{"id":"https://openalex.org/W4417502823","doi":"https://doi.org/10.3390/informatics13010001","title":"SAFE-GUARD: Semantic Access Control Framework Employing Generative User Assessment and Rule Decisions","display_name":"SAFE-GUARD: Semantic Access Control Framework Employing Generative User Assessment and Rule Decisions","publication_year":2025,"publication_date":"2025-12-19","ids":{"openalex":"https://openalex.org/W4417502823","doi":"https://doi.org/10.3390/informatics13010001"},"language":"en","primary_location":{"id":"doi:10.3390/informatics13010001","is_oa":true,"landing_page_url":"https://doi.org/10.3390/informatics13010001","pdf_url":"https://www.mdpi.com/2227-9709/13/1/1/pdf?version=1766153383","source":{"id":"https://openalex.org/S2738238905","display_name":"Informatics","issn_l":"2227-9709","issn":["2227-9709"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Informatics","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2227-9709/13/1/1/pdf?version=1766153383","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5098943901","display_name":"Nastaran Farhadighalati","orcid":"https://orcid.org/0000-0002-1578-0711"},"institutions":[{"id":"https://openalex.org/I83558840","display_name":"Universidade Nova de Lisboa","ror":"https://ror.org/02xankh89","country_code":"PT","type":"education","lineage":["https://openalex.org/I83558840"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Nastaran Farhadighalati","raw_affiliation_strings":["Center of Technology and Systems (UNINOVA-CTS), Associated Lab of Intelligent Systems (LASI), Department of Electrical and Computer Engineering, NOVA School of Science and Technology, NOVA University Lisbon, 2829-516 Lisbon, Portugal"],"affiliations":[{"raw_affiliation_string":"Center of Technology and Systems (UNINOVA-CTS), Associated Lab of Intelligent Systems (LASI), Department of Electrical and Computer Engineering, NOVA School of Science and Technology, NOVA University Lisbon, 2829-516 Lisbon, Portugal","institution_ids":["https://openalex.org/I83558840"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004234180","display_name":"Luis A. Estrada-Jimenez","orcid":"https://orcid.org/0000-0001-8595-3713"},"institutions":[{"id":"https://openalex.org/I83558840","display_name":"Universidade Nova de Lisboa","ror":"https://ror.org/02xankh89","country_code":"PT","type":"education","lineage":["https://openalex.org/I83558840"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Luis A. Estrada-Jimenez","raw_affiliation_strings":["Center of Technology and Systems (UNINOVA-CTS), Associated Lab of Intelligent Systems (LASI), Department of Electrical and Computer Engineering, NOVA School of Science and Technology, NOVA University Lisbon, 2829-516 Lisbon, Portugal"],"affiliations":[{"raw_affiliation_string":"Center of Technology and Systems (UNINOVA-CTS), Associated Lab of Intelligent Systems (LASI), Department of Electrical and Computer Engineering, NOVA School of Science and Technology, NOVA University Lisbon, 2829-516 Lisbon, Portugal","institution_ids":["https://openalex.org/I83558840"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061681341","display_name":"Sepideh Kalateh","orcid":"https://orcid.org/0000-0001-7124-3729"},"institutions":[{"id":"https://openalex.org/I83558840","display_name":"Universidade Nova de Lisboa","ror":"https://ror.org/02xankh89","country_code":"PT","type":"education","lineage":["https://openalex.org/I83558840"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Sepideh Kalateh","raw_affiliation_strings":["Center of Technology and Systems (UNINOVA-CTS), Associated Lab of Intelligent Systems (LASI), Department of Electrical and Computer Engineering, NOVA School of Science and Technology, NOVA University Lisbon, 2829-516 Lisbon, Portugal"],"affiliations":[{"raw_affiliation_string":"Center of Technology and Systems (UNINOVA-CTS), Associated Lab of Intelligent Systems (LASI), Department of Electrical and Computer Engineering, NOVA School of Science and Technology, NOVA University Lisbon, 2829-516 Lisbon, Portugal","institution_ids":["https://openalex.org/I83558840"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048809465","display_name":"Sanaz Nikghadam-Hojjati","orcid":"https://orcid.org/0000-0002-0839-9250"},"institutions":[{"id":"https://openalex.org/I83558840","display_name":"Universidade Nova de Lisboa","ror":"https://ror.org/02xankh89","country_code":"PT","type":"education","lineage":["https://openalex.org/I83558840"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Sanaz Nikghadam-Hojjati","raw_affiliation_strings":["Center of Technology and Systems (UNINOVA-CTS), Associated Lab of Intelligent Systems (LASI), Department of Electrical and Computer Engineering, NOVA School of Science and Technology, NOVA University Lisbon, 2829-516 Lisbon, Portugal"],"affiliations":[{"raw_affiliation_string":"Center of Technology and Systems (UNINOVA-CTS), Associated Lab of Intelligent Systems (LASI), Department of Electrical and Computer Engineering, NOVA School of Science and Technology, NOVA University Lisbon, 2829-516 Lisbon, Portugal","institution_ids":["https://openalex.org/I83558840"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5071443910","display_name":"Jos\u00e9 Barata","orcid":"https://orcid.org/0000-0002-6348-1847"},"institutions":[{"id":"https://openalex.org/I83558840","display_name":"Universidade Nova de Lisboa","ror":"https://ror.org/02xankh89","country_code":"PT","type":"education","lineage":["https://openalex.org/I83558840"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Jose Barata","raw_affiliation_strings":["Center of Technology and Systems (UNINOVA-CTS), Associated Lab of Intelligent Systems (LASI), Department of Electrical and Computer Engineering, NOVA School of Science and Technology, NOVA University Lisbon, 2829-516 Lisbon, Portugal"],"affiliations":[{"raw_affiliation_string":"Center of Technology and Systems (UNINOVA-CTS), Associated Lab of Intelligent Systems (LASI), Department of Electrical and Computer Engineering, NOVA School of Science and Technology, NOVA University Lisbon, 2829-516 Lisbon, Portugal","institution_ids":["https://openalex.org/I83558840"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5098943901"],"corresponding_institution_ids":["https://openalex.org/I83558840"],"apc_list":{"value":1600,"currency":"CHF","value_usd":1732},"apc_paid":{"value":1600,"currency":"CHF","value_usd":1732},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.506819,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":"1","first_page":"1","last_page":"1"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.8443999886512756,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.8443999886512756,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.03590000048279762,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10350","display_name":"Electronic Health Records Systems","score":0.01590000092983246,"subfield":{"id":"https://openalex.org/subfields/3605","display_name":"Health Information Management"},"field":{"id":"https://openalex.org/fields/36","display_name":"Health Professions"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.7817999720573425},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.7422999739646912},{"id":"https://openalex.org/keywords/consistency","display_name":"Consistency (knowledge bases)","score":0.682200014591217},{"id":"https://openalex.org/keywords/role-based-access-control","display_name":"Role-based access control","score":0.6488999724388123},{"id":"https://openalex.org/keywords/credential","display_name":"Credential","score":0.4187000095844269},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.41749998927116394},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.36419999599456787},{"id":"https://openalex.org/keywords/generative-grammar","display_name":"Generative grammar","score":0.3630000054836273},{"id":"https://openalex.org/keywords/semantic-security","display_name":"Semantic security","score":0.3619999885559082}],"concepts":[{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.7817999720573425},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.7422999739646912},{"id":"https://openalex.org/C2776436953","wikidata":"https://www.wikidata.org/wiki/Q5163215","display_name":"Consistency (knowledge bases)","level":2,"score":0.682200014591217},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6657999753952026},{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.6488999724388123},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4659000039100647},{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.4187000095844269},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.41749998927116394},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.36419999599456787},{"id":"https://openalex.org/C39890363","wikidata":"https://www.wikidata.org/wiki/Q36108","display_name":"Generative grammar","level":2,"score":0.3630000054836273},{"id":"https://openalex.org/C204806902","wikidata":"https://www.wikidata.org/wiki/Q2333581","display_name":"Semantic security","level":5,"score":0.3619999885559082},{"id":"https://openalex.org/C1304207","wikidata":"https://www.wikidata.org/wiki/Q7189582","display_name":"Physical access","level":3,"score":0.35420000553131104},{"id":"https://openalex.org/C2779227376","wikidata":"https://www.wikidata.org/wiki/Q6505497","display_name":"Layer (electronics)","level":2,"score":0.3463999927043915},{"id":"https://openalex.org/C160735492","wikidata":"https://www.wikidata.org/wiki/Q31207","display_name":"Health care","level":2,"score":0.31209999322891235},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.3102000057697296},{"id":"https://openalex.org/C109574028","wikidata":"https://www.wikidata.org/wiki/Q647525","display_name":"Behavioral economics","level":2,"score":0.30140000581741333},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.3010999858379364},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.2802000045776367},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.27639999985694885},{"id":"https://openalex.org/C2776384856","wikidata":"https://www.wikidata.org/wiki/Q17145767","display_name":"Trust management (information system)","level":2,"score":0.2752000093460083},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.27000001072883606},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.2635999917984009},{"id":"https://openalex.org/C167966045","wikidata":"https://www.wikidata.org/wiki/Q5532625","display_name":"Generative model","level":3,"score":0.2612999975681305},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.26100000739097595},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.260699987411499},{"id":"https://openalex.org/C47487241","wikidata":"https://www.wikidata.org/wiki/Q5227230","display_name":"Data access","level":2,"score":0.2581000030040741}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/informatics13010001","is_oa":true,"landing_page_url":"https://doi.org/10.3390/informatics13010001","pdf_url":"https://www.mdpi.com/2227-9709/13/1/1/pdf?version=1766153383","source":{"id":"https://openalex.org/S2738238905","display_name":"Informatics","issn_l":"2227-9709","issn":["2227-9709"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Informatics","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:68d258a21dbb4743a5ebbb7c369eee42","is_oa":true,"landing_page_url":"https://doaj.org/article/68d258a21dbb4743a5ebbb7c369eee42","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Informatics, Vol 13, Iss 1, p 1 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/informatics13010001","is_oa":true,"landing_page_url":"https://doi.org/10.3390/informatics13010001","pdf_url":"https://www.mdpi.com/2227-9709/13/1/1/pdf?version=1766153383","source":{"id":"https://openalex.org/S2738238905","display_name":"Informatics","issn_l":"2227-9709","issn":["2227-9709"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Informatics","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G943999617","display_name":null,"funder_award_id":"Technology","funder_id":"https://openalex.org/F4320334779","funder_display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia"}],"funders":[{"id":"https://openalex.org/F4320334779","display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","ror":"https://ror.org/00snfqn58"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4417502823.pdf","grobid_xml":"https://content.openalex.org/works/W4417502823.grobid-xml"},"referenced_works_count":41,"referenced_works":["https://openalex.org/W2053154970","https://openalex.org/W2056101986","https://openalex.org/W2119852447","https://openalex.org/W2127979711","https://openalex.org/W2258901462","https://openalex.org/W2302501749","https://openalex.org/W2340896621","https://openalex.org/W2396881363","https://openalex.org/W2521362385","https://openalex.org/W2808762748","https://openalex.org/W2891400669","https://openalex.org/W2902976548","https://openalex.org/W2903579412","https://openalex.org/W2936201262","https://openalex.org/W2936547164","https://openalex.org/W2945463056","https://openalex.org/W2967674866","https://openalex.org/W2999850375","https://openalex.org/W3025187023","https://openalex.org/W3155807546","https://openalex.org/W3168763570","https://openalex.org/W3202733154","https://openalex.org/W4285156319","https://openalex.org/W4290716628","https://openalex.org/W4309852437","https://openalex.org/W4315629915","https://openalex.org/W4381094430","https://openalex.org/W4387397194","https://openalex.org/W4392242848","https://openalex.org/W4399254121","https://openalex.org/W4399477749","https://openalex.org/W4399513333","https://openalex.org/W4401415327","https://openalex.org/W4402451935","https://openalex.org/W4405464527","https://openalex.org/W4406754095","https://openalex.org/W4406803925","https://openalex.org/W4407163436","https://openalex.org/W4411144271","https://openalex.org/W4411271040","https://openalex.org/W4411600920"],"related_works":[],"abstract_inverted_index":{"Healthcare":[0],"faces":[1],"a":[2,81],"critical":[3],"challenge:":[4],"protecting":[5],"sensitive":[6],"medical":[7],"data":[8],"while":[9],"enabling":[10],"necessary":[11],"clinical":[12,18],"access.":[13,46],"Evolving":[14],"user":[15],"behaviors,":[16],"dynamic":[17],"contexts,":[19],"and":[20,75,119,129,132,151,163,173,187],"strict":[21,30],"regulatory":[22,120,133],"requirements":[23],"demand":[24],"adaptive":[25],"access":[26,48],"control":[27,49],"mechanisms.":[28],"Despite":[29],"regulations,":[31],"healthcare":[32,142],"remains":[33],"the":[34],"most":[35],"breached":[36],"industry,":[37],"consistently":[38],"facing":[39],"severe":[40],"security":[41],"risks":[42],"related":[43],"to":[44,99],"unauthorized":[45],"Traditional":[47],"models":[50],"cannot":[51],"handle":[52],"contextual":[53,101],"variations,":[54],"detect":[55,100],"credential":[56],"compromise,":[57],"or":[58],"provide":[59],"transparent":[60],"decision":[61],"rationales.":[62],"To":[63],"address":[64],"this,":[65],"SAFE-GUARD":[66,139],"(Semantic":[67],"Access":[68,122],"Control":[69],"Framework":[70],"Employing":[71],"Generative":[72],"User":[73],"Assessment":[74],"Rule":[76],"Decisions)":[77],"is":[78,123],"proposed":[79],"as":[80],"two-layer":[82],"framework":[83,167],"that":[84,190],"combines":[85],"behavioral":[86,127,181],"analysis":[87],"with":[88,144],"policy":[89],"enforcement.":[90],"The":[91,110,166],"Behavioral":[92],"Analysis":[93],"Layer":[94,114],"uses":[95],"Retrieval-Augmented":[96],"Generation":[97],"(RAG)":[98],"anomalies":[102],"by":[103,176],"comparing":[104],"current":[105],"requests":[106],"against":[107],"historical":[108],"patterns.":[109],"Rule-Based":[111],"Policy":[112],"Evaluation":[113],"independently":[115],"validates":[116],"organizational":[117,131],"procedures":[118],"requirements.":[121],"granted":[124],"only":[125],"when":[126],"consistency":[128],"both":[130,170],"policies":[134],"are":[135],"satisfied.":[136],"We":[137],"evaluate":[138],"using":[140],"simulated":[141],"scenarios":[143],"three":[145],"LLMs":[146],"(GPT-4o,":[147],"Claude":[148],"3.5":[149],"Sonnet,":[150],"Gemini":[152],"2.5":[153],"Flash)":[154],"achieving":[155],"an":[156],"anomaly":[157],"detection":[158],"accuracy":[159],"of":[160],"95.2%,":[161],"94.1%,":[162],"91.3%,":[164],"respectively.":[165],"effectively":[168],"identifies":[169],"compromised":[171],"credentials":[172],"insider":[174],"misuse":[175],"detecting":[177],"deviations":[178],"from":[179],"established":[180],"patterns,":[182],"significantly":[183],"outperforming":[184],"conventional":[185],"RBAC":[186],"ABAC":[188],"approaches":[189],"rely":[191],"solely":[192],"on":[193],"static":[194],"rules.":[195]},"counts_by_year":[],"updated_date":"2026-03-25T14:56:36.534964","created_date":"2025-12-19T00:00:00"}