Behavioral and human-centric access control model in XACML reference architecture: design and implementation of EHR case study

Privacy and security are crucial for using Electronic Patient Records (EHRs) within healthcare systems, as clinical data is sensitive. In response to this, several access control approaches have been recently developed to limit access to sensitive information. This paper presents a novel human-centric access control model, Behavioral-Based Access Control (BBAC), inspired by the Internet of Behavior paradigm. The proposed model implements behavioral modeling, allowing privacy-preserving data sharing based on user behaviors in complex healthcare environments. The model enhances security and privacy in distributed healthcare systems by adjusting access permissions according to user behavior, location, and time, as evaluated in a simulated scenario. The proposed model uses the XACML policy language to implement BBAC, which determines whether to allow or deny user access requests. This approach enables personalized and secure access control by analyzing user behavioral patterns and adjusting permissions accordingly. The ability to regulate access based on individual user behavior represents a shift towards more adaptive and tailored security mechanisms and discusses its dynamic potential for future research.