects of Cognition for Medical Informatics," J. Am. Medical Informatics Assoc., vol. 8, no. 4, pp. 324-343, 2001.
[15] A.L. Rector, N. Drummond, M. Horridge, J. Rogers, H. Knublauch, R. Stevens, H. Wang, and C. Wroe, "Designing User interfaces to Minimise Common Errors in Ontology Development: The CO-ODE and HyOntUse Projects," Proc. UK E-Science All Hands Meeting, 2004.
[16] B.S. Bloom, Taxonomy of Educational Objectives, Handbook 1: Cognitive Domain. Addison Wesley, 1956.
[17] A. Gómez-Pérez and O. Corcho, "Ontology Languages for the Semantic Web," IEEE Intelligent Systems, vol. 17, no. 1, pp. 54-60, Jan./Feb. 2002.
[18] M. Peleg and D. Dori, "The Model Multiplicity Problem: Experimenting with Real-Time Specification Methods," IEEE Trans. Software Eng., vol. 26, no. 8, pp. 742-759, Aug. 2000.
[19] P. Shoval and I. Frumermann, "OO and EER Conceptual Schemas: A Comparison of User Comprehension," Database Management, vol. 5, no. 4, pp. 28-38, 1994.
[20] D. Batra, J.A. Hoffer, and R.P. Bostrom, "Comparing Representations with Relational and EER Models," Comm. ACM, vol. 33, no. 2, pp. 126-139, 1990.
[21] P. Palvia, C. Liao, and P.L. To, "The Impact of Conceptual Models on End-User Performance," J. Database Management, vol. 3, no. 4, pp. 4-15, 1992.
[22] P. Shoval and S. Shiran, "Entity-Relationship and Object-Oriented Data Modeling—An Experimental Comparison of Design Quality," Data and Knowledge Eng., vol. 21, no. 3, pp. 297-315, 1997.
[23] P. Shoval, R. Danoch, and M. Balaban, "Hierarchical Entity Relationship Diagrams—The Model, Method of Creation and Experimental Evaluation," Requirements Eng. J., vol. 9, no. 4, pp. 217-228, 2004.
[24] M.C. Otero and J.J. Dolado, "An Initial Experimental Assessment of the Dynamic Modelling in UML," Empirical Software Eng. J., vol. 7, no. 1, pp. 27-47, 2002.
[25] F.H. Lochovsky and D.C. Tsichritzis, "User Performance Considerations in DBMS Selection," Proc. ACM SIGMOD, pp. 128-134, 1977.
[26] I.K. Sjøberg et al., "A Survey of Controlled Experiments in Software Engineering," IEEE Trans. Software Eng., vol. 31, no. 9, pp. 733-753, Sept. 2005.
[27] M. Peleg, D. Wang, A. Fodor, S. Keren, and E. Karnieli, "Lessons Learned from Adapting a Generic Narrative Diabetic-Foot Guideline to an Institutional Decision-Support System," Studies in Health Technology and Informatics, vol. 139, pp. 243-252, 2008.
[28] E. Shalom, Y. Shahar, E. Lunenfeld, M. Taieb-Maimon, O. Young, D. Goren-Bar, S. Martins, L. Vaszar, Y. Liel, A. Yarkoni, M.K. Goldstein, A. Leibowitz, and T. Marom, "The Importance of Creating an Ontology-Specific Consensus before a Markup-Based Specification of Clinical Guidelines," Proc. Biennial European Conf. Artificial Intelligence, 2006.
[29] Ruby Community, "Ruby Language Home Page," http://www.ruby-lang.orgen/, 2010.
[30] W.E. Grosso, H. Eriksson, R. Fergerson, J.H. Gennari, S.W. Tu, and M.A. Musen, "Knowledge Modeling at the Millennium (The Design and Evolution of Protege-2000)," Proc. 12th Banff Knowledge Acquisition for Knowledge-Based Systems Workshop, 1999.
[31] S. Siegel, Non-Parametric Statistics for the Behavioral Sciences. McGraw-Hill, 1956.
[32] L.C. Briand, Y. Labiche, M. DiPenta, and H.D. Yan-Bondoc, "An Experimental Investigation of Formality in UML-Based Development," IEEE Trans. Software Eng., vol. 31, no. 10, pp. 833-849, Oct. 2005.
[33] C.J. Hou, M.A. Musen, and N.F. Noy, "EZPAL: Environment for Composing Constraint Axioms by Instantiating Templates," Int'l J. Human-Computer Studies, vol. 62, no. 5, pp. 578-596, 2005.

Index Terms:
Knowledge representation, access control, RBAC, SitBAC, authorization, conceptual model, ontology.
Dizza Beimel, Mor Peleg, "The Context and the SitBAC Models for Privacy Preservation—An Experimental Comparison of Model Comprehension and Synthesis," IEEE Transactions on Knowledge and Data Engineering, vol. 22, no. 10, pp. 1475-1488, Oct. 2010, doi:10.1109/TKDE.2009.161
Usage of this product signifies your acceptance of the Terms of Use.